CDSA

There is no silver bullet for a media and entertainment (M&E) company to defend itself against a cyberattack.

Several theories and frameworks were developed to help organizations understand their maturity and risk posture. However, successful cyberattacks continue to be on the rise.

With prevention being only one aspect of cyber resilience, newer architectures have emerged to minimize the blast radius of cyberattacks, according to Spencer Stephens, SVP of production technology and security at MovieLabs.

Common Security Architecture for Production (CSAP) is a “very different approach to security,” he said at the Dec. 6 Content Protection Summit (CPS), during the session “(Zero) Trust Issues – Fireside Chat.”

“It’s workflow-driven, which is very important to what we’re doing here and to me personally,” he told attendees, pointing out it is “zero-trust security, which I think is the security architecture of the future, and we’ve been working on it for quite a few years and it’s designed specifically for securing media production in the cloud.”

However, he pointed out: “You can also use it for media production that’s not in the cloud.”

What it provides is “workflow-centric security” that secures the workflow instead of the infrastructure and “burden-free security,” according to MovieLabs, which stresses the importance of security not getting in the way of the creative process.

CSAP is needed because “production is increasingly migrating to a cloud infrastructure shared by everyone working on a production: the studio, the production, vendors and individuals,” according to MovieLabs.

During the session, Stephens explained the anatomy of a cyberattack and how the concept of Zero Trust architecture can minimize the blast radius of cyberattacks.

In 2020, MovieLabs published a white paper on the company’s “2030 Vision” called “The Evolution of Media Creation,” he noted, explaining: “It was a vision on how the media creation – production of TV and movies – would change over the next 10 years. And we’ve been working very hard to bring that to be a reality.”

The MovieLabs “2030 vision talks about the changing workflows and that’s really important here because the security here is about the workflow,” he said.

Most workflows today continue to be on-premises but some of it is handled by organizations using a hybrid strategy, he noted, adding it’s “shifting towards a shared cloud infrastructure, where data doesn’t move or, if it does move, it’s only for convenience and the applications move to the data.”

But, “as the workflows become more automated, we think there’s a dynamically provisioned security that’s driven directly by the workflow” and that, he said, “is the way we want to go.”

Alvin Tugume, cybersecurity engineer at Richey May, moderated the session.

To download the presentation, click here.

To view the entire session, click here.

Presented by Fortinet and produced by MESA, CDSA’s Content Protection Summit is sponsored by Convergent Risks, Richey May Technology Solutions, GeoComply, Signiant, Verimatrix, Shift Media, EIDR and EZDRM.