Stanbury: Third-Party Audits More Crucial Than Ever

It’s a truth about the state of content security today: while the level of effort to cause damage coming from hackers and content pirates is surprisingly low, the level of effort needed for content protection has to be much higher.

And accomplishing proper security among content companies requires numerous efforts, from education, to third-party audits, to information sharing among others in the industry.

That’s according to Ben Stanbury, chairman of the Content Delivery & Security Association (CDSA), speaking July 25 at the Content Protection Summit: East event in New York. 

With studios dealing with hundreds, even thousands of outside vendors, you have to have a system in place for auditing them all appropriately, he said. And being ever-adapting and fast paced with your security content programs is critically important, and especially today.

From the top-down, everyone in an organization needs to be informed of the real-world security threats that exist, he said. “People handling content need to know these security services exist,” he said. Mistakes happen, of course, but evaluating the anatomy of a leak or hack is crucial, and learning from those mistakes can help prevent similar issues in the future, he added.

And third-party audits are proving more crucial than ever before. When the “Orange is the New Black” hack took place earlier this year, the post-production studio that it happened to had not undergone a security audit. A third-party audit may have prevented the hack, Stanbury said.

Next, working with both the CDSA and MPAA, Stanbury sees a more collaborative approach for vendor audits, and not too far in the future: “[This] is how we would like to steer the audit services for the industry, a single, central repository that gives content owners a degree of confidence that [each] partner is complying with a pre-determined framework of security requirements,” he said.

That industry-collaborative approach would help content companies be assured that post production houses especially have the right network segregation, the right firewall configuration, the right management controls, and other crucial security measures in place.

But internally, for every studio, Stanbury stresses that a cultural change needs to be put in place: “How do you get people to think about security intuitively?” he said.

More than 300 people in the media and entertainment sector attended the inaugural Microsoft Media & Entertainment Day, which included Content Protection Summit: East, and was held at the Microsoft Technology Center (MTC). Produced by MESA, the event featured four half-day event programs, covering content protection, video in the cloud, artificial intelligence and machine learning, and metadata’s place in the content lifecycle.