M+E Daily

Executives from Convergent Risks, LucidLink and Prime Focus Technologies discussed different perspectives about the measures needed to secure automated environments, on May 23 at the Hollywood Innovation and Transformation Summit (HITS) at The Culver Theater, during the panel session “Automating the Way to Better Security Operations.”

As technology advances automation, security measures must keep up. Technological complexity and scale of production pose a significant challenge. In parallel importance with creativity, the media and entertainment supply chain’s primary objective is to safeguard the critical assets and ecosystem through which content flows, from creation to distribution, “script to screen.”

One key question is: “How can you safely manage the increasing complexity when your security capabilities are limited?”

Kicking off the session, moderator Juan Reyes, VP, Americas, cloud security and assurance, at Convergent Risks, pointed out that his company provides security assurance solutions for the media and entertainment industry, working very closely with studios, vendors and organisations including the Trusted Partner Network around content security.

Moving on, he said: “Today’s content workflows are getting more automated and a lot more complicated, and they’re reaching out so far. It used to be just the facility. Now they’re extending into remote sites. They’re extending into the cloud. And then, from that, you’ve got remote workers accessing content from all over the place. You’ve got collaboration. So content is everywhere. And how can we effectively and efficiently keep that content secure? Well, we really need to automate security in order to achieve that, and that’s where security operation comes in.”

Explaining what security operations are, he said: “It’s basically information security, content security, paired up with IT operations, hence security operations or SecOps.” Noting that he experimented with “ChatGPT, my friend,” he said he asked it what some of the benefits around automating security operations are. “And this is what came back. It said automated security operations offers benefits such as enhanced threat detection, faster incident response, increased operational efficiency, reduced human error, scalability, consistency, improved compliance, proactive threat hunting and cost efficiency. By bracing, automation organisations can strengthen their security posture and effectively protect their assets against evolving cyber threats.”

He joked: ‘So with that, my session is done.”

Moving on to deployment and automation, he asked Junaid Banatwala, CTO at Prime Focus Technologies, how he used automation to help maintain the security level of all these “deployments that are happening so fast.”

Banatwala responded: “We are present in 20 odd data centres and cloud locations all over the world. And we have a number of dedicated customer instances and also generalised software service instances, which a number of people use. This also means we’ve got somewhere between 1,500 or 2,000 virtual machines or containers or physical servers running at any given point of time. And, other than that, we have a lot of stock running internally, which is our developed environments and our QA testing environments and just environments. We pop up and down to see how our deployments occur.”

Banatwala added: “One of the biggest challenges we face … is that people go in and make changes and you need to allow systems, administrators, engineers, software developers to deploy and make changes to systems. And the challenge that this obviously brings is systems start drifting from their base hardened image and you need to keep putting them back.  We started off by building a lot of scripts. We started off by doing a lot of manual automation…. And then we moved into sort of deployment automation, where we don’t promote any specific technology…. What it does for us is that it allows us to constantly pull back the configuration to the way it should be as soon as a systems administrator and engineer has made a change. And that change is not in line with our manifests or our global directors. It automatically runs every night at 3-4 a.m, depending on where you are. And it pulls it back. But develop environments, we run it every three hours, four hours. And this configuration becomes back to what it was. Then people realise that the change they made yesterday or a few hours back does not work anymore. And then they realise that what they should have done is gone through the change management system, not been rushing and gone to the automation system [to] deploy the change in those specific machines.

Moving on to explore creativity versus security, Reyes said: “There’s that battle about the creatives don’t want to be held back by the security side and the security side is like, ‘You’ve got to do this,’ and how do they work together and what are you doing on your end at LucidLink to help bridge that gap?”

David Leopold, director of strategic development, media and entertainment at LucidLink, responded: “One of the things that we saw at the beginning of the pandemic was when doors shut and people went home, the first thing that got sacrificed, I would say, would be security or robust security policies because business continuity and security were sort of seen as adversaries at the time. And so we sort of, as an industry, had to start looking at ways that we could maintain that security at the highest level while still enabling end users and creatives to do their work. So at LucidLink, we kind of take more of a left of launch approach to security, where we, by design, sort of try and eliminate some of the risks before they even become an issue, because you cannot sustain a creative environment when the creative has to … [go through] 12 different portals and do five multi-factor authentications just to get their next thought down on the timeline. So one of the things that we do is, if you’re not familiar with LucidLink, we enable you to access files from the cloud, data from the cloud as though we’re local. And the way that we do it is we start by breaking up your file into tiny blocks, and then those blocks are streamed on demand, just when they are needed. So what that does is it prevents the need for ever having to download another clip. So right out of the gate, we are addressing security where you don’t need creatives to download their content.”

He added: “That means no down time waiting for those downloads so they can just get to work. And you’re eliminating all those delays. But, from a security aspect, you don’t have extra copies of all those files now floating out there, especially when you’re working in remote environments. That’s great. Bridging that gap is key.”

Other panelists included Jason Shea, senior director of app and cloud security at Convergent Risks.

The Hollywood Innovation and Transformation Summit event was produced by MESA in association with the Hollywood IT Society (HITS) and presented by Amazon Studios Technology, with sponsorship by Fortinet, Genpact, Prime Focus Technologies, Signiant, Softtek, Convergent, Gracenote, Altman Solon, AppTek, Ascendion, Coresite, EPAM, MicroStrategy, Veritone, CDSA, EIDR and PDG Consulting.