The Content Delivery & Security Association (CDSA)\u00a0has \u201cmade good progress\u201d so far with its App & Cloud Framework, according to Ben Schofield, CDSA project manager and product manager of the Trusted Partner Network (TPN).<\/p>\n
With the launch of the site security assessment program through TPN, CDSA\u2019s board of directors immediately started work on the next phase of security assessments that included software applications and cloud environments. <\/p>\n
At last year\u2019s NAB Show in Las Vegas, TPN announced a goal to release a common control framework that is scalable to the size, appropriate to the community and constituency of the TPN but also mapped directly to the control framework and standards already being utilised within the media and entertainment industry.<\/p>\n
In the July 2 security breakout session \u201cCDSA\u2019s App & Cloud Control Framework\u201d at the Global Media & Entertainment Day\u00a0event\u00a0presented live, virtually, from London, Schofield explained the business situations and challenges that drove unprecedented collaboration across service providers and content owners, explained the importance of security audits, and provided an update on the framework.<\/p>\n
\u201cI think it\u2019s been obvious over the last few years that there\u2019s been quite a change in the media supply chain,\u201d he told viewers. \u201cAs audiences and revenues are moving online, there\u2019s been also a big change in the technology around production and distribution,\u201d he noted.<\/p>\n
In addition to audiences and revenues moving online, other new challenges for the sector include consolidation of digital production and distribution, and a rapid shift to cloud-based workflows. New skills and security culture are required, according to Schofield.<\/p>\n
There are anywhere from 5,000 to 10,000 vendors in the current supply chain, he noted.<\/p>\n
Pointing to the importance of security assessments, he predicted there will always be some sort of physical infrastructure \u2014 even if it is home broadband like we mainly have right now during the COVID-19 pandemic.<\/p>\n
\u201cThe shift to cloud has really been driven by the economics,\u201d he said, noting that one advantage of it is the idea that an organisation no longer has to invest in a physical facility. And advantages of shifting to the cloud include the fact that \u201cyou can spin stuff up and down very quickly.\u201d<\/p>\n
In addition, by shifting to the cloud, \u201cyou\u2019re no longer making capital investments \u2014 these are now operating expenses,\u201d he said.<\/p>\n
However, \u201cone of the inhibitors to moving media to the cloud has been this perception that it\u2019s slow to move big, heavy objects \u2026 to the cloud and expensive with the egress costs to move stuff out of the cloud,\u201d he pointed out.<\/p>\n
But there is a \u201cnew philosophy now, which is that once you\u2019ve contributed that content into the cloud, you can move the tools and skills to the work,\u201d he said, noting that, \u201cin the last four months, we\u2019ve seen people moving their production, their distribution functions, their editing functions into the cloud.\u201d<\/p>\n
Significantly, what also changes with moving to the cloud is the frequency of audits, he told viewers.<\/p>\n
\u201cIf you\u2019re building an edit suite and you\u2019re putting a lock on the door and alarms and badge access, you know that an annual audit and then maybe a network check every quarter is going to be sufficient because there\u2019s not much change going on,\u201d he said.<\/p>\n
However, \u201cif you\u2019re in the cloud domain and you\u2019re spinning up and down productions, you\u2019re making changes all the time \u2014 there\u2019s that agile approach \u2014 [so] you need to have that much higher frequency of audit to check that things aren\u2019t being breached,\u201d he stressed.<\/p>\n
Pointing to three major studios, he said Disney may have 3,000 vendors in its supply chain, while Comcast\u2019s NBCUniversal may have 1,500 and BBC Studios 500-600. And \u201cyou\u2019d be lucky to find security experts in many of those vendors,\u201d he said.<\/p>\n
An organisation can\u2019t just do its annual audit and move on anymore, he said, adding: \u201cYou\u2019ve got to make sure that there\u2019s a culture that\u2019s been established that really looks at security all the time.\u201d<\/p>\n
Explaining the need for a new approach, he said: \u201cI think the most important point here is making sure the security documentation is delivered into those vendors, into the supply chain, in a usable format that any size business can use.\u201d<\/p>\n
As part of this approach, \u201cwe\u2019re going to take the controls that were originally ready and map them back to those industry standards,\u201d he said. With that, he said, we will be able to \u201cprovide, depending on the use case, each of the vendors with a series of controls that they need to really develop a procedure for.\u201d<\/p>\n
Because of the pandemic, there was a great need to develop an audit process to look at media organisations\u2019 data \u201cremotely and give ongoing advice and guidance to the community\u201d without physically traveling to facilities, he went on to say.<\/p>\n
Building a control set enables individual organisations to build the procedures that they need too against the controls that apply to their service.<\/p>\n
The detailed control set that is being published for organisations to use was narrowed down to the top 50 \u201cto try and make this a bit more easy to digest,\u201d Schofield said, noting it includes a spreadsheet with the detailed controls and the links.<\/p>\n
Now, \u201cwe need to publish and promote this top 50,\u201d he said, noting it was to become available after the July 4 holiday weekend so that the wider business community could become engaged.<\/p>\n
The plan is to continue the detailed mapping of the current controls, which are now at about 800 controls, he said, adding: \u201cWe need to try and get that down to around 500.\u201d<\/p>\n
\u201cI think we\u2019ve made great strides in how we\u2019re going to apply the \u2026 controls,\u201d he said, but conceded there are \u201cstill some challenges.\u201d<\/p>\n
A lot of interest is being seen from the CDSA community, he said, but added: \u201cI really think the most important thing here is to get the wider business community engaged with security, and not just think it\u2019s a once-a year occasion that you can push off into a very narrow specialty within your technical department.\u201d<\/p>\n
To view the presentation, click here<\/a>. To view the presentation slide deck, click here<\/a>.<\/p>\n The fourth annual M&E Day\u00a0event, presented by the Media & Entertainment Services Alliance (MESA), featured mainstage panels and more than 15 breakout sessions, covering the latest it data, cloud, IT and security across the media and entertainment technology ecosystem.<\/p>\n The event was presented by Caringo, with sponsorship by Convergent Risks, Cyberhaven, Richey May Technology Solutions, RSG Media, Signiant, Whip Media Group, Zendesk, Seagate Powered by Tape Ark, Sony New Media Solutions, 5th Kind, ATMECS, Eluvio, Tamr, the Audio Business Continuity Alliance (ABCA), the Entertainment Identifier Registry (EIDR) and The Trusted Partner Network (TPN).<\/p>\n","protected":false},"excerpt":{"rendered":" The Content Delivery & Security Association (CDSA)\u00a0has \u201cmade good progress\u201d so far with its App & Cloud Framework, according to Ben Schofield, CDSA project manager and product manager of the … Continue reading M&E Day: \u2018Good Progress\u2019 Made With App & Cloud Framework, CDSA Says<\/span>