Security & Privacy

Owned by Sean Meehan
Last updated: Jun 07, 2024 by Joana Lucia Schulze De la Cruz
3 min read

Hive Streaming was built with security in mind from its inception.  Security is prioritized – both in our organization and technology.

 

Security Overview

Organizational Security

Hive Streaming's Information Security Program is aligned to NIST SP 800-34 R5. Hive Streaming always strives to follow industry best practices and standards like NIST, CIS Controls V7.1, OWASP.

Hive can provide an ISAE 3000 Type II report focusing on the operational parts of the SOC2 framework and can also provide a valid ISO27001 certificate for Information Security Management.

Commitment to SDLC

Hive Streaming has a strong commitment to a secure Software Development Life Cycle (SDLC), including institution of robust processes for change management, code reviews, testing, separation of duties, code signing, access rights & emergency changes.  SDLC processes are described in Hive Streaming's ISAE 3000 SOC2 report and reviewed annually.

 

Hive Cloud Services Security (including back-end)

 

Hive Streaming maintains secure environments for all production, development & testing services hosted in Microsoft Azure.  Production environments are separated from development & test environments.  Penetration testing of the hosted environment is conducted annually by an external qualified information security company.  Penetration testing report findings can be shared upon request.

Hive Plugin & Video Platform Integration security

 

Hive works closely with video platform partners to secure the end-to-end video workflow.  

Partners use a private security token issued by Hive.  Hive provides partners with self-contained JavaScript-based libraries to extend the capabilities of their video players with HIVE functionality, built according to established best practices to ensure the security of developed components and prevent leakage of viewer personally identifiable information (PII).

Installed Application (Agent) Security

 

Hive Streaming has worked closely with technology leaders to secure the design of the installed HIVE Agent software:

  • The Hive Agent is installed and operates under the principle of least privilege, with no access to user or company credentials.  Filesystem access is limited to install folder.  

  • All Hive Agent communications - including browser to Agent, Agent to Agent and Agent to Hive Cloud Services - are encrypted.

  • A robust release process for the HIVE Agent includes third party library dependency checking, code reviews, an OWASP (Open Web Application Security Project) scan, virus scan and Hive executive sign-off.  

  • A qualified Information security firm analyzes the Hive Agent annually, applying threat modeling, reviewing results and generating a report.  Report findings can be shared upon request.

Video Content security

 

Hive Streaming never has the ability to view customer video content: 

  • Customer video content does not traverse Hive's Cloud Services environment. 

  • Hive video distribution technologies work transparently with DRM and common video content security measures, including URL-based tokens and CDN-provided cookie (for webRTC only).

  • Hive Streaming does not have access to the key needed to decrypt encrypted video fragments.

  • Hive video distribution technologies can ensure the integrity of the video shown to the viewer.

Privacy

 

Hive Streaming takes corporate and end-user privacy very seriously.  Hive Streaming solutions meet GDPR & CCPA privacy requirements.  Data protection procedures are extensively documented.  Additional details may be found in Hive's Data Protection Addendum/Agreement and ISAE 3000 SOC 2 report, both available upon request.

 


NOTE: Hive video distribution technologies do not have access to end-user personal information or credentials.  Product configurations are offered to suppress, obfuscate or purge potentially identifiable information captured in the network, including IP addresses.