Ongoing security challenges that include sloppy handling and storage of personal information and other data, along with newer security challenges including quantum computing and “deep fakes,” were highlighted May 23 during the Security, Identifiers, & Workflow track of sessions at the annual HITS Spring event.
Today more than ever, “it’s got to be [a] security first” philosophy used by media and entertainment organizations,” according to Martin Mazor, chief information security officer (CISO) at Entertainment Partners.
Noting that he’s been a CISO for more than 20 years, he said during the session “IT Intersection: Security Transforms the Enterprise” that “when we kind of think about the cultural aspect of where security sits and how it operates in organizations, particularly in the entertainment industry, there’s a bit of a growth opportunity.”
Mazor previously served as a CISO in the defense world, where security is the most important goal, he pointed out. “That’s not necessarily true in the entertainment industry,” he said.
About 20 years ago, security used to just be handled by “guys in the back room” who dealt with firewalls, he noted. However, it’s clear that now, security is “everybody’s problem in the organization — it’s not just the security team that may be buried behind IT or in another group,” he said.
Security must be at the “forefront and where it sits in the organization, I think, is vital,” he told attendees, explaining: “It’s got to have the visibility from the janitor to the board, and everybody in between.” Everybody must realize that security is “part of their job” and they can no longer just think “we’ll throw it over to the security [specialists] and let them deal with it,” he said.
One major takeaway of the session was that the less organizations do to protect privacy, the more they can expect government to get involved and force them to take more steps.
But advantages that have been created by the increased government regulation we’re seeing, as well as the fact that security breaches are “regularly front-page news,” is that these developments have provided “access to better funding” within organizations for cybersecurity initiatives, according to Ben Stanbury, content security officer at Amazon Studios and chairman of the Content Delivery & Security Association (CDSA).
“We need to learn as security practitioners how to interpret our security guidelines into layman’s terms,” and there also “shouldn’t be a single one size fits all strategy,” he said, adding: “For an effective security strategy, you need to have a plethora of separate security strategies that are modeled around the workflows and data” and “investing appropriately” is important.
Europe’s General Data Protection Regulation (GDPR) that went into effect last year and the growing number of U.S. regulations including the California Consumer Privacy Act have “changed a lot of things” across organizations, according to a representative of Creative Artists Agency (CAA). More organizations are “starting to realize” that keeping data secure is an “everybody problem,” he said.
Organizations must focus on behavior, he went on to say, stressing that everybody needs to make sure they only have the data they need and are keeping that data where it needs to be. If data is not needed, it should be deleted, he told attendees, noting that many people, however, are not doing that. “My single biggest worry is data where it’s not supposed to be,” he added.
HITS Spring was presented by Entertainment Partners, with sponsorship by LiveTiles, 5th Kind, Amazon Web Services, Birlasoft, Exactuals, Expert System, MarkLogic, Microsoft Azure, Richey May Technology Solutions, SoftServe, Spark Digital, Avanade, CDSA, Cinelytic, EIDR, MicroStrategy, Signiant, the Trusted Partner Network, human-I-T, and Zaszou IT Consulting.
The event was produced by the Media & Entertainment Services Alliance (MESA) and the Hollywood IT Society (HITS), in association with Women in Technology: Hollywood (WiTH); CDSA; and the Smart Content Council.