What does project security look like in the cloud for media and entertainment industries?
- July 29, 2021
- News
Originally published on 27th July 2021 in ‘techspective’
The media and entertainment industries are some of the most collaborative in the world. As such, working within silos has never been possible. On any one project, content creators will work with multiple studios, external vendors or freelancers, communicate with clients and each other across numerous technology platforms.
The restrictions seen in 2020 meant that working separately, yet collaboratively, in the cloud was now no longer just an option or an add-on, but the very means by which companies in these industries remained buoyant amidst the unrelenting demands for content.
Now, with initial teething problems out the way, we are looking at a future where remote working is typical, if not expected. Far removed from its initial ‘coping strategy’ status and graduating into a feasible, profitable model for future working. Cloud-based activity has opened up these industries to collaboration on a global scale with access to talent anywhere in the world. In turn, companies can scale talent to meet individual project requirements, manage more projects, and produce high quality content quicker and more efficiently.
With the concept of a ‘hybrid’ workflow firmly established, it raises important and necessary questions around project security. When workers are one day on-premise and the next day working from home – who is protecting their data? Whether it is in transit or at rest and likely across more than just a handful of locations, how will companies manage the pressure of the influx of new and demanding security protocols? What does project security look like five years from now?
Security: The unsung hero
Security in the media and entertainment industry has always been a topic of contention. Broadcasters, film studios and creative organisations invest heavily in data security to ensure processes and workflows are compliant to regulation, client requirements and industry best-practice, such as the Trusted Partner Network accreditation. Data breaches and cyberattacks are both a persistent threat and reality due to the sheer number of people who are involved through each stage of the on-set, production, and post-production process.
These data security parameters extend into cloud and hybrid workflows, and as such, creative organisations must also carefully audit their software and hardware solution providers and vendors. Many technology vendors will include standard SLAs along with security clauses within their terms and conditions, but few will go above and beyond just providing generic recommendations.
There is a growing need for vendors and solution providers to work together to address security both at the technology level and empower their end-users to take advantage of the platform itself. Securing, operating and managing a now-hybrid production environment requires significantly more effort, and ultimately represents a cost to their business that only in the worst possible situation is justified.
Managing pipelines
If we acknowledge that there are different rules and protocols for data security and responsibility, then it goes without saying that replicating this process with multiple projects and multiple companies is a challenge to manage.
Studios have traditionally gone about limiting cross-contamination of data by purchasing separate systems to create islands of storage in the cloud. However, this endeavour quickly becomes burdensome, expensive and puts a cap on a studio’s scalability.
Storage vendors are able to secure data at rest, and file movement software is able to secure it in transit. But these are still isolated solutions that enable the technology vendors to sleep at night knowing that they’ve done ‘just enough’. But the cost pressure of each of these isolated solutions will eventually result in studio facilities making one small oversight that could lead to a vulnerability.
Secure network technology is a perfect example of addressing this challenge at a software level and treating the underlying hardware as a shared resource. The OSI Security model enables security to be addressed at many layers in the overall solution.
And so it is possible to leverage this approach with a software-defined storage system that enables true multi-tenancy. Rather than having multiple isolated storage servers, the underlying filesystem exists on a single storage fabric. And the storage containers share only a select area of the filesystem to a given network, user or business unit. If the multi-tenancy storage shares were to be compromised, only a small amount of data would be at risk, not the entire filesystem.
In addition to enabling quick threat detection, damage limitation and increased audit and traceability, this has been proven fit for purpose by major broadcasters and meeting industry auditing standards, such as the Trusted Partner Network’s accreditation.
The future is safely contained
Now that companies have opened a door into the world of remote working, the nature of security is already evolving. On-premise facilities will need to be carefully evaluated as companies look to scale capability into the network to reduce on site costs.
However, with this transition will come an increase in the research, development and investment in cybersecurity. Companies need to spend time assessing and managing which devices are connected to the company network and what access these have to various pools of company information and assets.
Security is not new – but the way we go about it is. Network segregation through containers is reframing the problem and large broadcast companies with the resource and existing infrastructure to roll out such solutions are leading the way. One such example is broadcast and managed services powerhouse, Red Bee Media, which uses multi-tenancy to efficiently, and securely, manage millions of assets and complex workflows across its entire broadcast chain.
In the coming years, we can expect developments of many more tools and features to address the growing need for the safeguarding and monitoring of data. In the meantime, technology vendors, their customers and bodies, such as the Trusted Partner Network must work collaboratively to address and improve security standards across the industry.