By Chris Tribbey
Martin Rushworth, director of technology at Sohonet, looks at the cyber security challenges TV and film productions face today, and sees a challenge that’s unique to the industry: in the amount of time a regular company would just get started on its infrastructure and security, a production house created to make a movie is already being disbanded and on to the next project.
Recently writing about the cyber security challenges TV and film productions face today, Rushworth suggests there’s a reason they commonly seek the help of outside vendors to manage and store content, from pre-production to final delivery.
“At the outset of a production, little or no procedures are in place, typically there have been no decisions about which production, post production or VFX vendors are to be used, no workflows have been decided on, tools and infrastructure are to be specified and although studios are offering increased guidance, the production rarely has an in-house team looking after security,” Rushworth wrote. “These are just a few of the elements that need to come together.”
The Media & Entertainment Services Alliance (MESA) sat down with Rushworth to discuss the challenges production companies face when it comes to cyber security today.
MESA: What added challenges do productions face when it comes to cyber security, compared to other businesses?
Rushworth: The way cyber security is usually thought about and implemented, with a lot of guidelines, review, process and audits doesn’t fit very well with the dynamic nature of how a production operates. I think that is really where the challenge comes in.
MESA: What are some of the mistakes productions make at the outset when it comes to securing their end of the content supply chain, and what could they be doing better?
Rushworth: Making good application choices from the outset really helps to ensure security. For instance, if your file transfer application doesn’t end up scaling to production demands, workarounds need to be put in place, which is where we see security guidelines being compromised frequently.
Production networks are typically the hub for editorial and VFX, often handling the most complete copy of a projects pre-release content. Studios put a lot of focus on the security requirements for a production’s vendors, and the actual production often gets less attention.
A lot of production employees use self-supplied laptops. This became the norm when sensitive content was on film and tapes. Sensitive content is now in a form that can be copied to these unknown computers or potentially put on the same network. Although continuing this practice makes lives easy for those people who frequently move between projects, it does seem like a big risk.
MESA: What are the biggest advantages and concerns when it comes to productions using the cloud?
Rushworth: Not having to build or buy infrastructure is a huge benefit for those that need to consume technology over a shorter term and will have a major impact on the industry. This is why technology and security leaders in our sector are rushing to come to grips with how to take advantage of it securely.
A common concern is that data is less secure on shared infrastructure. However, good cloud platforms are first and foremost multi-tenant systems, designed to have secure separation between tenants. Using the right cloud infrastructure can lead to an improvement in security, when compared for example to a traditional media services company putting all their clients data on the same NAS, which are designed for a single enterprise tenant.
What I think is a more founded concern is the larger pool of people managing the public cloud systems, which is one of the key security benefits of Sohonet’s private cloud storage, managed by a known, trusted group.