Media and broadcast companies are increasingly moving elements of their workflows to the cloud, in order to benefit from greater flexibility, increased efficiency and improved interoperability. As technology evolves, companies are moving to Opex models to reduce up-front infrastructure costs, as bigger projects are being undertaken with less notice, less commitment and with smaller teams. Despite all of this, there remains some uneasiness about the security of assets and data held in the cloud.
Historically, broadcasting workflows and corporate IT systems were two separate entities. Over time, the broadcast industry has gradually moved away from traditional on-premises Capex models, towards cloud-based infrastructures and networks, or a blend of the two. This shift in ways of working has brought broadcasting workflows and corporate IT systems together. They can no longer operate in isolation. Interoperability has become increasingly important. As post production workflows transition to the cloud, broadcast organisations are able to share data sets and collaborate like never before. It is this improved functionality that is driving higher levels of security.
When designing systems, there are a number of key considerations that media organisations and broadcasters must take into account, in order to safeguard their assets over the long-term.
Aim for an engineered solution
While there is a perception that data held on-site in traditional broadcast production facilities is the epitome of secure, data is, in fact, only ever as secure as a company’s measures and policies enable it to be, and often the systems are inherently flawed. Cloud security tools are extremely powerful and when harnessed correctly, can actually provide a level of security that is difficult to duplicate on-site. When considering a transition to cloud working, it is generally advisable for businesses to have a critical look at both on-premises and cloud security models to ensure there is good hygiene around security and policies for both.
Media systems need to be architected. They need to be carefully designed and built in such a way that harnesses the cloud where it makes sense to. These days, media businesses can choose to opt for a bespoke, engineered solution that bridges the gap between where they currently are and where they want to be, which will often require a combination of both on-premises and cloud working. More and more often, media businesses are also choosing a managed service. Where on-premises facilities, cloud use and the security around it all, is managed alongside core functionality. As the industry evolves, business models, security models and workflows are all starting to combine and converge.
Understand your data
Not all data is the same and the most effective way to manage it depends on circumstances, access requirements and context. It is true that broadcast media content can be very valuable, so it is crucial that data and assets held in the cloud are secure and safeguarded. Some content, such as first-run series, are obviously more valuable than old re-run episodes that are already out there. With this in mind, it seems obvious that the same security level does not necessarily need to be applied to all types of data.
Regardless of security level, data must be stored in as cost-effective and convenient a way as possible. Data needs to sit in the ideal location and that location is determined by the context of how you access your data. It is now generally more cost effective to store data with a reputable cloud hosting service than it is to pay for on-premises storage, but leveraging the benefits of the cloud are tied to the way individual organisations interact with their data. The cost benefits become clear when you take the time to assess and understand your workflows.
As computing power along with things like connectivity and compression are improving, it has become easier and more cost-effective not just to store, but also to work on assets in the cloud. This challenges the traditional view of data moving down a production line. In cloud-based workflows, the data can stay in the cloud, while teams and services travel to the data to work on it. Data solutions need to enable access as and when needed. It is important to remember that there is ‘no one size fits all’ solution and data context is not linear and can change over time. A good solution is tailored to fit a business’ needs and is engineered to match the context of the data.
A centralised approach
It is generally agreed that implementing a centralised approach backed up by authentication and auditing is critically important. But what does centralising data mean? Put simply, when centralising data, the user travels to the data as opposed to the data travelling to the user. This makes it much easier to maintain security and data integrity.
Once media has been sent to users, control over who uses those assets and how they are used is lost. However, if the user travels to the content (albeit virtually), only authorised users can access valuable content. In addition, if necessary, a user’s access can be revoked. There is an added benefit to centralising data in that by transferring data less often, it becomes less vulnerable because the risk of it being intercepted is reduced.
User authentication and auditing
While a centralised approach gives media companies more control over what happens to data after users have accessed it, it is user credentials and authentication that controls who can access the data in the first place. Each user must have their own user credentials with access to information appropriate for their role. This gives media companies the ability to tailor access levels and make sure everyone within the organisation has the right access for their roles.
After authentication comes auditing, to verify who has accessed data, on what device, and at what time. Effective auditing of user access and authentication involves reporting on exceptions and taking action where required.
It is worth remembering that there are entire sets of advanced security functions and features that come built-in to cloud solutions. With on-premises solutions, these functions and features would be considered optional extras, with additional fees to match.
Security vs. convenience
It is worth remembering that what is most convenient is not generally most secure. In fact, you could even go as far as saying that security and convenience are diametrically opposed. This is exactly why it is so important to balance the two. What use is a system that is as secure as it can be, yet doesn’t fulfil all users’ needs? If a system is inconvenient and difficult in terms of its layers of security, it is likely that users will find ways to operate outside of the system to make their life easier. This will eventually lead to a data breach.
Being pragmatic is the key here. It is generally better to have a system that is not 100% fool-proof that meets everyone’s needs and minimises and mitigates risk, than a system that is completely secure but unworkable. Some broadcast businesses may be hesitant about moving to cloud-based workflows, because of the perceived information security risks. However, the tools available to maximise cloud security have never been better.
Securing systems in the cloud is an ongoing journey rather than an end destination. As new business requirements emerge and new functionality lands, there will always be a continuing need to adapt and evolve, in order to address security challenges. With the right approach and a pragmatic mindset, the benefits of cloud working definitely outweigh the security concerns.
