Ben Stanbury, Chief Technology Officer, Trusted Partner Network (TPN) –
For the past four years, software designers have been working together with security specialists to create a new platform for collaboration among our industry’s content protection departments. It has long been agreed that the existing way that the studios/ networks and its associations have been auditing its third-party vendors was inefficient and, at times, even disruptive.
The April 2018 launch of the Trusted Partner Network (TPN) — a global entertainment content protection initiative — achieves a long-held, aspirational goal of creating a “one industry, one audit” approach to content protection. It is the result of an industry-supported, technology development program that has created a secure, self-administered, automated tool that provides unprecedented transparency and compliance in how security assessments are managed among those companies that are responsible for handling valuable content and associated informational assets.
Made possible by a collaboration between the Motion Picture Association of America (MPAA) and the Content Delivery & Security Association (CDSA), the TPN’s goal is to help companies prevent leaks, breaches, and hacks of movies and TV shows before they are released, by creating a single, central global directory of “trusted partner” vendors; expanding the number of approved content security assessors; assisting in identifying vulnerabilities in the vendor community; and increasing the number of third-party vendor facilities assessed annually worldwide.
The TPN will be a cost-saving way for vendors to assure their content customers about the security preparedness of facilities, staffs and workflows, using industry best practices and by accredited and experienced assessors. Additionally, TPN will reduce the number of duplicative content owner audits that vendors deal with every year.
Platform driven engagement
The TPN Platform is a closed, cloud-based ecosystem that automates most of the administrative functions inherent to the corporate content protection process. Anchored by the MPAA’s Content Security Best Practices, thousands of mapped derivative security controls have been loaded into the online database. When a vendor applies for an assessment and identifies the nature of its business, the system automatically selects the most relevant controls and the facility needs-only be assessed to those specific requirements.
Meanwhile, once a facility has been assessed, through the TPN, the Platform automatically publishes its name and assessment into a Vendor Roster database of “trusted partners” that provides producers with an easy and sortable way to find and select the vendors that suit their particular security need.
The TPN has also been designed for expansion. There are built-in functions for online security training, alerts and, ultimately, a threat data stream through CDSA’s Media & Entertainment ISAC. While phase one of the TPN will focus on site security, technology provisions have also been made for the rapid establishing of application and cloud security assessments as well. Data analysis tools will also be developed so the Platform can generate anonymized reports based on common, consistent threats and risk information collected through the industry’s collaborative assessment process.
Meanwhile, the TPN Qualified Assessor Program will assure that individual assessors undergo a strict review process before being approved to represent our program. Using TPN, vendors request an assessment by a TPN-certified assessor — via our TPN Vendor Portal — and will have the process managed using our secure online platform. TPN assessments renew every year and assessment costs are market-driven and are negotiated directly between TPN assessors and the vendor themselves.
The MPAA will handle governance and quality assurance for TPN, along with the qualification of potential assessors based on their information systems assessment proficiency, and deep knowledge of the entertainment supply chain and its associated technologies. Meanwhile, the CDSA will develop and maintain industry awareness programs, and leverage its content owner and vendor advisory groups to manage input for ongoing development and maintenance of an assessable control framework for TPN.
TPN Control Framework Relationships
MPAA’s Content Security Best Practices anchor thousands of mapped derivative security controls that enable a consistent assessment process.
The program’s vendor benefits are considerable. The TPN creates competitive, market-driven assessment pricing and reduces the number of assessments conducted each year at its facility. The Platform also offers controls specific to the needs and workflows of what they offer and the technology will speed up assessment report turn-arounds. Additionally, once assessed, they will use the TPN logo trademark which allows them to promote their security preparedness.
And for content owners, TPN offers a single, central (and global) directory of “trusted partner” vendors, elevates the security standards and responsiveness of the vendor community, expands the community of security assessors focused on content, and will better inform companies of the latest vulnerabilities.
Technology is the underpinning of the new TPN opportunity for everyone in the entertainment supply chain to work together and share non-competitive information to protect our most valuable assets, and do so while reducing the costs associated with security compliance.
For more information, visit TTPN.org.