CPS 2019: CDSA Leadership Praises Hollywood Community for New Security Mindset


UNIVERSAL CITY, Calif. — Speaking Dec. 4 at the 10th annual Content Protection Summit (CPS), Alex Pickering, the newly elected board chairman of the Content Delivery & Security Association (CDSA), looked at the assembled crowd of leaders from Hollywood studios, TV networks and the content production community, and offered high praise for everyone in attendance.

Just in the last couple of years, on the cybersecurity and content protection front, the media and entertainment community has banded together like never before, making the industry stronger, and the assets of content companies far more secure.

“It really is about community, collaboration, and knowing that, in this room, there is a fantastic group of people who can help [each other] to improve what we do and how we do it,” said Pickering, content security director for BBC Studios, speaking during a panel with his fellow CDSA leaders.

The CDSA and Motion Picture Association (MPA) coming together to form the Trusted Partner Network (TPN), the launch of the media and entertainment security information-sharing network ME-ISAC, the 2019 debut of October’s Content Protection Month, all show an industry that now considers security and content protection everyone’s issue, not just the problem of an individual studio or network that suffers a hack or theft.

The CPS panel — “Setting the Stage: CPS 2019 and CDSA 2020” — offered perspective on the strategic importance CDSA and CPS play within the industry, by looking at a year-in-the-life of Hollywood’s global business, and what’s down the road. The common refrain that emerged from panelists was that CDSA’s role is less about enforcement, and more about community. And the working groups and committees CDSA hosts will only continue to facilitate that industry mentality, they agreed.

CDSA president Guy Finley noted that in the past, when a major breach happened in Hollywood, the tendency was to try to bury it, and just do damage control. No longer, as a cultural shift, reliant on community-built trust and shared best practices, has emerged.

“If something happens, we share it,” said Shira Harrison, CDSA executive committee member and VP of IT for Amblin Entertainment. “If someone is targeting me, they’re probably targeting someone else. Sharing is caring, in [Hollywood’s] case. If I see something, I’ll say something. It’s a very close community, and I trust my peers.”

That kind of mindset can prevent a disaster for a fellow content owner, and makes everyone more apt to keep sharing with their fellow studios and production houses, including about which vendors they trust, and which they think might need a deeper assessment.

“The shaming of [people] for incidents? What am I protecting? You’re not helping anyone [by not sharing], you’re making yourself weaker. It’s changed a lot,” Harrison added.

Ben Stanbury, CDSA’s outgoing chairman of the board, and now VP and chairman-emeritus, said the CDSA and MPA coming together to form the TPN, to deliver a defined set of security assessments for the vendor community, has been a major achievement for the industry in the past year-plus, delivering one set of consolidated security requirements, instead of having each studio stand alone in how it vets its partners.

But beyond that, Stanbury, CSO for Amazon Studios, sees a cultural shift in the industry, where content protection has taken center stage.

“That’s one of the great things over the last couple of years, is that content security has become a defined competency,” he said. “You have to have people with ‘content security’ in their job titles. That’s been a major achievement within media and entertainment, recognizing, and defining, and funding, and resourcing this type of work.”

Pickering said industrywide collaboration has resulted in stronger tools, better education, and greater incident response, putting everyone in the business on a firmer security foothold.

“A frequent question we hear is ‘Are people the weakest point in the chain?’ I don’t believe they are,” he said. “They are the strongest point in fact and if your policies, procedures and guidelines are clear and robust but recognize the need to operate differently from time to time. Then you have a strong platform for protecting your content from beginning to end. You need to work with your teams, understand what their objectives are and help them navigate a path of least risk.”

Stanbury added: “You need to have resources, the muscle memory that allows you to respond efficiently in the moment when there’s a leak. Most of the work is about building a culture of acceptance of security, training and awareness programs, defining privileged access, defining workflows for content storage. For a lot of content security practitioners, that’s the day-to-day work.”

As CDSA moves into 2020, that sense of collaboration, community and aiming to make everyone better is only going to continue, panelists agreed.