CDSA

NAB 2017: Security, QC Experts Tout Importance of Risk Management Strategies for Content Companies

LAS VEGAS — It’s in the best interest of content creators to develop risk management strategies that make sense for their individual businesses and that are line with their objectives, according to security and quality control (QC) experts who spoke at the Content Delivery and Security Association (CDSA) Cybersecurity and Content Protection Pavilion April 25, during the NAB Show.

Security initiatives tend to yield strong returns on investment (ROI), moderator Guy Finley, CDSA executive director, said in kicking off a session called “The FYI on ROI for Security: Developing a Risk Management Strategy.”

ROI is important “not just for the content owners,” but also security vendors like Fortium Technologies that are providing content creators with security solutions, Fortium CEO Mathew Gilliat-Smith said, adding: “At the end of the day, it is an investment for everybody.”

Fortium specializes in content protection solutions, especially in the pre-release area, during post-production – in the case of movies, before they’re sent off to theaters, he noted. The company has been dealing with Hollywood studios for the past 10 years of its 16 years in business, he pointed out, adding that, this year, it handled 70 DVD Academy Award screener titles – more than it’s ever done. Therefore, it “seems like DVDs aren’t going away any time soon,” he told attendees.

PwC recently did an audit and found that 16% of the most expensive content leaks were accidentally made, such as by sending the wrong person an email, he said, calling that a dire situation.

Education is of the utmost importance when it comes to solving what has become a major problem for content companies, he said, adding: “Security is something that is [growing exponentially] because we can see all the cybersecurity threats all the time, every day.”

But dealing with security issues is “not as straightforward as you might think,” he said, noting it’s not always clear what steps a content company should take. For example, a company may want to decide if it makes sense to use two-factor authentication to access content within the organization, he said.

Fortium has been working to try to simplify the encryption process for content companies, he went on to say, pointing out that the company, at NAB, spotlighted a new encryption on-the-fly solution called LiveFolders. The solution lets users self-protect their workflows, allowing them to make any folder a LiveFolder in which any content that is copied into it or created in it will be protected with a preset protection policy. All users have to do is right click on a folder and it automatically becomes encrypted, Gilliat-Smith said, telling attendees that it “makes life a lot easier” for editors and other creative workers.

But, for a security system to be successfully set up for a company, it “has to come from the top” – executives who, for example, agree to the costs involved for such initiatives, he said.

He explained that Fortium will go to a company’s premises to set up security solutions for them, but “what works for Disney doesn’t work for Universal”— each content company needs a customized solution that makes sense for that organization.

One challenge has been that it’s been difficult to find out what studios’ insurance does and doesn’t cover when it comes to cybersecurity procedures, he said, adding “you should get a better premium” if you’re putting in place strong security measures.

Security is a significant issue for third-party QC specialist 3rd i QC also, CTO Ramon Breton said during the same session. Content owners typically hire his company to do additional quality control on content, he noted, comparing its role to that of an independent proofreader.

Security on DVDs and Blu-ray movies is somewhat easier than it is for digital content that is not released on optical discs, he said, explaining that the content on those discs, after all, has typically already been seen by many people because it previously was released theatrically. On the other hand, working with content distributed via over-the-top (OTT) services, for example, is more challenging to deal with because it often hasn’t been seen by anybody yet outside of the people who created the content, he said.

Security is not just needed to fight hacking, but also to protect the content to limit the amount of spoilers that reach the public, he said, noting his company’s clients are told not to share anything on social media that they want to remain secret.

One challenge for his company is educating clients about how important security is, but they typically understand the urgency of that better now because they hear about data breaches in the news all the time, he said.