Julián Fernández-Campón
CTO, Tedial
The shift to IP has opened a whole new world of possibilities to the media industry. Broadcasters and content owners can quickly and easily manage, archive and distribute content at the touch of a button from any device, at any location. Stored digitally, on-prems or in the cloud, media can be made available at a moment’s notice, now or years in the future, regardless of new formats and technological advancements. This is clearly excellent news for the industry and cause for celebration; there’s just one fairly major consideration that media providers and studios need to make to ensure their digital world doesn’t come pixelating down, and that’s cybersecurity.
Attacks vary in nature - some look for ransom, others destroy information, some steal and sell user information and some simply cause mass disruption - the list quite literally goes on, but whatever (and whoever) is behind the attack, your business certainly doesn’t want to be a victim of it.
While ransomware attacks have been around for many years, there is evidence that organized cybercrime entities are investing heavily as the number of attacks and the sophistication is growing exponentially. Garmin was hacked in July 2020. At the time, the Cyber Security Hub website explained that, “Hackers deployed the ransomware tool WastedLocker, which encrypts key data on a company’s digital infrastructure. In the case of Garmin, website functions, customer support, and user applications were all affected. Unlike typical ransomware software, WastedLocker does not steal identifying information and hold it for ransom. Instead, it renders programs useless until decrypted. The hacking organization then demands a fee for the decryption key.”
Companies from the M&E industry have also been affected by cybersecurity attacks. In October last year, Sinclair Broadcast was hit with a ransomware attack. A TV Technology report explains that, “On Oct. 17, certain servers and workstations were encrypted with ransomware, disrupting certain office and operational networks.” And just a few months ago, in early January 2022, Portuguese terrestrial television station SIC, owned by media conglomerate Impresa, was also hit by an attack.
No organisation, media or otherwise, ever wants to be in this position. So how do companies ensure that their systems are always protected? In April, Tedial announced a new media concept and a new era in media management, with a new paradigm: smartWork, the company’s NoCode Media Integration Platform or NoCode iPaaS for media. As well as providing an ecosystem of applications and media systems out-of-the-box, the Media Integration Platform offers a cybersecurity framework that protects at all levels, from the standard IT infrastructure up to the applications, and more importantly at the media production level.
smartWork democratizes business processes, empowering users to define integrations autonomously - without vendor participation - and create workflows in a flexible and agile manner. Aligned with Movielabs’ 2030 Vision for Media Creation, the platform removes time-consuming and complex configurations via a common User Interface that guarantees an optimal experience and easy access to all applications, external systems (including any legacy MAMs, PAMs and DAMs ensuring business continuity), and features self-validation. An easy-to-use toolset allows users to concentrate on creativity and make the data-driven decisions necessary to quickly adapt to market or supply changes.
The IT Infrastructure and all the applications need to be secured but seen as a whole and defined, controlled and managed at the production level, and not the individual elements. This high-level security management has a reflection and some actions on the different subsystems: network, storage, services, applications, etc., but needs to be abstracted and seen from this angle and not from the IT infrastructure. This can be seen as a “Workflows Defined Security” which focuses on the operation, the content and not where the workflows are physically executed.
This is a new paradigm, which defines a platform where all the applications are integrated. Media management capabilities and workflows are defined with a NoCode approach, which allows non-technical people to implement the content supply chain processes and production workflows by themselves, without the support of the IT team nor programmers, including all the security needed.
The NoCode Media Integration Platform has some key important benefits in terms of security that makes it suitable to implement advanced security schemas to meet the most demanding customer needs:
- Common Interface. The common interface is one of the pillars of the platform as it offers the same methods for the same operations, but also protects the applications from external access offering a single layer to be secured, instead of securing each individual system. These systems can be isolated and protected to prevent attacks.
- Media Abstraction Location. The physical location of the media is not known, it’s leaving in a protected storage location and it’s given a one-time access.
- Infrastructure as Code. The deployment is adapted to each infrastructure, defined as deployment scripts using tools like Terraform that includes the use of the specific security mechanisms adapted for each target (Kubernetes cluster on prems line OKD, AWS, Google, Azure, etc.).
- Zero Trust Approach. Some of the points are achieved naturally by the platform:
- Business Segmentation, Segregation of Duties is provided by the abstraction of the methods provided by the common interface and the workflow defined security that will be explained in the next section.
- One time access, the media location abstraction layer will give access on demand to the specific content as the physical location is abstracted
And others that need to be implemented in the NoCode Media Integration Platform as part of the secure design:
- Least Privilege access. Defining the proper security principles such as Access Control Lists, Roles and User Groups where the access to any resource is denied by default, unless explicitly granted.
- Multi Factor Authentication. Integrating IAM (Identity and Access Management) systems that integrate with tools like Google Authentication, Microsoft Authenticator or more proprietary and/or device dependent tools.
- Logging, Auditing. Registering all the activity in the platform, including anomaly detection, notifications and any other mechanisms to have visibility of all the events, access to the media, applications and services and any other tasks done by the users or any external application.
Choosing the proper security policies and systems is a real need, but workflows in the M&E industry have several implications regarding media management. Systems integrations require a different, global, more workflow oriented approach instead of the IT approach, which is focused on infrastructure. In a NoCode Media Integration Platform security can be derived naturally to implement Zero Trust policies.
Come and see Tedial’s unique NoCode Media Integration Platform smartWork in action at IBC 2022 ON STAND 10.D30.
1078 words