Whitepaper

MediaBeacon Security
! ! Among the five types of content management imaging, document management, web content management, email management and digital asset management DAM content has the greatest likelihood of traveling. Leaving the repository. Leaving the organization. Being made available outside of the firewall to outside vendors or customers. Because of this inherent fact, security of the system, the data and the digital files themselves is very important. This document outlines the levels and types of security MediaBeacon implements to minimize the concern of unauthorized access, unauthorized use and a full audit capability to reconcile when something does happen. !

MediaBeacon Security White Paper

!"#$%&'(#)%"*
Security of a system in the modern internet environment is a top concern and priority for any organization. The term Web 2.0 needs to also consider this harsh reality of the need for security for all application in an organizations infrastructure. This document outlines the levels of security that MediaBeacon brings to an organizations rich media management needs.

+,&)-.,-(%"*/,('$)#0*
MediaBeacon R3volution DAM is tightly coupled with the security of the operating environment it is installed. The areas of security that MediaBeacon layers on top of the operating environment are outlined below. It allows an organization to control WHO gains access, WHICH assets they are able to search, WHAT functions they are able to execute against the assets and WHERE the assets can go in leaving the system.

/)1"2%"*($,&,"#)-34*
MediaBeacon allows systems to manage their own logins and also can integrate with an organizations LDAP server. Otherwise if a central security protocol is not used, sign-on security is manageable through MediaBeacons administration tool. User accounts can be given global administrative rights, rights to administer just a group of users or be a general user with no administrative rights. It is also possible to invite users by creating an account and having them a login in to complete the information for their profile.

"!

MediaBeacon Security White Paper

54,$*1$%'6*-44)1"7,"#*
All users are placed into one to many groups. Each group allows someone over certain media assets to ! ! ! ! Only see certain media files Have permission to only run certain functions against an asset Be allowed to view certain metadata Control what level of transcoding and conversion they can create.

The diagram to the right represents the level of detail a member of a group is allowed (or not allowed) to execute, search up, download, view and configure. Group permissions also apply to ! Metadata: what metadata terms someone will see in the user interface as they do a search or use MediaBeacon R3Search to do faceted searches. Folders: Group permissions control a users access in how they can traverse in a directory or taxonomy tree. !

+,#-&-#-*6,$7)44)%"4*

Based on a users group permissions, they are only allowed into certain groups of metadata. For instance, you may want to have metadata specific to the accounting information about an asset and not have that be viewable by the client who had access to the system. The client should only care about some subset of the metadata.

+,#-&-#-*,"($06#)%"*
MediaBeacon adheres to the XMP standard; meaning the metadata about a file is inside of the file itself. To keep this information safe, an organization can encrypt the metadata so when an asset leaves the MediaBeacon system, the metadata is both still with the asset and is encrypted.

#!

MediaBeacon Security White Paper

User organizations can setup an encryption that varies in strength from 128 bit to 256 bit key size. The passphrase for the key can be selfgenerated or auto-generates by MediaBeacon as outlines in the diagram to the right. It is also possible to create multiple keys to apply against metadata fields if that level of security is needed. This encryption can also be managed down to the individual metadata field across all assets. It is possible for an organization to also have a different type of encryption down to the specific metadata field. The simplicity in implementing and managing this are outlined in the diagram to the right. The metadata and applicable encryption also transfers between asset types when a transcode or conversion takes place. For instance, if an EPS file is converted to a JPG, the metadata and the applicable encryption are maintained in the resulting output file. The encryption is implemented at an instance level, so all assets will utilize the encryption across the entire instance of MediaBeacon.

$!

Along with operating system and Amazon logging of activities around the use of the cloud and server, MediaBeacon has a logging system that, in real time, keeps track of: ! User level activity Who did what against which asset. From a pick list, choose the user you want to learn what they have done in the system. Asset level activity Which asset had what function ran against it by who. From the moment of import through work done against it and how and who downloaded it. Note that any change to metadata is tracked down to the field that was changed and the before and after values for the field value. Timeframe of the activity In what timeframe did some combination of user, work and asset have actions taken. Functional level activity Which function or action was ran against which asset and why who. Find all assets that have had a certain action taken against them. The list of actions that are captured are highlighted in the diagram to the right.

MediaBeacon Security White Paper

8(#)9)#0*:%11)"1*

! !

All the activity is recorded in MediaBeacon DAM database and can be exported to Excel for further processing, formatting or reporting. It can also be connected to by any reporting tool like Crystal Reports is more elaborate output requirements exist.

/'77-$0*
MediaBeacon R3volution is built on a proven platform that 100s of clients use every day that controls in some of the most secure environments in the world a security model that has been tested and proven. The ability to know: ! ! ! ! Who has access To what assets they have access to To what functions they are able to execute against those assets Have a full audit trail of these actions

Means an organization will not have to worry about their media files being hacked or inadvertently showing where they do not belong.

%!

MediaBeacon Security White Paper

+,&)-.,-(%"*;*#<,*(%76-"0*
MediaBeacon enables organizations with leading DAM technology that is powered by a widget-based user experience bringing desktop capabilities to the browser, allowing users to have an environment that applies to their needs and abilities. MediaBeacon is used by organizations all over the world to manage their ever-growing library of rich media. It integrates with the other technologies needed to create a seamless and easy to use authoring, management and distribution environment. You will find MediaBeacon in departments and complete enterprises in such industries as: ! ! ! ! ! ! ! ! Publishing/Printing Advertising Retail Media and Entertainment Education Museums Manufacturers and Distributors Government

The MediaBeacon DAM solution is part of an organizations content, process and distribution platform designed to empower the media and help lower total cost of ownership along the way. It activates critical business content to deliver the right information when it matters the most.!

To Contact MediaBeacon: Address: 123 North Third Street th 8 Floor Minneapolis, MN 55401 Phone: 612-317-0737 Email: info@mediabeacon.com !

&!