This 2014 hack of the Sony computer system has lead many larger publishers to examine the security of their royalty software systems. The requirements in recent RFP’s often mention security as one of their key criteria.
What is security for a royalty software?
From our point of view royalty software security is composed of three components:
- Data file encryption
- Document management system encryption
- User access rights
- Security monitoring / auditing
Data File Encryption
Most royalty applications are built on a MS-SQL server.
For these applications here is a listing of the ten SQL database security tasks. These tasks include implementing cell level encryption and encrypting the data that is transmitted between the app and the database.
Document Management System Encryption
The DMS (document management system) stores copies of royalty agreements. PDFs of scanned royalty agreements may be stored within the royalty application or in a separate location.
For document security, we recommend that PDFs be stored on an encrypted drive. Access to the documents should be limited to the royalty software. Only users logged into the royalty software can access these documents in their unencrypted state. For most business, having a system similar to the one available on FilecenterDMS.com is effective, but for vital documents that are private, it will be worth looking into accessing an encrypted drive.
User Access Rights
Access rights controls which users can access the software. Many software intrusions result from the hacker breaking in with a user’s password. For greater security against this threat we recommend two factor user authentication for users accessing the royalty system.
Single factor authentication relies on the user submitting his user name and password.
Two factor authentication requires a users password and a PIN that is dynamically generated when the user attempts to sign in. This PIN may be created by a physical device that a user has access to or it may be emailed to the user’s mobile phone.
When an employee leaves the company their access rights should be immediately terminated.
Security Monitoring / Auditing
Third party IT security solutions and services can monitor access to the selected folders and files to prevent downloading and copying to unauthorized locations.