LAS VEGAS \u2014 Ted Harrington, executive partner for Independent Security Evaluators, used his time at the Content Delivery and Security Association (CDSA) Cybersecurity and Content Protection Pavilion April 24, during the NAB Show, to talk \u201cthreatscaping,\u201d a term that got a few chuckles from those in attendance.<\/p>\n
But it\u2019s no laughing matter: many media and entertainment companies are applying a uniform security model to their business today, without making any distinctions between different content creation functions. In short, they\u2019re not threatscaping their various workflows.<\/p>\n
\u201cIt centers around the idea that uniform security models are not effective when you consider the unique characteristics of different workflows,\u201d Harrington said of the term. He said media and entertainment companies should examine their workflows, not as to how they will result in\u00a0the best business outcome, but rather looking at it from the perspective of an attacker: how can it be exploited, what weaknesses exist?<\/p>\n
The different lifecycles of a piece of content \u2014 from previz to home entertainment distribution \u2014 present different challenges when it comes to workflow threats, and you can\u2019t approach the threats associated with the distribution of dailies the same way you would the threats associated with theatrical distribution, said Eli Mezei, senior consultant with Independent Security Evaluators.<\/p>\n
Part of what content companies must be cognizant of is the vendors they\u2019re working\u00a0with, the quality control steps associated with the various workflows, and the various needs associated with pay TV vs. theatrical vs. physical disc distribution.<\/p>\n
\u201cEvery single one of those boxes has their own independent workflows, independent approval process, independent QC process,\u201d Mezei said. Replicators need different workflow threat assessments than a theatrical distributor, he stressed.<\/p>\n
Both Harrington and Mezei suggested that part of what can be improved on in better securing content workflows is better communication between content owners and vendors.<\/p>\n
Meanwhile, also at the Cybersecurity and Content Protection Pavilion, Crispen Maung, VP of compliance for Box, shared his thoughts on how advances in cloud computing have helped increase efficiency and elasticity \u2014 creating new business models \u2014 while also forcing security professionals to confront new cybersecurity risks that didn\u2019t exist before.<\/p>\n
\u201cWhen cloud computing first came about, there was no forethought about security at that time, it was all about the features involved,\u201d he said.<\/p>\n
That obviously has changed today, and data protection has become more complex, with Box appro![\"IMG_1647\"](\"http:\/\/www.mesalliance.org\/wp-content\/uploads\/2017\/05\/IMG_1647-300x200.jpg\")
aching data protection in two main ways: data security, fundamentally protecting the data involved, and making sure organizations have the right protections in place to deter threats; and data privacy, addressing that when content and its associated metadata is uploaded into a cloud environment, it\u2019s treated with the upmost care.<\/p>\n
\u201cHow is an organization using the metadata associated with the content uploaded into the cloud? Cloud providers must have the right protections in place to ensure data privacy and data security,\u201d Maung said. \u201cThe right controls must be in place to make sure nothing inappropriate is done with that data.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"
LAS VEGAS \u2014 Ted Harrington, executive partner for Independent Security Evaluators, used his time at the Content Delivery and Security Association (CDSA) Cybersecurity and Content Protection Pavilion April 24, during … Continue reading NAB 2017: ISE Talks Threatscaping; Box Looks at Cloud Security<\/span>