Trusted Partner Network Eyes Its Next Phase: App & Cloud Security

The Trusted Partner Network (TPN) has targeted 2019 for the next phase of its content security program: The TPN App & Cloud initiative, according to Keith Ritlop, chair of the App & Cloud Subcommittee, Technology & Development Advisory Committee for the new joint venture of the Motion Picture Association of America (MPAA) and Content Delivery & Security Association (CDSA).

“The main areas and initiatives that the App & Cloud Security part of TPN is going to focus on” are Control Frameworks, assessments, the TPN Assessment Database and the Qualified Assessor Program, he said Dec. 5 during the “TPN App & Cloud Initiative” workshop session that was held in conjunction with the annual Content Protection Summit, presented by CDSA.

“Specifically for App & Cloud, we’ve created two different control frameworks: One for application and one for cloud,” and TPN “divided this into 15 separate policy categories,” he said.

TPN wants to “leverage these third-party apps and services with confidence, standardize the cloud assessments, make sure our content is handled consistently and securely, [and] protect our systems from risks,” he told attendees, adding: “The whole program is designed to facilitate risk-based technology decisions.”

TPN will start working with technology vendors and their customers to identify and prevent application, device, storage and workflow vulnerabilities, he said. This critical work within application and cloud environments looks to the future of security and protection in content creation and information management through the centralized TPN Platform, according to TPN.

Assessment objectives for TPN App & Cloud Security are to be able to leverage third-party apps and services with confidence, achieve standardized app and cloud assessments, achieve consistent and secure content handling, protect systems from cybersecurity risks, and facilitate risk-based technology decisions, according to TPN.

The four assessment phases for TPN App & Cloud Security are discovery, threat modeling, a design review and walkthrough, and hands on review, according to Ritlop.

“The goal for all of this really is we want to consolidate all of the assessment programs [because] having to go through multiple assessments is time-consuming, painful and we all have the same goal,” he explained. “If we can just agree on a set of standards and consolidate it, we can really improve the security of all of our environments and also ensure ongoing compliance,” he said.

TPN is an industry-wide initiative supported by MPAA and CDSA and their 28 member companies that provides a voluntary process by which vendors can assess the security preparedness of their facilities, staffs and workflows against industry best practices. TPN also aims to reduce the number of often-duplicative content owner audits film and TV vendors undergo every year.

The 2018 CDSA Content Protection Summit was presented by SafeStream, and sponsored by Edgescan, Microsoft Azure, LiveTiles, Aspera, Amazon Web Services, Convergent Risks, Dolby, Illumio, NAGRA, EIDR, TPN, Videocites, Human-i-t, Telesoft and Bob Gold and Associates and is produced by MESA in association with CDSA, the Hollywood IT Society (HITS), Smart Content Council and Women in Technology Hollywood (WiTH).

To download the slide deck and audio of Ritlop’s presentation click here and here.