SMPTE 2017: Track Looks at Security of Data in the Industry

LOS ANGELES—No discussion of the media industry’s move to IT-based workflow is complete without at least touching on that all-important question of security. For all the advantages in terms of creative collaboration, speed to completion, efficiencies for distribution and all the rest of the advantages networks and studios can reap, there are always big concerns about keeping all that valuable data from falling into the wrong hands while ensuring that it can move easily from point to point and get into the right hands. The security track Tuesday at the SMPTE 2017 Technical Conference & Exhibition put some of the top minds in the security arena in front of SMPTE members to talk about this essential piece of the whole IT infrastructure.

THE POTENTIAL OF BLOCK CHAIN 

Session Chair Marc Zorn set the stage for the discussions with a brief introduction about the current state of security among some major players, and then introduced Steve Wong, Cloud Platforms & IT Outsourcing Group, DXC Technologies, to present his paper about the concept of block chain and its potential for maintaining digital assets in the cloud. Block chain, which is known primarily in terms of its use in the Bitcoin world, is only recently being discussed in the wider sense that Wong was there to talk about. In fact, after asking for a show of hands of audience members who were familiar with the concept and finding the number to be roughly 50 percent, he noted that the same question this time last year indicated fewer than 5 percent were familiar with block chain. 

Though he traced its origins to the 1453 battle for Constantinople as a method to ensure cooperation among numerous generals, he made the idea more contemporary by likening it to recording transactions in a ledger and the use of a peer-to-peer network. Using Bitcoin again as an example, he differentiated between traditional IT-based monetary transactions, which always go through some kind of bank, and the use of block chain, which identifies which transactions are secure and which aren’t without that bank, instead using small portions of larger chunks of data in such a way that security can be maintained over the peer-to-peer network without the need for some kind of trusted third party, or “bank.” 

Callum Hughes

Wong laid out some of the business benefits to a company successfully using block chain, including, under the subhead: Amplification, secure integration with IoT (Internet of Things) devices, more efficient collaboration; under Serenity or Security, he included public transparency and business confidence; and user Efficiency, he listed new forms of value interpretation, optimized time to value, programmable business through smart contracts and much more.

Bringing the discussion to studios and networks, he gave the example of a system that would track every single transaction involved in the creation of a movie, from the time the screenwriter registers a script, through to the agent who reads it, to the producer who buys it, to the D.I.T. on set who uploads camera files, through post and all the way to how many screenings or views it gets. 

“None of this is out there,” Wong pointed out, suggesting that now is a perfect time for an organization such as SMPTE to work on creating standards for block chain. 

CONTROLLING ASSETS IN THE CLOUD 

Zorn then introduced Callum Hughes of Amazon Studios and David Ginsberg, of Integrated Media Technologies and Elegant Workflow, who presented their paper, “Shoring Up Your DAM in the Cloud.” Digital asset management, Hughes pointed out, can be significantly more difficult for studios and networks when they move away from their own on-premises data centers, where they can control every facet from hardware to software to background checking everybody and the security guards, to services such as Microsoft Azure, Google and his own Amazon Web Services. But when valuable assets are sitting in the cloud and moving from the studio to multiple third-party vendors for post production, visual effects, localization, PR, legal and every other off-site service, the challenges and potential dangers multiply. 

Hughes presented a graphic demonstrating all the places such assets generally must travel and it had a big red line he referred to as “the border” between the areas where content sits that the content owners control completely and the areas that are outside that level of control. Controlling a company’s DAM, he stressed, is about maintaining as much control beyond that border as possible, through mutual agreements with vendors, on-site inspections, agreed-upon standards and bodies such as the MPAA, that certify vendors’ security.

David Ginsberg

Hughes and Ginsberg’s paper went into fundamental issues related to classifying data, from least to most restricted. “Tier one would be highly confidential, unreleased content,” Ginsberg explained. “This is [material] that, if it leaked, could seriously damage a studio or network. Tier two is confidential. That would be content that has been released to the public through approved distribution points. Tier three is material such as trailers that have been released and are easily found on sites such as Facebook and YouTube.” Identifying levels of security, he explained is key to determining who can have access to it and under what circumstances.

The duo also went into detail about the importance of using expiring HTTPS, rather than HTTP, URLs which are generated on the studio side or using a secure media agent with SSL encryption such as Aspera. “No more sending things with Dropbox,” Ginsberg declared. “Not to put down a third-party service, but you can’t just pick a way to send data because it’s easy.”

Both speakers noted that a major step for all interested parties to be able to efficiently and effectively shore up their DAM is for there to be a clear set of standards and expressed their hope that SMPTE will work towards that end. 

CATEGORIES