Newsrooms and press freedom

Protect sources, reporting workflows, and the systems behind sensitive journalism.

Secure Origin helps newsrooms and media-support teams protect endpoints, test reporting workflows, and operate hardened infrastructure for sensitive pre-publication work.

Request security review Use the source protection checklist
Service fit

Security for the reporting lifecycle.

Managed Security
Endpoint monitoring, patch visibility, email and identity review, alert triage, and monthly risk reporting when there is no internal security team.
Security Testing
Testing against reporting workflows, applications, cloud services, identity, and exposed infrastructure.
Private Infrastructure
Hardened infrastructure for source intake, research workspaces, web captures, and sensitive pre-publication workflows.
Related reading
When this matters

Security needs change across the reporting lifecycle.

Before sensitive outreach

Review accounts, devices, communication channels, shared folders, and source intake before contacting high-risk sources.

During active reporting

Protect drafts, web captures, FOIAs, source notes, legal materials, and collaboration spaces from accidental exposure.

After a threat or leak concern

Assess suspicious logins, device concerns, exposed files, or newsroom workflows that may put sources or reporters at risk.

Secure intake options

SecureDrop and GlobaLeaks fit different workflows.

SecureDrop

Best for high-risk investigative newsroom source intake where Tor-only submission, strict operational procedures, and air-gapped review workflows are justified.

GlobaLeaks

Often better for NGOs, legal aid organizations, advocacy groups, compliance programs, whistleblowing projects, and smaller teams needing flexible secure reporting workflows.

Secure contact first

Some teams only need clear Signal, PGP, policy, and escalation guidance before they are ready for a full anonymous intake platform.

How we help

Match the service to the workflow.

01
Intake
Clarify sources, reporters, publishing timelines, legal constraints, adversaries, and budget range.
02
Service selection
Choose Managed Security, Security Testing, or a separate Infrastructure path based on the reporting lifecycle and deadline.
03
Delivery
Improve protection, test risk, or build hardened infrastructure within a clear scope.
04
Document boundaries
Make clear what the workflow protects, what it does not, and what to do when risk changes.
Request review Book call