At Getty Images, the security of your brand assets is our highest priority. Our engineering team uses the best tools and practices available to build and maintain Media Manager, and you can rest assured that we've implemented multiple levels of security to protect and back up your files.
SOC 2 Type 2 compliant
Our partner, Brandfolder, has completed its SOC 2 Type 2 audit for its security and confidentiality controls. This means Brandfolder has established processes and practices against these controls that have been validated by an independent third party.
- Independent third-party examination
- Gold standard security compliance for SaaS
- Strict security and confidentiality procedures in place
Identity management
Media Manager enables the right individuals to access the right resources at the right time. It provides a seamless and secure way for your organization to manage your digital assets. Other users can't see your brand assets in your Libraries unless you deliberately give them access or make your Library Public.
- SAML 2.0 SSO
- User management & permissions
- Privacy and Stealth Mode settings
Storage and delivery
The underlying storage architecture behind Media Manager is powered by best in breed cloud service providers. Media Manager supports both Google Cloud Storage (GCS) and Amazon Web Services (AWS) S3 for cloud storage. By default, the cloud storage is set as S3 (AWS).
Media Manager redundantly stores all data on multiple devices across three Availability Zones. All PUT and COPY operations for objects are synchronously stored across all Availability Zones before confirming that the data has been successfully stored, thus ensuring fault-tolerance. Once stored, we are regularly verified of the integrity of stored data using checksums. If corruption is detected, it is repaired using redundant data. By using GCS and S3, Media Manager is able to effectively provide 99.999999999% durability and 99.99% availability of objects over a given year.
Media Manager's PostgreSQL database deployment is always up-to-date through automatic updates using the latest patches. Automated backups of all transaction logs and the database enable point-in-time recovery for all of our customers. The database instance is set to run as a multi-region, Multi-Availability Zone deployment with a disaster recovery replica. This means that it will automatically provision and manage a “standby” replica in a different Availability Zone (independent infrastructure in a physically separate location). Database updates are made concurrently on the primary and standby resources to prevent replication lag. In the event of planned database maintenance, database instance failure, or an Availability Zone failure, we will automatically failover to the up-to-date standby so that database operations can resume quickly without administrative intervention. Brandfolder maintains snapshots and streaming logs for instantaneous recovery in the event of global compute disaster.
- GCS or AWS S3 Storage with a 99.99% uptime
- Globally distributed Content Delivery Network (CDN)
- Content ingestion network with lightning fast upload speeds
- Global storage locations in the US, Asia, Europe, and others
- Custom storage solutions for enterprise clients
Online protection
Assets are encrypted at rest using server-side AES 256 encryption algorithm. We salt and hash user passwords using 10 rounds of Bcrypt. Data traveling between a customer device and Media Manager is secured with SHA-256 with RSA signed certificates and encrypted using HTTPS/TLS to protect against eavesdropping, tampering, and message forgery. Brandfolder only accepts traffic from 2 whitelisted ports, and has built-in intrusion detection instrumented with monitoring and alerts. This ensures the integrity of all transmitted information in and out of the Brandfolder technology stack.
Risk assessment and controls
Getty Images IT reviews and regularly updates IT vulnerabilities, controls, and risk impacts. The assessment evaluates security vulnerabilities affecting confidentiality, integrity, and availability. Appropriate security safeguards are recommended, permitting management to make knowledge-based decisions about security-related initiatives.
Durability & back-ups
By leveraging Amazon Web Services (AWS) and Google Cloud (GCP), Media Manager offers best in breed online and physical security measures, 99.999999999% durability and 99.99% availability of objects over a given year. Media Manager ensures streaming replication backups so that no changes or updates are lost in the event of a disaster.
Physical security
Cloud storage providers provide state of the art data center security, including around the clock staffing, video surveillance and intrusion detection systems. Authorized access is granted on a need to know basis. All administrative interfaces are accessed through key-card and/or 2FA user authentication.
Security and ownership
Your data is yours, and yours only. Media Manager will protect your data from internal and external threats, making it the safest home for all of your important brand assets. We leverage built-in intrusion detection, advanced monitoring and alerts systems, encryption in transit and more measures to ensure data security.
- Regular security audits and pen testing
- Business continuity and disaster recovery procedures
- Internal and external data security