Yvan Cohen
Thu Dec 07 2023
Security: The Ever-Evolving Challenge for Digital Asset Management
Security, it's the thing you don't really want to think about right now. It's the thing that isn't a problem…until it is. And it's the thing that none of our clients see but which all of them need.
At LightRocket, we understand that security isn't something we only think of when we find somebody trying to break into one of our servers. Security is for the here and now, never to be postponed, always to be seen as an ever-changing, ever-evolving, permanent challenge.
Security is embedded in our daily operations. It requires commitment, skill, and an understanding that while there may be no such thing as total security, we can configure our systems so the metaphorical doors are always locked. And that the keys to these doors are handed only to a select few, with us always on guard.
To be clear, as I wade blithely into a discussion about security, I'm painfully aware that this is a highly specialized and technical field (for which I have few qualifications). This is why at LightRocket we have a dedicated security professional, whose sole mission is to keep our company, and the data and systems of our clients, safe.
When you build a digital asset management (DAM) system, your first focus is on solving the problems of managing an archive: structuring folders, tagging and keywording, developing functionality and an interface that is comprehensive and intuitive. The temptation is to put security low down on your 'to-do' list - to make it one of those 'when we have time' tasks. And yet a central aspect of our client pledge, and indeed of the value of our DAM system, is that we will always endeavour to keep our clients' archives and collections secure.
How LightRocket Enterprise keeps your files safe
It's a process that starts when we take the basic and essential steps to putting virtual locks on every door. This means deploying two-factor (2FA) authentication, promoting the use of single-user sign-on among our clients, and using captcha and email link validation where necessary. All of these simple but essential tools are integrated into the LightRocket Enterprise experience.
When it comes to choosing a place to store files, we saw this as a classic case of 'go large or go home'. Naturally, we decided to 'go large', selecting Amazon Web Services (AWS) as our preferred vendor for data storage. Why? Because AWS's S3 (Simple Storage Service) is designed for 99.999999999% (yes that's an incredible nine 9's) durability. AWS is currently the provider of choice for such behemoths as Netflix, NASDAQ, LinkedIn, and even Facebook (Meta). Whatever one thinks of this tech giant, it is very hard to beat Amazon in terms of reliability, quality of infrastructure, and security.
Of course, just knowing that Amazon is the 'bees' knees' when it comes to the durability of their servers, doesn't make their servers immune from a worst-case scenario, which is why our team creates regular disk snapshots and database backups. So, if the worst does come to pass, we are ready to restore any of our systems to their original state within minutes. Beyond the nuts and bolts of keeping servers safe, security is also about the simple need for peace of mind. It's important that our clients know we are prepared for the worst.
A deep dive into Lightrocket's security processes
We've also posted virtual sentries at the gates of our systems. These 'sentries' are actually scripts that scan all incoming files for malware, making sure no viruses are imported into our servers. Think of it like a purifier for servers, or like nets designed to catch undesirable code before it can mix with, and contaminate, our data.
And if our malware scans are like sentries preventing infected files from entering our ecosystem, then our Web Application Firewall is like a moat that runs round our fortress (metaphors galore!). Our Web Application Firewall, or WAF as it is known in the trade, filters incoming traffic, defends against sophisticated application attacks, and can help detect and mitigate DDoS attacks, which is when servers are bombarded by hackers looking for vulnerabilities.
Actually, we're not the only ones guarding the fortress, some of our clients are also helping to keep LightRocket secure by running periodic vulnerability and penetration tests to see if they can find any chinks in our digital armour. Technology is continually evolving; code frameworks change and hackers are infamously persistent and inventive. What is secure today could well be breached in the future, which is why we welcome the support of our clients in helping us keep LightRocket Enterprise protected.
In a cloud-based, server-reliant world much of what we do; our communications, transfers of data, calls to servers, must inevitably pass through networks. Our security processes are thus dedicated to keeping data private through the use of virtual Private Clouds (VPCs), Virtual Private Networks (VPNs) and full encryption. Naturally (thankfully!), many of these tools are automated. We have also deployed scripts which notify our team of outages, problems with SSL certificates, and changes in infrastructure configuration.
Security is an ongoing development
It's true, there's nothing particularly exciting about security. Indeed, the best measure of security is when you have a digital ecosystem that is quiet; free from hacks, attacks, and malware. Here at LightRocket, our clients have never lost any of their data, and we have never been the victim of a serious breach of our security. This is not to say our systems are impenetrable. We all know that determined hackers have managed to break into the Pentagon and have got past the seemingly-unbreachable defences of banks and credit card companies, which is precisely why we see security as an ongoing challenge.
Contact me, Yvan Cohen, at info@lightrocket.com if you'd like to find out more about how LightRocket Enterprise manages security.
Written by Yvan Cohen | Yvan has been a photojournalist for over 30 years. He's a co-founder of LightRocket and continues to shoot photo and video projects around South East Asia.
