Protection of your data is incredibly important to us, and we are constantly working to ensure that Conductor is secure, adhering to strict MPAA guidelines and participating in ongoing security testing.
Security Foundations - Our platform runs on 2 of the most secure cloud platforms in the world; Google Cloud Platform (GCP) and Amazon Web Services (AWS). Our data is transferred to and from the Conductor platform through an encrypted connection securely hosted on either cloud providers scalable, encrypted at-rest storage, and can only be accessed by authorized personnel on your Conductor account (see below for information on Roles and Account Access).
Data Storage Lifecycle¶
Conductor uploads only the necessary files for rendering each submitted scene. Both the uploaded data and the resulting images are encrypted in cloud object storage on either GCP or AWS. At any time during the lifecycle of the project, a studio can purge all project or account data, safeguarding the amount of IP transferred outside of the studio walls. Typically once a project is complete, studios will purge all data, as all resulting imagery has been retrieved. This action is irreversible, and all uploaded data and render artifacts will be securely deleted from the cloud provider.
We work with the external audit firm Independent Security Evaluators (ISE) to perform ongoing assessments of the Conductor platform. For more information on our security practices or to request the most recent copy of our ISE audit, please contact us at firstname.lastname@example.org.
Single or multi-tenancy¶
Our customers’ data is encrypted in-transit and at-rest, and render nodes are isolated from other customers on Conductor and on the cloud provider. The Conductor Enterprise platform is also available for licensing. It provides studios with the ability to orchestrate the Conductor render nodes and storage clusters inside their own cloud provider account and virtual networks, for complete control over the security of their IP.
Roles and Account Access¶
|Active||Active users can submit jobs to the account they are associated|
|Inactive||Inactive users will not be able to submit or process jobs to the Account|
Given Admin rights, users will be able to invite additional users to the account, create additional projects, or set cost limits.
The Account Owner is the email address associated with the original configuration of the account. This will be the email that will need to be used to view/change account settings, such as historical spend and updating methods of payment.
Project Access Considerations
Note that once a user is added to the Conductor account, they will have access to all associated projects and resulting imagery. If there are parallel projects with high levels of sensitive IP that cannot be shared among the respective studio teams, we highly suggest that separate Conductor accounts be created for each project.
IP Allow List¶
We understand that studios can have highly restricted environments with limited external access. Born out of a production studio, we understand those requirements and have designed the Conductor experience to support using single centralized uploader and downloader daemons to upload and download data from Conductor. As a result, artists can submit their work to the platform through this singular point of data egress/ingress management. The communication is performed over a secure, encrypted connection, and can be restricted to a list of authorized IP addresses such as the studio’s public IP addresses. If necessary, be sure to unblock the following domains, ports, and CIDR blocks on your firewall. Please work with your Studio’s IT, and contact our team for additional setup assistance.
|Port 443/TCP to the AWS public IPs|
|Port 443/TCP to the GCP public IPs|
|Port 443/TCP to the Cloudflare public IPs|
Additionally, access to the Conductor dashboard for a studio’s account can be restricted to a set of IP addresses. Please contact our support team for more information.