Fortium: The Cat and Mouse Game

Let’s be honest – we know what the problem is with data or content security in the media industry. It’s all about the content TV and Film companies produce. Cyber-attacks are on the rise and everyone is vulnerable, but the pressure is especially severe if hackers know that you are in possession of something valuable, like the latest series of an award winning show or a high budget movie.

There is a lot of publicity that surrounds cyber-attacks on big name companies and their big name content – just see the various media reports about Game of Thrones and HBO earlier this year. The treasure has never been shinier, and the risk that much higher. The cyber criminals have realised that there is value in the industry. The content is of interest and has value; therefore, they want to leverage that value.

But are media companies really more vulnerable to attacks? They are undoubtedly a prime target, but does that make them any easier to infiltrate? That’s hard to say. They do typically work with multiple third parties. Whether it be outsourcing storage, or encoding, or even the production companies hiring freelancers to operate cameras. The workload in the industry is fast moving and quick turnarounds mean that work is often outsourced. Media companies run their content through many rivers, and it only takes one crocodile in the water to make the content unsafe, much like the Orange Is The New Black leak as the media reported earlier this year.

The incidents of security and the threats to networks that we are seeing are only going to get worse. There are so many ways to be hacked because everything is theoretically vulnerable – that’s without even touching upon human error. It is a cat and mouse game, and the media industry is at risk of losing. Media companies are spending more time trying to solidify their solutions but this all comes at a cost. As we all know, everything has a budget and security tends to be the one that falls on the back burner… even though a breach can cost millions of dollars in lost revenue and millions more on the stock market. Not to mention the loss of reputation from the wider public, your own employees and prospective recruits.

So what can be done?

It’s time to be more pragmatic and more proactive. Don’t cross your fingers then hope for the best (because it won’t work) and start layering your protection, expecting the worst. “Securing your network” sounds good, but what if someone has made it inside already? Restricting your employees’ internet connection (or air gapping) sounds effective – trouble is hackers have been busting that myth for years.

What do we think is the most pragmatic way of protecting sensitive content? We recommend encryption at rest. This means video, audio or data files remain encrypted throughout the entire workflow and can only be accessed by those who fulfil a set of criteria – like a password. The benefit of this is rather obvious; someone could happen upon a pre-release film or TV show, but they can’t access it without a password. The file is essentially useless to them, provided the encryption method is up to scratch (AES 128-bit, for instance).

Encryption at-rest is advocated by MPAA (Motion Picture Association of America). A lot of companies follow encryption in transit but not at-rest; that is because it can be a difficult undertaking as traditionally post-production editing programs (like Avid’s MediaComposer and ProTools) won’t recognise encrypted files. This has been a major sticking point for a number of years and only now the industry is starting to catch up.

And that catch up has happened with MediaSeal encryption at-rest; the files just… work in those programs, as normal, and yet stay encrypted throughout to ensure that only intended access to content is allowed. To ensure the file stays protected, there are multiple methods for authentication that are leveraged:

  • A user needs “decryptor” software and a valid MediaSeal licence to unwrap the encrypted file.
  • A unique user iLok is needed, one that’s already associated with the file. This adds a key “physical” lock on content. Need to be away from your desk at lunch? Take the look with you and the content is unusable while the desk is unmanned.
  • The file password is needed and is set by the person who encrypts the files.
  • Remote server authentication. Sent a file to someone accidentally? With this, you can revoke their access, even after it’s been delivered. A neat further feature is you can set a file to “expire” so it is only accessible during working hours or not after the project has finished.

We believe that MediaSeal achieves two important things – one, it protects content, as intended. Two, it allows end users to get on with creating films and TV shows that entertain across the world. It’s why MediaSeal is used in over 200 post-production facilities and this year helped secure the likes of Wonder Woman, Dunkirk, and The Dark Tower.

We are seeing an increase in cybercrime almost weekly, with high-profile companies suffering widespread attacks. At the time of writing, this is the Equifax breach in the US – who knows what it will be by the time you’re reading this sentence?

Something that is important to consider is that these are the attacks that we are hearing about. It happens every day and most companies will go to great lengths to keep it quiet. Yahoo! was breach back in 2014 – they only reported on this in September last year.

There is no way to completely prevent an attack, but companies can do a lot to reduce the risk. It would be naïve to think it is 100% possible to have an impenetrable system. However, there are processes you can put in place to limit the damage. Content can’t be utilised or released if it is encrypted. We think that encryption at-rest is the best preventative solution to cybercrime and keeping your content secure.

About Fortium Technologies

Fortium Technologies is a leading provider of digital content protection solutions for the leading film, entertainment and broadcast industries. Since 1999 Fortium has successfully developed innovative technologies that help leading international businesses have greater control over the way in which their digital content is consumed.

About Object Matrix

Object Matrix provides digital content governance and object storage platforms. The company was built on the philosophy that archive systems should be scalable and interoperable, as well as ensuring instant access to data and metadata. Its flagship product, MatrixStore, is an integrated object storage software solution providing protection and governance for the lifetime of any digital content. It’s used by global organisations that create, curate, and distribute video content, including NBC Universal, TV Globo, the BBC and BT.

Object Matrix is comprised of a team of storage industry experts with a shared vision for high levels of data security combined with intuitive user interfaces. In addition to providing solutions and product integrations for the storage, search and retrieval of media assets, Object Matrix also provides consultancy, training, systems integration, and ongoing support services.