CDSA

Production security is not a new topic in the M&E industry, but it is certainly top of mind across the industry. File-based workflows, cloud services and a fully connected world have combined to open new ways of working … and new risks. So, how do companies remain efficient while maintaining strong security practices?

Content creators are under tremendous pressure to deliver more content to more places on tight deadlines, leading to a “whatever it takes” mentality. This can cause strain between different groups within an organisation.

“[Awareness has] definitely improved in the last few years. In a period running from 2016 to 2019 it was important for the industry to keep saying, ‘Security’s an issue, we must take it seriously.’ And it feels like we’ve now passed through that,” said Mark Harrison, Digital Production Partnership (DPP) managing director. “But in the production domain, it’s a much more complicated picture.”

Harrison said that sometimes security necessities clash with production realities. “Creative people are much more aware of the risks and the range of risks. But while awareness has improved, there’s still remarkably little trust in IT-led solutions,” Harrison elaborates. That’s not to say IT isn’t doing its part. “Security teams, particularly in large organisations, have come to understand their obligation is to understand how their creative counterparts are working, what it is they are trying to achieve,” he argues.

The DPP and other organisations have collaborated to create best practices and certifications to guide pro-duction specialists and media technology organisations toward strong security practices, but each company must agree on a plan that works for its business and balances the needs of all constituents.

Planning, risk and education

Across the industry’s best practices advice is a common theme — make a plan. Establishing a plan requires consideration across the organisation, and must begin with departments and teams asking questions about risk and delegation, and keeping each team on the same page.

Risk is often a good place to start: “What is the data I don’t want accessed by someone else, how likely is it to be accessed, what is the impact of losing it?”

The value of content is likely different for different organisations, so a major studio may have more security around access than the local advertising agency. However, both may suffer embarrassment and loss of customer confidence if their production chain is breached. Production security may not have been on upper management’s mind 10 years ago, but after several high-profile attacks such as those on Sony, HBO and KQED, the need for planning, resources and support are now seen as vital for a successful security plan and implementation at any size of company.

Many companies are looking to the cloud to help, but that is a whole new world for some.Harrison agrees that cloud security apprehension conflicts with cloud adoption.

“In a survey we did in 2018, we found that fewer than a third of the 57 production companies we interviewed trusted the cloud,” he said. “Having said that, we’re also seeing the very opposite. There are a number of companies who are working with the most premium content that actually see cloud-based and virtualised production as the only way to ensure that their content is safe. So, you’ve got this amazing polarisation of attitudes.”

Companies that appear to have the best success with the balance of efficiency and security agree on a plan that works across teams. That includes documenting processes and agreeing on a set of tools that offer the right flexibility and efficiency but also offer enterprise-grade security.

Signiant has a unique lens on this as our SaaS platform now connects more than 25,000 businesses across all parts of the global media supply chain. Signiant is a trusted broker of content both within and between companies, and in many cases it’s the only tool allowed to move high value-digital assets.

Since products like Media Shuttle are user-friendly, production teams aren’t looking for ways around it. They embrace it so that IT and security teams have comfort that all content exchange is done through secure tools that provide visibility into any activity.

Mutually-assured success

However well-intended, when it comes to the balance between security and efficiency, for the majority of M&E businesses it is difficult to avoid compromise in weighing the risks of their decisions.

While the priorities of various team members or departments may differ, everyone ultimately wants the same thing: successful workflows, an efficient team and a thriving enterprise.

This applies to every department of an organisation, and it doesn’t just mean turning everyone loose to do their own thing. Flexibility of vision and priorities is an evolving element, and balance is needed between this flexibility and the previously discussed firmness. Content production and security need to be designed to adapt to and support one another. Every member of a team has responsibilities to fulfil requirements, both to collaborators and to clients.

In order to achieve the best and most secure results, compromise is inevitable. So, is there really even a “battle” between security and efficiency? It can feel that way but with the right plan and tools, it doesn’t have to be.

* By Jon Finegold, Chief Marketing Officer, Signiant

———————-

Click here to translate this article
Click here to download the complete .PDF version of this article
Click here to download the entire Spring/Summer 2020 M&E Journal