M&E Journal: Workspace Virtualization Emerging as Solution for Securing Digital Media Assets, IP

By Jill Milton, Teradici

Hollywood filmmakers love hackers. From crime thrillers to superhero sagas, cyber crooks have become the go-to bad guys of countless modern movies and TV shows. Even some silver screen heroes have used cyber attacks to take down 21st Century villains and save the day.

But that’s all fiction. What Hollywood studios don’t love is when they themselves become the targets of real world cyber threats.

A glance at the headlines is all it takes to see how grave the danger has become. From spyware to ransomware, from phishing attacks to complex, internet-based exploits, the list of tools used by criminals to gain access to sensitive information systems seems to grow almost daily. Worse, these attacks are being launched not just by individuals, but also as tools of organized crime and even state-sponsored espionage.

The risks for M&E companies cannot be overstated. In an industry in which even a single leaked frame of a major Hollywood blockbuster can spoil the box office, resulting in countless losses in distribution sales and licensing, for cyber criminals to gain access to media assets while still in production would be disastrous.

As media production evolves into an all-digital enterprise, the need for M&E companies to protect digital assets and intellectual property from online attacks is critical. What M&E companies need, now more than ever, are new tools to help secure the intellectual property that’s the digital life’s blood of their businesses.

Going virtual

One such tool that has emerged is workspace virtualization, and it’s already being used by a number of studios and production houses, both to improve their workflows and to address their unique information security challenge.

At first glance, a virtualized workspace looks very much like an ordinary desktop PC. The difference is that in a virtualized environment, the software applications are not actually running on the hardware that’s sitting on the desk. Instead, they’re running on a remote workstation – typically one that’s much more powerful – that’s housed in a data center elsewhere. What the user sees on the screen is but an image of that remote computer’s desktop, transmitted over the network. In that sense, today’s virtual workspaces are very similar to the “dumb terminals” of yesterday – only instead of glowing green text, they display full-fidelity, rich GUI environments.

Early iterations of this technology were somewhat limited. They were suitable for office applications but lacked the image quality and responsiveness required for graphically intensive workloads such as high-resolution video editing or 3D graphics. With the arrival of the PCoIP protocol, however – an advanced workspace virtualization technology developed by British Columbia, Canada-based Teradici–it became possible to virtualize even the most demanding visualization applications with seamless fidelity and responsiveness.

Today, PCoIP powers a range of workspace virtualization solutions from such vendors as Amazon Web Services (AWS) and VMware, among others. More recently, specialized PCoIP-based solutions have emerged that specifically target the M&E industry, such as Los Angeles-based BeBop.

Often, customers are attracted to these solutions because they can help ease some of the systems management and workflow challenges that inevitably arise with a geographically dispersed workforce. As it turns out, however, the same features that make virtualized environments easier to manage also make them more secure.

Locking down the endpoint

First, just the nature of a virtual workspace increases security on the user’s desktop. An endpoint device might be an ordinary PC running a simple software client on a Windows or OS X, but more often it will be a so-called thin client with a stripped down, minimalized OS – or better yet, a Zero Client, which has no local OS, memory, or storage at all. These ultra-simplified systems have far fewer “moving parts” than traditional PCs and thin clients, meaning they have far fewer vulnerabilities for attackers to exploit. A Zero Client, for example, is utterly impervious to viruses and spyware – it literally lacks the “brains” necessary to run the malware code.

Furthermore, in a virtualized environment no data ever leaves the data center. Nothing is stored on the client endpoint; in fact, no files or media assets are ever transferred over the network at all. Even if thieves were to break into the office and physically steal the client hardware, they could extract no data from the devices, because there simply would be nothing there.

This is possible because PCoIP is not a data transfer protocol in the traditional sense. Instead of transferring files or blocks, it merely transmits the image of the remote workstation’s desktop to the client endpoint as a stream of pixel data, which the client reassembles to reproduce the image on its screen. Even if attackers were somehow able to intercept this stream, they would not gain access to any files or assets. All they would be able to do is view whatever was onscreen at that given moment. And because PCoIP encrypts its pixel stream using cryptography that meets the highest standards of the U.S. government, the chance of any such eavesdropping is vanishingly small.

Keeping data where it belongs

For M&E companies, workspace virtualization has the additional benefit of solving the data transportation problem. Particularly for productions shot in 4K UHD, transferring even a single scene over the network can be time consuming and costly. The problem is compounded when the job involves artists working in geographically dispersed locations, perhaps spanning multiple time zones. Worse, all of this shuffling around of assets and intellectual property introduces even further security concerns. How can the studio be sure that the network and data center at each location – and all of the connections in between – are equally secure? The more complex the environment, the greater the risk that there’s a “weakest link” lurking somewhere in the security chain.

Workspace virtualization addresses these concerns by allowing all of a given project’s assets and data to remain in one place. Because applications are only ever accessed over a secure PCoIP link, IT can consolidate all of the back-end systems that support those applications into a single data center – including not just file servers, but also render farms and storage arrays as well. In this way, IT can maintain control of systems and creative assets alike, without restricting artists’ work.

The last piece of the puzzle, which has emerged more recently, is the rise of cloud computing. Rather than managing their virtual workspace infrastructure in-house, companies can now choose to host their applications in any of the various public or managed private clouds that have emerged – including AWS, Google Compute Engine, IBM Softlayer, and Microsoft Azure, among others. By taking advantage of the massive infrastructures these mega-cloud providers have to offer, companies gain the additional assurance that their virtualized environments will not only be able to scale to meet project demands, but that their systems will be supervised by a dedicated security staff, around the clock.

Don’t let your guard down

Naturally, in today’s ever-changing landscape of online threats, no single technology can promise absolute data security. New software bugs will continue to be discovered, and unforeseen events ranging from natural disasters to failures caused by human error will always pose a threat. What’s more, setting up a virtualized environment isn’t necessarily easy. There are unique challenges involved, and most customers will likely want to consult with a vendor with experience in this area.

Nonetheless, in today’s data security climate, the need to mitigate the risk of intellectual property theft more than outweighs the relatively minor pain to implement this technology. Little wonder that virtualized workspaces are already in use by M&E companies ranging from vFX giants like Industrial Light and Magic to small post-production shops. The fact that workspace virtualization addresses multiple challenges faced by M&E companies simultaneously makes it a very promising option for this industry –one that’s already being used to improve editing workflows and lock down security on an ever-growing roster of Hollywood films, feature animations, TV shows, and more.

Jill Milton has been with Teradici for five years, helping to develop new offers in M&E for on premise datacenters and public and private clouds, working with key customers in feature animation, VFX and post production. Prior to Teradici, Jill worked at C-Cube Microsystems, where she was responsible for supporting large media customers and their suppliers in the conversion to digital video.

Click here to translate this article
Click here to download the complete .PDF version of this article
Click here to download the entire Spring 2016 M&E Journal