MESA Members at CPS: A Shift in Cyber Security Focus


Dec. 7 at the eighth annual CDSA Content Protection Summit (CPS), Wendy Frank, principal of PricewaterhouseCoopers’ cybersecurity, privacy and risk practice, shared an update on the global state of information security, which shows media and entertainment executives making a shift for the better in how they enhance security, especially when it comes to technology and the Internet of Things.

In the past, M&E companies saw security dollars spent mostly at the corporate level, revolving mostly around the high-level executives. Now, the focus has been brought more centralized around the content itself, and the vendors M&E companies work with, and rightly so, she said.

She specifically called out IoT devices, and how crucial it is to recognize the threats posed by everyday connected devices. “You need to think about what that’s doing to your security,” she said, adding, however, that M&E companies have still become much better at protecting their most crucial assets. “The protection of data isn’t an afterthought like it used to be. It’s taken into account at the start.”

According to PwC’s new “Global State of Information Security Survey” for 2017, 52% of organizations have intrusion-detection tools in place, 51% constantly monitor and analyze info security intelligence, 48% conduct vulnerability assessments, 47% do threat assessments, and 44% conduct penetration tests. Those numbers aren’t bad, but there’s still work to be done: PwC, working with organizations on security testing, still drops USB drives in corporate lobbies to see if employees pick them up and put them in company computers. And they do.

“A vast majority of people will plug that in, and it sounds crazy, but this stuff still works,” she lamented. “Are [companies] doing enough [to enhance security]? Sadly, I don’t think we are.”


Meanwhile, during a presentation with the Digital Watermarking Alliance, Mark Nakano, senior director of product marketing and partnerships for NexGuard, said the July 2016 acquisition of NexGuard and its forensic watermarking marketing tech by the Kudelski Group made NexGuard part of something bigger when it comes to security, he said.

Kudelski’s security holdings cover DRM, breach protection and response, conditional access specialization, making NexGuard part of “almost a one-stop shop for cyber security needs,” Nakano told MESA. “Now instead of offering services to NBC Universal alone, we have a portfolio that can cover all the needs of a parent company like Comcast, providing more value and services.

“The piracy that’s happening today affects everything, and it’s no longer about just protecting your content assets, but protecting your entire business against cyber security threats.”

As for the Content Protection Summit itself, Nakano praised the CDSA for expanding the reach of the conference and its topics beyond Hollywood. “Cyber security isn’t just a studio problem, it’s expanded to cover every part of the industry, and this event has become a premiere, go-to place to talk about solutions to the problems we’re facing today,” he said.

Microsoft Azure

Joel Sloss, Microsoft Azure’s program manager for security, privacy and compliance, understands why some in the media and entertainment business are loathe to make huge, sweeping workflow changes, especially when it comes to using the cloud to get things done.

Sloss gets the fear, and thinks it’s on Azure and other major cloud providers to alleviate it, and “meet the content companies half way.”

“There’s still a lot of fear around pre-production assets and the cloud, and part of the education for the industry is helping content creators get past that,” Sloss said at CPS. “The cloud is no different than how you do your data center today: fundamentally, [the assets] are still yours.”

He said that’s what makes events like the Content Protection Summit important for the media and entertainment industry, gathering the service providers with the content holders, and putting everyone with skin in the game in the same room. And while other industry events have seen attendance lag, CPS and other MESA events have only grown, he added.

“The last couple of years, the best industry contacts I’ve made have been at these event,” Sloss said. “The community alone makes it worth the time.”


Not so long ago, 20th Century Fox made the decision to start working in the cloud, and, sure enough, there was nothing easy about the move.

“They had an interesting challenge, a company thinking about moving to the cloud, and managing access for their employees in the cloud, as well as hundreds of people working with content outside of the studio,” Nadav Benbarak, group product marketing manager for Okta (Fox’s cloud partner), speaking during a presentation at CPS.

The balance is a delicate one: making access manageable, yet secure, Benbarak said. And Okta helped do that by setting up a single account for everyone outside of Fox to have access. “They were able to unify access for external people … and it’s all done as a service,” he said. The result: whether a project is winding up or winding down, using Okta’s solution, Fox is shipping films faster, cheaper, and more securely than before.

“You need to be able to deploy quickly, and set up an environment where people can work very quickly, on-board people quickly,” Benbarak said. Legacy access management tools no longer do the trick in today’s quick-turnaround environment, with months of time to go live, and far too much manual process to incorporate.