vMix Forums
»
General
»
General Discussion
»
vMix and corporate IT security approval/onboarding
Rank: Newbie
Groups: Registered
Joined: 7/25/2020(UTC)
Posts: 1
|
Hi all,
Anyone had luck getting vMix onboarded through their company's IT security? The company I work for requires security penetration test results and other security documentation - things vMix, being a small company, isn't willing/capable of providing. Anyone currently using vMix in a corporate setting? Was it approved by IT security? Curious about how to get through this barrier. Thanks in advance.
|
|
|
|
|
|
Rank: Newbie
Groups: Registered
Joined: 3/27/2021(UTC)
Posts: 1
|
Hi,
Any luck with this? We are in the same situation as well. How did you tackle this?
|
|
|
|
|
|
Rank: Advanced Member
Groups: Registered
Joined: 2/5/2021(UTC) Posts: 32  Thanks: 2 times
Was thanked: 3 time(s) in 3 post(s)
|
Probably best to have a sit down with your IT director to find out what they really need vs what the generic corporate policy is. Vmix brings extraordinary value.
Almost any corporation that needs this also has a sandboxing, dmz or isolated environment for projects.
|
|
|
|
|
|
Rank: Member
Groups: Registered
Joined: 4/14/2021(UTC) Posts: 15 Was thanked: 1 time(s) in 1 post(s)
|
Is there any info on vMix's security and dev practices?
Corp security would like to know.
|
|
|
|
|
|
Rank: Advanced Member
Groups: Registered
Joined: 11/30/2013(UTC)
Posts: 165
Location: Seoul, South Korea
Thanks: 39 times
Was thanked: 19 time(s) in 14 post(s)
|
I have vMix running in several systems at my workplace. Every company has different IT security strategies, we have several different tiers of network subnets with different operational requirements based on business impact if a system were to be compromised.
You can argue with the IT department all day, but in the end documented security and dev practices are really just a warm blanket that give a false sense of security until a security researcher posts something on twitter and the hurricane from that blows the blanket clean off. If deploying a new system, it is the best to design your network so that if something is compromised, it is contained. If you are facing headwinds from your company and aren't getting anywhere, ask for a new VLAN to be setup whose devices are "untrusted" and your company firewall blocks everything except designated traffic you've approved to get in or out.
|
|
|
|
|
|
Rank: Member
Groups: Registered
Joined: 4/14/2021(UTC) Posts: 15 Was thanked: 1 time(s) in 1 post(s)
|
This isn't about a false sense of security or not trusting or anything else you mentioned.
It's called a security evaluation that is done on all projects and applications.
Security is not here to tell the business what to do or not do.
They can only recommend controls and best practices to mitigate shortcomings.
For example vMix recommends no Anti Virus except Windows Defender which is fine.
When evaluating a Tricaster they didn't want any AV at all on their product which meant trying to engineer a firewall that could follow the encoder on a cart around offsite or onsite.
The only question I can't answer right now is..
"Are secure development practices applied during application development to protect against the intentional or unintentional introduction of security vulnerabilities development?"
|
|
|
|
|
|
vMix Forums
»
General
»
General Discussion
»
vMix and corporate IT security approval/onboarding
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
Important Information:
The vMix Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close
