Bryan Ellenburg, director of content security for CBS, CBS Films and Showtime, has seen a lot of security initiatives over the years, helping to hold down the content security fort for Marvel Entertainment, Lionsgate, Paramount, and with the Content Security & Delivery Association (CDSA).
But the Trusted Partner Network (TPN) — the industrywide content protection initiative, jointly created by the Motion Picture Association (MPA) and CDSA, establishing a benchmark of minimum security preparedness for all vendors, by providing assessments of production, post and distribution operations — is proving to be one of the most valuable security resources available, Ellenburg said.
“This is a completely invaluable resource for us, we use it daily, because productions move so fast,” he said, speaking during a TPN presentation at the recent “vETC The Grand Convergence 2019: Innovation and Integration” virtual conference in Los Angeles. “When [productions] call, they don’t say ‘Hey, we’re thinking about using a vendor in a few months.’ It’s ‘We’re thinking about using this vendor now, do you have any information on them?’”
That’s the idea behind TPN, offering the studios one go-to security assessment for vendors, to bring peace of mind that the companies handling their content are up to snuff.
“I can do into the TPN [platform], and within a couple of minutes, come up with a snapshot, see their history, see if they’re current, if they’re in the process [of being assessed], contact information,” Ellenburg said. “At that point it’s an email, or a five- or 10-minute phone conversation, with the vendor, saying ‘We’ve got a show, and we understand you’ve filled out your [TPN] questionnaire, are in the process of selecting the assessor.’ And we can have a real quick security opinion of a vendor.”
Essentially, TPN allows content owners “to kick the tires” when it comes to vendors, offering a consistent and reliable avenue to find out the security preparedness of those businesses serving content owners, he added. Studios, networks, production companies, all are on the same page today with TPN, where in the past each studio would be going it alone in figuring out their vendors’ security postures.
There are approximately 1,600 vendors who are involved in some stage of the security assessment process via TPN, and the more vendors that get on board, the more valuable TPN becomes to content companies, Ellenburg said. “We’ll get to a point of critical mass, where vendors are doing their annual reassessments,” he said.
Ellenburg also praised the launch of the Media & Entertainment Information Sharing Analysis Center (ME-ISAC), a TPN-backed security information sharing community the major film studios and major broadcasting companies look to for the latest threats against their business. “To have this information has really helped the community respond to threats, and create best practices and guidance,” he said.
Ellenburg, who once ran security audit teams for Paramount, relayed a story that spoke directly to TPN’s “one audit” mantra: “Back in the day, you’d go to a place, and they’re like ‘We just had Marvel in here, we just had Fox in here, we just had Disney in here.’ Then why are we here? What’s wrong with this? Why are we all independently spending travel costs … and we’re asking for the same things [in terms of security]?
“[Vendors] got audit fatigue, and wanted just one set of questionnaires that answers all this.”
Click here to view Ellenburg’s discussion about TPN with TPN CEO Guy Finley.