Security Pros Respond to New Challenges: Ransomware, Drones
HBO had to figure out how to best deal with drones. That meant two things: It had to figure out how to use drones to capture great aerial shots, and it had to figure out how to prevent pirate drones from recording unauthorized video from its sets.
"Originally, we were shooting them, but you can't do that anymore," said Stephen Fridakis, chief information security officer for HBO. The next step was intimidation—"big guys with big dogs"—before the premium network developed other more high-tech methods.
Such is the state of the modern content security world, where professionals are tasked with dealing with emerging threats to their premium video while trying to shore up leaks in production workflows.
Fridakis spoke at today's Microsoft Media and Entertainment Day in New York City, a half-day event co-located with the Content Protection Summit East led by the CDSA (Content Delivery and Security Association).
Security threats have been advancing at a faster rate than solutions can be developed. Content creators are walking materials from one office to another rather than transferring video online, Fridakis said. They're putting hard drives in their car and driving them. Creators too often find security systems hopelessly complex or simply ineffectual, so they create their own non-technical workarounds.
HBO is especially careful with the mezzanine files for its productions, Fridakis said. One of the hardest things to safeguard, however, are production stills sent to dubbing houses. Still images are easy to grab (any cell phone can do it), and often give clues about plot points.
One of the biggest obstacles Fridakis faces is what he calls the legacy attitude: The idea that a new system won't be accepted and isn't worth trying. Many thought moving from DVD screeners to trackable online streams would be a problem, he said, but it wasn't. And many thought video creators would be wary of security audits on their networks, but Fridakis found they welcomed them.
Fridakis sees the need for a unified content security solution, a sentiment echoed by Joel Sloss, senior program manager for Microsoft Azure, on a later panel. Creatives working on their own don't have major security solutions installed, he said. Basic applications like email and online storage cause security holes.
"You want to stop that person from taking the three hard drives across the street," Sloss said. What's needed is a unified system that provides access for the right people at the right time, creating records for each transaction.
For a system like that to work, the creatives using it need to see it as agile and easy, said Ben Stanbury, vice president of technology security and risk management for The Walt Disney Company, speaking later in the day. If they see the system as red tape getting in their way, they won't use it. Disney has implemented a system that designates some people as content guardians responsible for defining and socializing best-in-class solutions to their peers. Workers respond best if directives come from a peer, he said. Disney also conducts yearly onsite risk assessments with all third-party partners.
A comprehensive security system is nearly here, and will be the main focus of the CDSA's Content Protection Summit in Los Angeles this December. "Things are progressing well at this point," Stanbury said. While the system's creation is being led by the Motion Picture Association of America (MPAA), the process has been bottom-up rather than top-down. People at all stages of the production workflow have contributed to its development, sharing their difficulties with content security procedures in order to create a system that works in harmony with their existing workflows. For details on exactly how the system will work and whether or not it will be invisible to creatives, the industry will have to wait till the end of the year.
New trends in content protection policies and new threats mandate new solutions. Here are the protections studios are demanding to keep premium assets out of the hands of pirates.