Safeguarding content in the cloud
Whenever media people start talking about the cloud, inevitably the conversation becomes polarised. On one hand, there are the clear benefits of working in the cloud – the scalability of processing, the ease of feeding CDNs, the accessibility to content for remote collaborative post and so on.
On the other hand, there are always concerns about security. We talk about our raw material as “assets”, and that is just what they are – they are the value in the media business. The content must be protected at all times.
Most obviously, you do not want anyone to steal the content. You have paid for the production, and you deserve the revenues from its distribution.
You always want to ensure that the content is not changed in any way. In the modern world of cybercrime and deepfakes, the potential for corrupting content, or even just mislabelling it, is obvious.
Finally, you want to be certain your systems are impregnable to ransomware. Broadcasters in the recent past have been brought to the brink of financial ruin through cyber breaches allowing criminals to take control.
And, the argument goes, if you keep all your material and systems on your premises, in an air-gapped installation, no-one can break in to steal, damage or threaten it. Sadly, this is impractical, unless you advocate going back to delivering programmes on tape by trusted couriers.
What this means is that we have to develop systems that use all the benefits of the cloud and IP connectivity, but also incorporate the levels of security that we need. The good news is that this is all perfectly possible, and readily implemented.
When choosing a cloud provider, along with commercial terms and capacity constraints, you also need to check security credentials. The major providers all offer strong security options. AWS has a military strength secure system designed for intelligence communities and while this is probably over the top, it is reassuring that it is a top priority.
Cloud security generally operates on a shared responsibility model. The provider secures the infrastructure and the core software; the user secures the data and the applications. You can find out more about this shared responsibility model here.
While this may sound daunting, it is pretty much what we do every day in other parts of our business life. Professional messaging platforms like Signal, and consumer services like WhatsApp, all use end-to-end encryption: the signals are protected at source and only the destination has the key to unlock it.
The same principles can be applied to transferring content between the ground and the cloud. Encryption, often using the AES standard, provides a very high degree of protection against piracy and corruption for valuable files in transit.
Similarly, we expect to log in to the services we use online. When setting up multi-user systems, the same restrictions apply. IAM – identity and access management – is the service that sets and controls users and groups. You will certainly expect username and password control: increasingly a two-factor authentication regime is expected.
Where good system design comes in here is that the IAM should give users access only to the functionality and content they need. That is for security, of course, but it should also be seen as a major aid to productivity.
Users log on and are presented with precisely the tools and material they need for the job in hand. Time searching for the right material and related metadata is time not spent on the job. If you are an editor, then when you log on you should be taken straight to your edit software, with the bins populated with the clips you need so you are good to go.
Yes, if you are designing a cloud or hybrid infrastructure, security is a concern, and it absolutely must be. Remember that the content represents the assets of your business. But solutions are already available, are not complicated to implement or onerous to operate, and if done properly can even boost productivity.