How to Match with MPA Cyber Security Guidelines

January 30, 2023

min read

Does it feel like working with major entertainment and media companies means major investments into your IT infrastructure? While matching with MPA cyber security guidelines can be a beast, we have solutions to help you match the guidelines with ease. Plus, the product features offered by Flaneer for animation studios are the difference-makers to help you outpace the competition.

‍

TPN and MPA 101: Understanding the Basics

First, it’s important to get to know the agencies enforcing the MPA cyber security guidelines. TPN is the Trusted Partner Network. TPN is owned and managed by the Motion Picture Association (MPA).

MPA is made up of member companies, including Paramount Pictures Corporation, Sony Pictures Entertainment Inc, Universal Studios LLC, Netflix, Walt Disney Studios Motion, and Warner Bros. Because these members are the content creators, they have a vested interest in protecting their content during production, post-production, marketing, and distribution.

In 2018 the MPA members and major industry leaders came together to create TPN, which exists to protect entertainment industry content. During the middle of 2018, MPA began working through TPN to complete security assessments of studios and third-party vendors. Because third-party vendors collaborate with varying degrees of security, the coordination of the TPN mitigates the risk of content security threats.

According to the TPN website, “The TPN program helps companies prevent leaks, breaches, and hacks of their customers’ movies and television shows prior to their intended release and seeks to raise security awareness, preparedness, and capabilities within our industry.”

TPN/MPA Security Guidelines

So, we know TPN was created to protect content. But what exactly are the guidelines you must follow to match the TPN/MPA security guidelines?

The MPA best practices guide was originally released in 2009. Sometimes these guidelines are referred to as MPAA security guidelines, giving a nod to MPA’s former moniker, Motion Picture Association of America (MPAA).

Since the 2009 release, the guidelines have been updated a dozen times, including the additions made to recognize TPN/MPA best practices as a joint governing force in 2018. Here are some of the most recognized TPN/MPA best practices:

Assess risk regularly
Assign a dedicated security team
Establish comprehensive content protection policies and procedures
Define workflow checkpoints
Keep hardware and software updated
Restrict access to content to just the employees assigned to the project
Use NDAs with staff collaborating on content
Maintain physical security by locking facility access points and restricting access in areas
Validate user identity on the content-handling network
Restrict internet use on production computers
Allow only whitelisted IPs
Enforce password policies and use two-factor authentication
Use VPNs to access the network remotely
Secure endpoint devices
Implement end-to-end data protection
Encrypt data transitions
Store physical assets securely
Practice an appropriate chain of custody

MPA released an updated “Content Security Best Practices” guide on February 8, 2022. (This is the most recent version since this article was written). This version was released to include updates that were widely a result of the COVID-19 global pandemic. The new common TPN/MPA best practices include 38 additions specifically addressing security and remote work.

Ultimately, all of the best practice guidelines reinforce TPN’s intent to have studios plan for and address every possible vulnerability that may exist. Choosing a partner like Flaneer can help you assess your risks and implement solutions. Flaneer’s platform is built on being a solution-oriented tool to help studios seamlessly collaborate with content creators and major Hollywood companies like Disney and Netflix. The first step to partnering with one of these major MPA members is joining the TPN.

The Benefits of Joining TPN

It’s not a requirement to join TPN, but given TPN’s status as a single benchmark of minimum-security preparedness, studios that participate are readily recognized by the MPA members. Being a member of TPN demonstrates that you have a core commitment to security. Here are some of the major benefits of being a TPN vendor, as listed on the TPN website:

Reduce the number of assessments conducted at each facility annually.
Reduce the number of different controls used by various content owners.
Create competitive, market-driven assessment pricing.
Accelerate assessment report turn-around.
Offer controls that are specific to the needs and workflows of specific vendor types.
Assist in identifying vulnerabilities and communicate remediation through the TPN Platform.
Allow vendors to promote their security preparedness.

‍

How to get TPN Certification and join Netflix NPFP?

Actually, there is no formal “certification” from TPN. To have content creators recognize your association with TPN, you want to be granted permission to display the TPN logo. It all begins with taking the TPN assessment.

Annually, studios that choose to participate will take the TPN assessment. Upon passing the assessment, you can display the TPN logo and the assessment certificate indicating a Qualified Assessor has reviewed your studio.

While a TPN assessment is not required, getting an annual assessment can give content creators a sense of confidence when working with you. Passing the TPN assessment each year indicates a level of conformance to the MPA security guidelines.

Keep in mind, if your studio has more than one facility, each facility must get an assessment.

How to Get a TPN Assessment

Visit the TPN website and complete the vendor assessment request form. Then, through the TPN platform, you will get all the necessary notifications and further details to complete the assessment. You can prepare for the assessment by downloading a copy of the Content Security Best Practices. (The version linked here is from the February 2022 release. Depending on when you are accessing this article, you may want to check if a more recent version is available.) Working with a partner, like Flaneer, for your IT services can also help you in your preparation efforts. Flaneer is well-versed in the TPN/MPA guidelines, so you can trust that the services they provide will already help you achieve a level of compliance.

Following the TPN Assessment

If any areas of concern arise with the assessment, TPN can help you with a remediation plan. Once your Qualified Assessor has awarded your assessment certificate, you’ll be given access to the TPN logo to display. The information you entered in the TPN platform to sign up for the assessment will also be published in the TPN directory for content creators to review easily.

Your assessment is good for one year. You must complete an assessment annually. TPN will work with you to keep your status current through annual assessments and help keep you abreast of possible technology vulnerabilities.

