Jigsaw 24 Media – Some hard truths about remote workflow security
Security. It’s the topic on everybody’s mind that nobody wants to talk about.
When we reached out to production and post houses to find out about your approach to remote workflows and end-point security, we quickly discovered that the first rule of remote workflow security seems to be that you do not talk about remote workflow security. Because there’s a chance that sharing information about how you keep your content secure could be what puts your security at risk…and some of you are worried about revealing just how vulnerable your workflows are. When we did finally manage to convince a handful of post professionals and security specialists to break the silence, what they shared were some hard truths.
VPN doesn’t cut it anymore
When COVID forced post-production into private homes, a lot of media companies adopted VPNs as a quick fix to enable remote workflows. But VPNs are far from ideal solutions for media workflows – and not just because they’re inherently slow – as accredited TPN assessor and Jigsaw24 consultant Phil Winterhalder explains, “It’s considered a technology solution that just doesn’t give the business enough awareness, enough oversight or control, because once the VPN is established, you can transfer data more or less at your own will,” he warns.
Jigsaw24 Media’s head of innovation, Chris Bailey, puts it more plainly, saying, “Providing access via a VPN is literally opening the floodgates to your subnet.” Instead, they recommend providing remote teams with thin or zero client devices and using pixel streaming to access centrally stored files. The limited functionality of zero client devices means that users can’t download or screenshot content while pixel streaming increases media workflow speeds and improves security because the media doesn’t move from the storage.
Security is every-one’s responsibility
Bailey is adamant that media companies don’t have to choose between security and being able to do their job anymore: “Before COVID security for remote workflows was expensive and not very well understood. Now everything’s software defined, internet connections are faster and there are various solutions to choose from so, from a technology point of view, there is absolutely no excuse, and it really is time to grow up,” he insists.
Digital Orchard’s head of technology, Adam Shell, describes the situation as “a question of keeping your systems flexible and secure and hitting all the guidelines that the studios give you while also allowing your staff to actually physically be able to do the job that they need to do.” Communication is key for Chris Sarson, MD of The Collectv and Director of Creative Remote, who says, “It’s about bringing our production partners, line producers, production managers and post supervisors on board and making them understand that we’ve all got to do what we can.”
There’s no such thing as totally secure
Perhaps the hardest truth to accept about information security is reflected in the statement that ‘if someone wants to attack you… they will get through your system. It doesn’t matter what security is in place,’ but that doesn’t mean you shouldn’t make it as difficult as possible for unauthorized people to access your content. Sarson’s advice is to never stop working on security, for example: by moving from two-factor authentication (which is now standard practice) to zero trust methodology which takes the same principle to the next level.
But one of the biggest security risks for remote workflows is the user. Many remote security protocols – like ensuring that your screen isn’t visible to other people or locking your device before stepping away – rely on user co-operation which can never be guaranteed. As Bailey points out, “remote security is always at risk of the user – if they’re not on site they can always point a phone at the screen and hit record.” This is where watermarking comes into play.
Not all content needs the same level of protection
The good news is that not all content needs the same level of security. Bailey recommends implementing workflows that flux according to the content type and the associated risk level. As he puts it, there’s no point implementing the same protocols for Apple’s product launch material and Homes Under the Hammer. Digital Orchard adopts this tiered approach for their projects which range from dailies for high-end TV and studio shows to post-production for small independents. “Our dailies department is entirely air gapped so there’s no way you can access studio material without physically being in the building but the security specs for our post-production work are not nearly as restrictive,” says Shell. The concept of air gapping may not translate directly to remote workflows (which are inherently connected) but Winterhalder recommends breaking down remote access to your network in a similar way, “You should never be able to move directly from an untrusted network, like the internet, to a secure network where your content resides without using a broker or relay through a second connection.”
Someone has to pick up the bill for security
The main excuse for skimping on remote workflow security is cost – particularly when it comes to boutique post houses and the ‘race to the bottom’ for offline editing. Shell describes the same dilemma faced by many media companies at Digital Orchard, “As we grow, we will need to employ or bring in outside consultation to look after security for our systems. But we will have to try and keep things simple so it can be managed by as few people as possible, because it’s not something that generates revenue.” Sarson is emphatic about the need for change in this area saying, “It’s very simple: security costs money. We have it with our policing and in day-to-day society – a certain amount of budget has to go towards security, and it’s the same for our media systems.”
While it’s unlikely that remote workflows will ever be 100% secure, end-point security has clearly come a long way in the last few years. And the technology keeps getting better – you just need a partner that can help you put the most effective solution together.
