M+E Connections

CPS 2020: Convergent Risks Calls For Different Approach to Workflow Security

Over the last couple of years, Convergent Risks has provided more than a 1,000 security assessments. And with most media and entertainment firms moving to a work-from-home situation, quite a lot of those assessments involve cloud workflows and web applications.

“Businesses have adapted so well, been extremely innovative,” said Mathew Gilliat-Smith, EVP of Convergent Risks, speaking at the Dec. 8 virtual Content Protection Summit. “But equally, businesses have experience disruption, and security vulnerabilities like phishing attacks.”

With many existing controls for workflow security out of date and not meant to be applied in today’s pandemic environment, it can be hard for vendors to interpret which measures should or should not be used, Gilliat-Smith said during his presentation “A Different Approach to Workflow Security.”

Add on the convergence of theatrical and streaming windows, leading to many vendors in the supply chain handling content at increasingly sensitive stages, and better guidance is needed, he argued.

“If personal credentials are compromised, it’s not only going to affect the individual, but likely the business as well,” Gilliat-Smith said, speaking to the underlying problem with securing a disparate workforce. “Add on the increased adoption of a cloud-first strategy, and you see the need for change in the types of security assessments.”

Nik Savchenko, VP of international at Convergent Risks, walked attendees of the breakout session through three scenario case studies — broadcast streaming, VFX vendors and app service providers — around how different controls can be applied for different needs.

Convergent’s observations for broadcast streaming showed that a new approach to assessments is needed, due to that business using multiple cloud service providers and multiple and diverse third-party vendors.

For VFX vendors, the use of both public and private cloud tech has massively increased, there’s a lack of work-from-home guidance, and there’s a dire need to free vendors from security restrictions, but still remain secure. And app security providers need active security monitoring, more training and centralised ID management.

What Convergent has learned for all three areas is there’s a need for a more flexible, agile approach to securing work-from-home.

To view the full presentation, click here. To view the presentation slide deck, click here.

Presented by Microsoft Azure, the Content Protection Summit was sponsored by SHIFT, Genpact, Akamai, Convergent Risks, Friend MTS, GeoGuard, PacketFabric, Palo Alto Networks, Richey May Technology Solutions, Splunk, Zixi, EIDR, Cyberhaven and Xcapism Learning.

The event was produced by MESA, CDSA, the Hollywood IT Society (HITS) and Women in Technology Hollywood (WiTH), under the direction of the CDSA Board of Directors and content advisors representing Amazon Studios, Adobe, Paramount, BBC Studios, NBCUniversal, Lionsgate, WarnerMedia, Amblin Entertainment, Legendary Pictures, and Lego Group.