Content Security in the CLoud


Bruce Devlin TV-Bay Magazine
Read ezine online

Security is a difficult topic. There is no such thing a generic security. You always secure yourself against specific threats and hope the solution is generic enough to cover other similar classes of threat. For example - placing an expensive lock on the front door of your house prevents the specific threat of gaining access by using the door handle on the door. It gives you no protection at all from someone using a diamond tipped chainsaw to cut through the house to make a new door. (Yes this is a real thing - a friend of mine trains law enforcement officers to do this).

One of the great opportunities that comes with cloud processing and cloud storage of content is that it 's new and it 's flexible and it allows new ways of collaborative working that cannot be done any other way.

One of the commercial risks that need to be addressed with cloud processing is that of security. In any cloud deployment there will be multiple organisations involved. You may be buying Software As A Service (SaaS) to store, edit and manage your content. The SaaS provider is running parts of their software on top of another company 's Platform As A Service (PaaS) to provide some global service to their software (e.g. Authentication and Identity services) and that platform may be physically running on multiple Infrastructure As A Service (IaaS) datacentre instances to make the whole thing work.

If security is a key commercial driver for you adoption of any cloud technology then understanding the threats to the different stakeholders in the chain is vital to the overall security model. Having great user authentication at the SaaS layer is good, but it won 't protect against someone with a diamond tipped software chainsaw gaining entry at the PaaS layer. Likewise the PaaS layer is only secure when the physical, network and software security at the IaaS remain intact and no-one leaves a back door open.

Cloud security is a fluid and ever changing topic with Best Practise being re-written with every new data breach. It 's important to realise, however, that an unencrypted server full of content on-premise is unlikely to be more secure than having the same data encrypted in a best practise cloud environment.

Most security specialists agree that building an impenetrable system is impossible, so the pragmatic approach to securing content in the cloud is to have a variety of strategies that can mitigate against an inevitable breach. This can lead to interesting conversations with the software and platform suppliers. For example - assuming that your content is encrypted on the servers of your SaaS provider then who holds the keys to the decryption? Is it the SaaS provider or is it you? There is no correct universal answer to the question, but know that it should be asked and knowing the answer can help to build a risk model and from that a mitigation strategy if you need content security.

One of the final issues to consider is "How do you detect a data breach". This is more difficult than it sounds. If you 've followed the Linked In 2012 data breach story (see Wikipedia for up to date references) you will see that it took some time to detect that a breach had occurred and much longer to evaluate the full scale of the breach. If security of content is important in your business then detection of a breach must form part of an overall risk mitigation strategy.

Time for me to go home and write next month 's class. Now where did I leave my keys?


Tags: iss114 | cloud security | saas | paas | Bruce Devlin
Contributing Author Bruce Devlin

Read this article in the tv-bay digital magazine
Article Copyright tv-bay limited. All trademarks recognised.
Reproduction of the content strictly prohibited without written consent.

Related Interviews
  • New CEO and news update from TMD at NAB 2017

    New CEO and news update from TMD at NAB 2017

  • Forscene at IBC 2014

    Forscene at IBC 2014


Related Shows
  • KitPlusTV summarise the Broadcast and Pro Video News 22nd March 2021

    KitPlusTV summarise the Broadcast and Pro Video News 22nd March 2021


Articles
A Broadcasters Guide to Microservices
Roger Persson

The word “microservices” has been creeping into the conversation about software-centric systems recently. Is it really a different approach, what does it mean, and what are the advantages?

Tags: nxt edition | microservices | modular software | Roger Persson
Contributing Author Roger Persson Click to read
Streaming Technologies Explained
Bruce Devlin - new

The word streaming can relate to different technologies from different manufacturers in different scenarios and in this short article we are going to take a little tour of what it all means. 

Tags: mr mxf | streaming | hls | dash | cmaf | mpeg | Bruce Devlin - new
Contributing Author Bruce Devlin - new Click to read
REVIEW - Hollyland MARS 400S PRO Digital Wireless Transmission System
Phil Vinter

Built by Hollyland and costing around £600 the Mars 400S is an easy-to-use wireless video transmitter/receiver system – it will be right up the alley of anyone who, like me, considers an instruction manual to be nothing more than box padding.

Read Phils Full review here, and link to the video review.

Tags: HOLLYLAND | MARS 400 | wireless | tx | rx | Phil Vinter
Contributing Author Phil Vinter Click to read
HOLLYLAND LARK 150 Review
Phil Vinter

The exponential growth of video supercharged a technological revolution that began in the early noughties with the advent of DSLR cameras.
The cinematic-style shallow depth of field image video quality from DSLRs was a revelation, but, back then audio was the big drawback. As demand has grown so the technology has improved and today’s one-man-band small rig set ups can capture pretty good sound into a DSLR style camera.

Phil Vinter reviews the latest release from HOLLYLAND and it's a thumbs up from us.

Tags: HOLLYLAND | radio mic | audio | LARK-150 | CVP | Phil Vinter
Contributing Author Phil Vinter Click to read
How to successfully buy AV and Broadcast Equipment at Auction
Dan Main

Perhaps you wouldn't expect an auctioneer to tell you this - but yes, there are risks to buying equipment at auction; just probably not the risks that you think.

So what are the real risks to buying at auction, and how can they be managed?

To watch the interview with Dan please click here

Tags: auction | tips | buying at an auction | fraud | auction risks | Dan Main
Contributing Author Dan Main Click to read