Considering Additional Preferred Partnerships

After you pass the TPN, you will likely benefit from forging additional partnerships that may help you succeed in working with MPA members. Are you ready to work with a giant like Netflix? Then it’s time to learn more about Netflix Preferred Fulfillment Partners (NPFP). Studios that belong to NPFP are expertly prepared to meet the demands of delivering licensed content to Netflix.

According to Netflix, “The Netflix Preferred Fulfillment Partner (NPFP) program represents a worldwide network of elite media fulfillment companies. After meeting strict standards ranging from technical abilities to project management, top partners earn the Preferred badge.”

NPFP has a very specific list of conditions for partners. Read the full list of NPFP conditions as you prepare to earn recognition as a partner. Some of the most important elements of the Service Level Agreement are as follows:

Adopt the usage of the Netflix partner portal, Source Management (Backlot)
Maintain key performance metrics as described below
Adhere to the Rate Card (all rates are USD and will be re-evaluated on an annual basis)

Becoming a Netflix Preferred Fulfillment Partner is a challenging undertaking. You do not simply fill out an application to be selected. Selection for NPFP is a reward bestowed upon vendors following consistent adherence to the NPFP conditions. Partners that earn the NPFP badge have proven to adhere to the strict standards on an ongoing basis. So, your task is to be well-versed in the conditions as you prepare to work with Netflix.

What are the last TPN/MPA security updates?

Security threats have become increasingly more prominent as the digital landscape, and cloud-based services have become the norm. In the February guidelines released this year, the focus was largely on making updates to accommodate remote work. Most recently, in April, the MPA released an announcement stating, “Over the next 12 months, TPN will roll out its enhanced program including updated security best practice guidelines for cloud workflows; a simplified qualification onboarding process for all TPN assessors; an enhanced “Gold Assessment Program” for application, site and cloud workflows; and a new “Blue Self-Attestation Program” to provide vendors with the ability to report alternate security certifications to support the urgent need for a centralized, confidential and flexible content security solution.”

Updated TPN/MPA best practice guidelines are expected again this fall. Here’s what you should know now:

“TPN’s Gold Assessment Program, to launch in Q1 2023, will enable vendors to measure and report conformity to the industry’s most recognized standards.” (MPA April Release)
To increase cloud security audit expertise, a new assessor qualification program will be launched in June.
The Blue Self-Attestation Program is slated to launch in Q1 of 2023, and as a result of the program, there should be a reduced need for multiple vendor audits.

How can Flaneer help you match MPA security criteria?

Now you know that TPN and MPA are preparing for security updates to support the cloud computing infrastructure, how does that impact your current practices? Have you switched to the cloud? Are you using the right cloud computing infrastructure? If these questions cause you to pause, it’s time to look at Flaneer to help you get on the right path.

Flaneer’s cloud computing infrastructure is your answer to matching MPA security criteria. TPN’s new security guidelines for cloud workflows are on the horizon. Flaneer is a step ahead in providing this cloud-based service. So, avoid worrying about whether you’ll match with the TPN/MPA guidelines and choose a trusted partner.

Partnering with Flaneer can level up your current IT infrastructure without the massive investment. Flaneer’s all IT infrastructure plug-and-play access will give you all the benefits of a cloud computing infrastructure while also giving you features for a competitive edge in your industry.

Benefits of a VDI solution like Flaneer

Flaneer's solution matches numerous implementation guidance items, like:

Remote and WFH workers that access production networks should do so via a VDI (virtual desktop infrastructure)
The use of a studio approved pixel streaming remote access: with Flaneer, you can choose Parsec or Nice DCV to stream your session.
The connection must be encrypted with a minimum of AES256
The use of encrypted connections for remote access to company networks including the production network
MFA authentication must be used to initiate the connection. Access should never be granted directly to the production network or machine and should be via an intermediary access broker
Ability to copy content locally, and mount drives must be locked down.
Ability to revoke access rights when the remote-working activities are terminated or when third-party workers finished their job
All third-party access sessions are monitored by an employee and logged
Implement firewall rules to deny all outbound traffic by default and explicitly allow specific systems and ports that require outbound transmission to designated internal networks, such as anti-virus definition servers, patching servers, licensing servers, etc
Disaster Recovery Plan: Get a backup to ensure business continuity in case of disaster
many more

Flaneer Feature Benefits

Beyond offering a cloud computing infrastructure, Flaneer has feature benefits that will help your studio thrive creatively and securely. Remember that remote work practice that has become so popular? If WFH is key to attract new talents and retain your employees, it generates complexity in terms of IT support. Flaneer is poised to help your studio’s employees thrive in a work-from-home format. With Flaneer, stop worrying about IT support and IT infrastructure!

Flaneer has been designed for creative studios. For instance, you can connect your Wacom tablet to a Flaneer's virtual machine, and our technology supports up to 4 monitors for one session. Get the power you need (up to 4 GPUs and up to 256 cores – that’s some muscle) and the storage you require (up to 16TB) to keep projects moving forward.

The plug-and-play access we mentioned earlier comes to life in a 15-minute implementation (with admin settings you can customize), a one-click virtual desktop environment to seamlessly onboard employees, and incredibly fast state-of-the-art hardware built for 3D design, video editing, and game development.

With all of these features, you’re sure to be the studio that content creators seek.

Make the Match with Flaneer

Flaneer is your solution for matching with TPN/MPA security guidelines. Plus, you’ll benefit from continuous technology advancements, a support team to solve your technical difficulties, and a predictable price that’s far less than an in-house data center.

Ready to get started on your virtual desktop? Contact Flaneer today.

‍