CPS 2021: PacketFabric Execs Stress the Importance of Private Networks
As more media and entertainment companies shift their workflows to the cloud and rely on remote workforces, it’s more important than ever for them to be aware of the security dangers lurking within public networks, according to PacketFabric.
“Production has entered into already more of a distributed, decentralized [state] and not only because of the remote work that’s been born out of the pandemic but for a host of other reasons as well,” Lisa Gerber, PacketFabric director of business development – Media & Entertainment, said Dec. 16 at the Content Protection Summit (CPS) event, during the session “‘Is Private the New Secure?’ De-Risking Storage and the Journey to the Cloud.”
“This is really kind of all turning towards more hybrid cloud/multicloud distributed infrastructure and, therefore, data mobility,” she noted.
So, “from a security standpoint, what is the difference between, for all of this data mobility, a secure public Internet and a private network?” she asked Anna Claiborne, PacketFabric CTO, chief product officer and co-founder.
The Importance of Using a Private Network
For starters, “there is no such thing as a secure public Internet,” according to Claiborne. “That doesn’t exist. It’s a misnomer. There’s only the public Internet and then there is private connectivity. Those two things are vastly different,” Claiborne said.
With the public Internet, “we’re all familiar with the VPN safety fallacy, right?” Claiborne went on to ask. People use a VPN and “assume that it’s safe and secure because it’s a VPN – a virtual private network connection, the key word there being virtual – and it’s not actually a private network,” she stressed.
With the public Internet, “you’re going to face a multitude of threats – everything from distributed denial of service attacks to man-in-the-middle attacks,” Claiborne warned. “Anyone or anything can and does exist on it.”
Private connectivity is “very different,” Claiborne said. Even the infrastructure of it is different, she explained, adding that everybody using a public network is using all the same equipment and there are many people you don’t know who can get into it through its many access points.
On the other hand, a “private network, by its definition, is one that is not public; it is only accessible by whoever is purchasing it,” Claiborne said.
Asked about the importance of using a zero trust security strategy, Claiborne told viewers and those watching the session virtually: “If you’re not all doing it, you should be.”
And “one of the biggest mistakes ever made in security was to trust anything ever,” she said, adding: “The single greatest thing you can do for all of security: Stop trusting anything. It’s very simple.”
When using the cloud, “everything should be zero trust” on a private network, she added.
Meanwhile, it’s a “fallacy” that the public Internet is “ubiquitous and infinite,” according to PacketFabric CEO Dave Ward.
What isn’t discussed much is that it is not infinite because “there is not infinite bandwidth,” he pointed out.
Although one might assume that the free public Internet is the lowest-cost option, “in fact, in many cases, it can’t get more expensive because of the opportunity costs lost and then, of course, the inability to predict latency, bandwidth and a number of other critical attributes that are necessary for the workflows that we’re all discussing,” he explained.
Asked within the stages of the production workflows what the most vulnerable part is, Claiborne said: “They’re all vulnerable.”
But she explained: “One of the most vulnerable sections… is the network because it is the piece that people think about the least and is often the most critical.”
While many people are focused most on application security, she said: “Everyone forgets about the network and that is what is unlocking the value of your data and moving it everywhere, and it is the piece that’s most often left exposed.”
Ward told viewers: “You need to be extremely concerned about what you can’t control.”
But he said storage security and how data is being stored has “become a critical piece” of this. Cloud storage systems are “incredibly complex” yet “incredibly easy to use but they’re also incredibly easy to use insecurely and a number of breaches have been through” application programming interface (API) mechanisms,” he said.
“Often the only way to inspect that that data is being moved is actually by looking at the data movement across the network,” he added. “That combination of data, data in motion, data in motion over the network becomes an incredibly important continuum for inspection, for monitoring and then for needing to have security in particular when you’re not in control of the equipment.”
Meanwhile, “with all the use of cloud applications, one of the greatest misunderstandings that we see is where security responsibility lies as you’re moving into the cloud,” according to Claiborne.
The movie industry jumped to the cloud after having everything stored on-premise just a few years ago, she noted.
Disaster recovery is another issue that “people rarely think of,” she added.
Practical Security Suggestions
Claiborne concluded the session by stressing the importance of balancing security with getting work done.
She made nine key suggestions:
- Never believe any email, text message or phone call ever.
- Users must always authenticate, regardless of location (in an office, at home, etc.)
- Multi-factor authentication on everything is a must.
- Never share passwords.
- Always provide the least amount of privilege required to get the job done.
- Don’t trust anything on a VPN or anything anywhere.
- Understand the default sharing setting on all applications in use (and how these should be modified).
- Revoke user privileges when no longer required.
- Use private network connections whenever possible.
To download the presentation, click here.
To view the full presentation, click here.
The Content Protection Summit was open to remote attendees worldwide using MESA’s recently introduced metaverse environment, the Rendez.Vu-powered MESAverse, an interactive 3D-world that allows for hybrid live and virtual events.
The event was produced by MESA, presented by IBM Security and Synamedia, sponsored by Convergent Risks, Richey May Technology Solutions, PacketFabric, archTIS, Code42, INTRUSION, NAGRA, StoneTurn and Vision Media.