TPN Next Phase: App & Cloud Security

Announced recently at CDSA’s Content Protection Summit, the Trusted Partner Network (TPN) has targeted 2019 for the next phase of its content security program.

The TPN App & Cloud initiative, according to Keith Ritlop, chair of the App & Cloud Subcommittee, Technology & Development Advisory Committee for the new joint venture of the Motion Picture Association of America (MPAA) and Content Delivery & Security Association (CDSA) will look at control frameworks, assessment workflows and focus on improving the TPN assessment database and Qualified Assessor Program.

Further updates will be announced at NAB during CDSA’s Cybersecurity and CPS being held on Sunday, April 7th at the NAB Show in Las Vegas.

“Specifically for App & Cloud, we’ve created two different control frameworks: One for application and one for cloud,” and TPN “divided this into 15 separate policy categories,” he said. TPN wants to “leverage these third-party apps and services with confidence, standardize the cloud assessments, make sure our content is handled consistently and securely, [and] protect our systems from risks,” he told attendees, adding: “The whole program is designed to facilitate risk-based technology decisions.”

The April meeting at NAB will provide details on how the TPN platform will be allow technology vendors and their customers to identify and prevent application, device, storage and workflow vulnerabilities. This critical work within sopftware applications and cloud environments looks to the future of content/information security and protection in content creation and information management through the centralized TPN Platform, according to TPN.

Ritlop explained that the four assessment phases for TPN App & Cloud Security are discovery, threat modeling, a design review and walkthrough, and hands on review. And, assessment objectives are to be able to leverage third-party apps and services with confidence, achieve standardized app and cloud assessments, achieve consistent and secure content handling, protect systems from cybersecurity risks, and facilitate risk-based technology decisions.

“The goal for all of this really is we want to consolidate all of the assessment programs [because] having to go through multiple assessments is time-consuming, painful and we all have the same goal,” he explained. “If we can just agree on a set of standards and consolidate it, we can really improve the security of all of our environments and also ensure ongoing compliance,” he said.

TPN is an industry-wide initiative supported by MPAA and CDSA and their 28 member companies that provides a voluntary process by which vendors can assess the security preparedness of their facilities, staffs and workflows against industry best practices. TPN also aims to reduce the number of often-duplicative content owner audits film and TV vendors undergo every year.

Registration and additional details for the CDSA Cybersecurity and Content Protection Summit (CPS) at NAB will be announced in mid-January. For additional information about the Trusted Partner Network visit