B2B Customers want cybersecurity compliance: MASV’s TPN Story.

Published on 13th January 2022 Author: Blane Erwin

Cybersecurity doesn’t have to be a drag on business, it can be an accelerator that helps companies better serve their customers.

MASV (pronounced Massive) is an api-based large file transferring SaaS company that recently completed a unique cybersecurity compliance assessment to help enable its growth.

MASV specializes in transferring the massive files that raw 2K, 4K, and 8K video footage creates, to and from post-production teams. MASV is mostly focused on serving the film, television, and streaming industry where this type of footage is already the norm.

While all businesses face the risk of cyber attack today, the film, television, and streaming industry faces a unique high risk threat from data loss: if bad guys are able to get their hands on footage or film materials before release, leaks could cause thousands and thousands of dollars of damage in negative PR and piracy before the film releases.

Enter: The Motion Picture Association’s (MPA) Trusted Partner Network (TPN) cybersecurity assessment. The TPN is a cybersecurity standard similar to SOC 2 and ISO 27001, but it’s industry-standard and specially designed to protect media entertainment industry’s content from breaches, leaks, and piracy.

MASV recently completed the TPN assessment process for the first time, refining and validating the company’s security program for its clients.

Customer Requests for Security are Common

“You become not just compliant with an assessment like this, you become an advocate for the customer’s needs and you can help build something that they can feel very confident in,” said MASV CEO Greg Wood.

Like many growing SaaS companies, MASV sought out the TPN assessment on customer request. In the entertainment industry, many smaller production houses work with larger studios and the studios mandate what the smaller shops can use, such as requiring services to have the TPN.

“We are product led, and we listen to our customers, start with the customers, and try to give them what they want,” said MASV CTO Majed Alhajry. “The whole thing started with customers asking for TPN because it’s the MPA standard. We didn’t have any requests for ISO 27001 or SOC 2.”

While the TPN standard may be industry-specific, the process is ultimately similar to SOC 2 and ISO 27001. A review of current cybersecurity practices is performed, non-compliant practices are made compliant, evidence is collected to document everything, and an audit is performed.

“Preparing for the TPN assessment was an interesting challenge for us at MASV,” said MASV CTO Majed Alhajry. “It took a few months for all of us to go through the requirements and make sure we were doing best practices, and with the help of the security team and a consultant we got through the documentation of all our processes.”

While Fractional CISO doesn’t do TPN assessments, Virtual CISO consultants such as Fractional CISO are frequently used by midsize companies when they are first building a cybersecurity compliance program. Even if the company already has good security practices in place, the compliance audit is itself a huge project. A CISO as a Service can help lead the efforts, allowing other leaders at the company to focus on their normal roles.

Like a SOC 2 report, the TPN audit results in the issuance of a TPN assessment report that acts as a snapshot of the security practices at time of review.

“Our vision when it comes to security is layered,” said Alhajry. “Layer 0 is where we want to secure ourselves, our employees, make sure they are protected against phishing attacks and protected against password compromise…

“Layer 1 is protecting the data and making sure our product is safe. We use vulnerability and code scanners, we monitor dependencies, we make sure access controls are in there and we have adopted security by design…

“Layer 2 is protecting our customers. Part of that is protecting customers from bad security practices like reusing a password or using a really weak password. Now there’s a minimum 12 character password. It seems inconvenient but most of our customers have password managers now.”

Companies Choose Secure Vendors

Since completing the TPN assessment, MASV has seen a growth in both paying customers and general interest in their product, which has led to even more security requests. Secure file transfer is in demand.

“As we’ve gone through the process we’ve started to look at other accreditations and we’re already in the works for ISO 27001 by the end of this year and next year SOC 2 as well,” said Alhajry. “We started getting a lot more interest, once you unlock TPN your customer base grows and you start getting more interests and these certifications.”

One source of increased traffic could be the TPN Vendor Roster. Similar to CSA Star, TPN maintains a roster of vendors that have completed their assessment to make it easy for companies to find compliant vendors. Unlike the public CSA Star Registry, the TPN Roster does require credentials with the MPA to access and is confidential – but that’s okay because many of MASV’s potential customers would have access to it.

And it makes sense that potential customers would be checking it. Good security programs are becoming high-demand qualities for all B2B vendors these days. Everybody is feeling the market pressure to secure their business, which requires them to have secure vendors, which increases market pressure for vendors to secure their businesses.

“Sales enablement is about customers and I don’t think there’s a bigger theme in this decade than privacy and security,” said Wood.

Want to get great cybersecurity content delivered to your inbox? Click here to sign up for our monthly newsletter, Tales from the Click.

Blane Erwin

Blane is Fractional CISO’s marketing manager. He leads Fractional CISO’s editorial efforts, helping the team share their cybersecurity knowledge on the blog and monthly newsletter, Tales from the Click. Blane has a background in digital marketing and broadcast journalism. Before joining the Fractional CISO team, he helped run the marketing for electric vehicle retailer Current Automotive, and was a television news reporter for NCTV17. Blane has a bachelor’s degree in Broadcast Communication from North Central College.