News

By Bryan Ellenburg

LAS VEGAS — Justin Somaini, VP and chief trust officer, for online file sharing and cloud content management service Box, believes companies that deal with the secure delivery of content in the cloud are finally starting to ask the most important questions when they take on a new client.

“What’s the actually value of their content [and] what is the impact of a security failure?” he said April 9, speaking at the annual NAB Show during a panel on cloud reliability and security. “A script is just a file for all intents and purposes. But movies are there to get an emotional reaction.

“Ask a director, and it’s more than a script. [It’s] lightning in a bottle.”

He and other panelists discussed the need for content owners to work closely with cloud service providers, and the need for cloud companies to understand what impact failure would have on their clients.

“Pay attention to what you’re putting in the cloud,” Francisco Artes, chief technology architect for network testing company NSS Labs, stressed to content companies. Dumping $500 million worth of footage for a summer blockbuster up into the cloud probably isn’t all that wise.

Too often, cloud security isn’t treated with the respect it deserves, Somaini said, and considering the increasingly sophisticated attacks coming at cloud services and content owners, “it’s a little scary,” he said.

“We see malware and attacks coming through that are super advanced, easily bypassing [traditional] security measures, targeting the weakest links,” he said. “The people writing these are crazy intelligent.”

Ted Harrington, executive partner with technology vulnerability testing company Independent Security Evaluators, agreed, pointing to the recent security breach at Target — which compromised up to 70 million customer credit cards — was a learning lesson. That breach occurred due not to a direct attack against Target’s systems, but with infected equipment used by an outside (unwitting) vendor who had access to Target’s systems.

“What’s unnerving is traditional defenses don’t take things like that into account,” he said.

He also chastised content owners who simply treat cloud services as “castles” to dump their “gold.” “There’s this great value-add with a cloud storage provider,” he said. “But if you give them unencrypted content, you may as well be giving it away.”

On the content production side, Artes noted that many creators are still dealing with lots of physical elements. It may seem counter-intuitive, but digital assets are actually less likely to be pirated (before they’re released in the home entertainment window, at least), panelists agreed.

Physical assets make tracking a breach a “game of whack-a-mole,” Artes said. “Doing them electronically, it’s a much easier way to track.

That earned hearty agreement from Jason Shah, CTO of enterprise mobility platform Mediafly.

“Look up all the leaks in the media and entertainment space, and they can be tracked to business processes,” he said. “You can provide all the security in the world, but if you have an admin ripping DVDs and putting movies on an iPad … .”