CDSA

Complexity has always been a component of production but it was long reserved for logistics and talent.

However, as the amount of advanced technology used in pre-, on/near-set or post-production grows significantly, it has become crucial for studios and production houses to ensure these systems remain secure, industry experts from BBC Studios and Convergent Risks said April 17, during the panel session “Addressing Security Challenges in Production” at the 2023 edition of CDSA’s Content Protection Summit at NAB (CPS@NAB).

The session looked at both the measures taken and the platforms impacted by this evolution, as the volume of feature/episodic production continues to be at an all-time high.

Attendees were able to learn as panelists walked through practical use cases that were created during the COVID-19 pandemic and will likely continue to be part of all productions in the future.

Starting off the session, moderator Guy Finley, executive director of CDSA, said of BBC: “You guys have morphed and changed into this global content powerhouse, right? The live stuff, the music stuff. We don’t think about that” as being typical BBC fare. “So what’s going on at BBC now?”

Responding, Alex Pickering, content security director at BBC Studios, said: “Last year, I think we did 2,400 hours of content, revenues [of] $2 billion. And BBC Studios has kind of evolved over the last few years. Production used to be kind of seated within the public service, but now it’s within studios. So we’re investing, we’re making, we’re selling and we’re distributing as well. And that’s kind of where it’s all changed for us because historically kind of production was part of public service, but now we’re able to make shows for anyone that wants us to make [them]. And so, with that comes significant risk in terms of kind of it’s not just our content; it’s the IP of others.”

Therefore, Pickering added: “We need to be really on the ball in terms of how we’re securing that content. There’s a lot going on. And, given the production coming into BBC studios, that’s really where our focus is in terms of both technology and security.”

As a production manager and the product manager within productions, the complexities must be exponential,” Finley went on to point out to Rich Lloyd, senior production product manager at BBC Studios. “So , I mean, ultimately how does that convert into your risk posture? How does that convert into your risk management capabilities from a technology perspective?”

“No one production is the same,” noted Lloyd. [BBC has] got 70 different genres. You saw the breadth and the range of the content, the output. Everyone’s got a different approach. It’s different kinds of content. It’s always changing…. The approach to change always has to be measured based on the value and the size and the importance of the content that we’re making. you can be responsible and you can take a measured approach to something that perhaps it’s okay to increase some risk depending on what the content is.”

And then “you are going to make sure that you look after every element of that because, not only is it incredibly important but you know, it’s probably a target,” Lloyd added.

“How does that convert into the content security posture and how you’re looking at that as a content security team and staying on top and abreast of all the changes?” Finley asked.

Noting that “we’ve got Eurovision in a couple of weeks,” Pickering said: “That’s a big show. It’s big. I know. Like it or hate it. It’s something that millions of people watch, but in terms of kind of how we’re securing kind of productions and as Rich says kind of nothing is the same. I tend to view kind of info sec and a slightly different content security only in the kind of info sec is more all around kind of, policies, procedures, standards. The way that we approach content security is really kind of as facilitators. So productions need to be agile.”

He added: “It’s really about us being kind of very responsive and being able to kind of work with them in terms of what they need to do, how they need to do it, and when they need to do it.”

“Let’s have a quick conversation about some of the risks,” Finley went on to say, asking the panelists: “Where do you see those risks increasing and decreasing?”

“Now it’s more of a community-based activity,” said Chris Johnson, CEO of Convergent Risks. “Security previously was more location specific, set specific. [But] the pandemic changed the paradigm [and] accelerated the use of SaaS-based services to create the content in the first place. And, from a risk perspective, the security of the SAAS-based products, studios tend to drive that.”

Johnson added: “One of the problems that happened with the pandemic was that the SAAS-based services were rolled out very quickly. They were already evolving, but it put it all on steroids and obviously security’s not always the priority. Creating the content and getting it through in time is more of a priority to the productions.”

Therefore, “what we’ve almost got to do is roll back now and reconsider that security. So one of the big areas, I think, where risk still sits is the configuration of those SAAS applications,” Johnson added.

The 2023 Content Protection Summit was presented by Fortinet and sponsored by Convergent, Signiant, Verimatrix, Eluvio, NAGRA, PDG Consulting and EIDR. The event was produced by MESA, in association with NAB and the Content Delivery and Security Association (CDSA).