CDSA

By CDSA April 13, 2022

CPS Europe: ArchTIS Touts the Benefits of Zero Trust

Intellectual property (IP) protection is vital to a media and entertainment organization’s bottom line. After all, a leaked film or TV show script, clip or game design can be disastrous to the success of any project.

Although today’s collaboration tools have made it easier than ever before to exchange ideas and information, the problem is it’s also all too easy for deliberate and accidental data leakage to occur, according to security software company archTIS.

“According to multiple sources, IP theft in the industry costs in excess of $1 trillion per year,” Dave Matthews, technical solutions manager at archTIS, said March 22 during the session “Using Zero Trust to Protect Intellectual Property in M&E” at the eighth annual Content Protection Summit Europe.

The event was held in conjunction with the sixth annual Content Workflow Management Forum at the Cavendish Conference Centre in London and as virtual events via the MESAverse, allowing for remote attendance worldwide.

Applying a Zero Trust methodology to data access and sharing can help safeguard your most vital assets and ensure they don’t accidentally or deliberately walk out your organization’s door, according to archTIS.

In addition to the money lost from IP theft, it often results in “loss in trust, reputation damage” and job losses that “further impact our ability to deliver, to be able to receive and work on new opportunities and contracts themselves,” Matthews said.

One well-publicized example of IP theft from recent years was the 2014 breach at Sony Pictures in which the hackers were able to access contracts, emails, scripts and social media accounts, he noted.

“So, in addition to reputational losses, it cost them over $170 million and the CEO resigned” after it happened, he said.

We are also aware of some of the hackers and data leakers themselves, including Edward Snowden and ex-Facebook employee Frances Haugen, who may have thought they were acting in the best interest of the U.S., Matthews  said. But Haugen’s actions cost Facebook a great deal of money, Matthews noted. “A lot of work was done to repair the damage,” he added.

Last year, archTIS and Cybersecurity Insiders conducted a survey to understand COVID-19’s impact on the way companies were working, he pointed out.

“There’s no surprises. Of course we found that over three quarters of the workforce went from being an office-based workforce to a remote-based workforce. During the pandemic, the “benefits of remote working clearly outweigh the risk for many organizations,” he said.

“Despite the shift to remote working, 79 percent of those who were surveyed said they were concerned or very concerned about the risks of working from home, and 90 percent of those are still likely or very likely to maintain a remote workforce post-pandemic as well,” he noted.

Asked what work applications used by remote employees were of the most concern in terms of security, respondents cited file sharing as the top concern keeping them up at night, with 68% pointing to it. Following file sharing were web applications (47%), video conferencing (45%), messaging (35%), social media (27%) and websites (26%).

Fifty-seven percent of respondents, meanwhile, pointed to user awareness and trainings as their organization’s largest security challenge regarding increasing the remote workforce. It was followed by home/public Wi-Fi network security (52%), sensitive data leaving the perimeter (46%), increased security risks (45%), use of personal devices (38%), lack of visibility (34%), additional cost of security solutions (31%), availability/user experience (28%), accountability/audit gaps (27%), unsanctioned use of cloud apps (19%), use of weak or compromised credentials (15%), adding capacity (13%) and solution scalability (7%).

Technologies that respondents pointed to as the best to protect their organizations from new threat vectors were: human-centric visibility (34%), next-generation anti-virus (AV) and endpoint detection and response (EDR), improved network analysis and next-gen firewalls (22%), Zero Trust Network Access (ZTNA) (19%), next-gen security information and event management (SIEM) (10%) and Cloud Access Security Broker (CASB) (6%).

Meanwhile, human error remains a huge source of risk also, sometimes intentional and sometimes not, Matthews said.

Moving on to discuss data-centric Zero Trust in which you trust no one and verify everything, he said there are six “foundational pillars”:

  1. Identities (users, services or devices)
  2. Devices, which create a large attack surface as data flows
  3. Applications, which are the way that data is consumed
  4. Networks, which should be segmented
  5. Infrastructure, whether on-premises or cloud-based, represents a threat vector.
  6. Data, which should be classified, labeled and encrypted based on its attributes

The “traditional approach to implement Zero Trust has been through Role Based Access Control (RBAC), “where we restrict the network access based on a person’s role within the organization, so users are only allowed to access the information necessary to perform their duties,” Matthews explained.

A newer security methodology is Attribute Based Access Control (ABAC), in which security is built around the combination of user, environmental and resource attributes, he said.

There are, meanwhile, several advantages to applying Zero Trust Access with NC Protect, he said, including:

  1. It’s simple. (You can manage information protection without the complexity of native tools.)
  2. It’s fast. (You can automatically apply information protection to content, teams and sites.)
  3. It’s scalable. (It’s extensible across Microsoft Office 365 apps, SharePoint on-premises, Microsoft Windows file shares, Dropbox and Nutanix files.)

To view the presentation, click here.

To download the presentation deck, click here.

The eighth annual Content Protection Summit Europe was produced by MESA in association with CDSA, and presented by Convergent Risks, with sponsorship by archTIS, NAGRA, Signiant, and BuyDRM.

The sixth annual Content Workflow Management Forum was produced by MESA in association with CDSA, the Hollywood IT Society (HITS), the Smart Content Council, the Content Localisation Council, and presented by Convergent Risks, with sponsorship by archTIS, NAGRA, Signiant, Whip Media, AppTek, BuyDRM, LinQ Media Group, OOONA, ZOO Digital, EIDR and Titles-On.