Content Security in the CLoud


Bruce Devlin TV-Bay Magazine
Read ezine online

Security is a difficult topic. There is no such thing a generic security. You always secure yourself against specific threats and hope the solution is generic enough to cover other similar classes of threat. For example - placing an expensive lock on the front door of your house prevents the specific threat of gaining access by using the door handle on the door. It gives you no protection at all from someone using a diamond tipped chainsaw to cut through the house to make a new door. (Yes this is a real thing - a friend of mine trains law enforcement officers to do this).

One of the great opportunities that comes with cloud processing and cloud storage of content is that it 's new and it 's flexible and it allows new ways of collaborative working that cannot be done any other way.

One of the commercial risks that need to be addressed with cloud processing is that of security. In any cloud deployment there will be multiple organisations involved. You may be buying Software As A Service (SaaS) to store, edit and manage your content. The SaaS provider is running parts of their software on top of another company 's Platform As A Service (PaaS) to provide some global service to their software (e.g. Authentication and Identity services) and that platform may be physically running on multiple Infrastructure As A Service (IaaS) datacentre instances to make the whole thing work.

If security is a key commercial driver for you adoption of any cloud technology then understanding the threats to the different stakeholders in the chain is vital to the overall security model. Having great user authentication at the SaaS layer is good, but it won 't protect against someone with a diamond tipped software chainsaw gaining entry at the PaaS layer. Likewise the PaaS layer is only secure when the physical, network and software security at the IaaS remain intact and no-one leaves a back door open.

Cloud security is a fluid and ever changing topic with Best Practise being re-written with every new data breach. It 's important to realise, however, that an unencrypted server full of content on-premise is unlikely to be more secure than having the same data encrypted in a best practise cloud environment.

Most security specialists agree that building an impenetrable system is impossible, so the pragmatic approach to securing content in the cloud is to have a variety of strategies that can mitigate against an inevitable breach. This can lead to interesting conversations with the software and platform suppliers. For example - assuming that your content is encrypted on the servers of your SaaS provider then who holds the keys to the decryption? Is it the SaaS provider or is it you? There is no correct universal answer to the question, but know that it should be asked and knowing the answer can help to build a risk model and from that a mitigation strategy if you need content security.

One of the final issues to consider is "How do you detect a data breach". This is more difficult than it sounds. If you 've followed the Linked In 2012 data breach story (see Wikipedia for up to date references) you will see that it took some time to detect that a breach had occurred and much longer to evaluate the full scale of the breach. If security of content is important in your business then detection of a breach must form part of an overall risk mitigation strategy.

Time for me to go home and write next month 's class. Now where did I leave my keys?


Tags: iss114 | cloud security | saas | paas | Bruce Devlin
Contributing Author Bruce Devlin

Read this article in the tv-bay digital magazine
Article Copyright tv-bay limited. All trademarks recognised.
Reproduction of the content strictly prohibited without written consent.

Related Interviews
  • New CEO and news update from TMD at NAB 2017

    New CEO and news update from TMD at NAB 2017

  • Forscene at IBC 2014

    Forscene at IBC 2014


Articles
Creating Authentic Content That Counts
Frank le Mair We’re deep into the 2010’s and the way in which we consume content has changed forever. Broadcasters and content owners are fighting for eyeballs in a saturated market where consumers are watching their favourite shows on different devices across a number of platforms. To target millennials and younger generations, who generally consume short bursts of video on YouTube and social media - particularly Snapchat, Instagram and now IGTV - media companies are creating more and more authentic stories and are using platforms that are compelling for this demographic. Unlike generations before them, they have totally new video viewing patterns and ideals.
Tags: iss133 | insight tv | monster energy | amazon | millennial | Frank le Mair
Contributing Author Frank le Mair Click to read or download PDF
Managing Technological Change
Alan Wheable Continual technological change in the broadcast and media industries can make it difficult to plan for the mid to long term. Typically, broadcasters and media organisation are still implementing the last set of changes to working practices when the next changes come along.
Tags: iss133 | omnitek | ip | waveform | vectorscope | ultra tq | Alan Wheable
Contributing Author Alan Wheable Click to read or download PDF
Smashing the WTA Tour
Danny Ridler The Women’s Tennis Association (WTA) is the global leader in women’s professional sport with more than 2500 players representing nearly 100 nations competing for a record $146 million in prize money. The 2018 WTA competitive season includes 54 events and four Grand Slams in 30 countries. In 2017, the WTA was watched around the world by a total TV audience of 500 million – with host broadcast services provided by NEP UK.
Tags: iss133 | tennis | wta | nep | outside broadcast | ob | Danny Ridler
Contributing Author Danny Ridler Click to read or download PDF
Perimeter LED screens management
Nicolas Houel Opened in January 2016, Parc Olympique Lyonnais, also known as Groupama Stadium, is the new home of Olympique Lyonnais football club, one of the most popular clubs in France. Since its inauguration, the stadium was a host of UEFA Euro 2016, and was also chosen to stage, among other important events, the 2018 UEFA Europa League Final and football at the 2024 Summer Olympics.
Tags: iss133 | 3dstorm | graphics | groupama stadium | liveexpert | livecg | deltacast | Nicolas Houel
Contributing Author Nicolas Houel Click to read or download PDF
Fast-moving productions need multi-cam RF reliability
Darren Bilton Wireless acquisition creates a level of freedom not possible with any other form of filming yet only a decade ago the technique was barely possible. The technology enabling live real-time connections over radio frequencies has advanced leaps and bounds such that there is barely an entertainment, documentary, sports or news format today that doesn’t benefit from at least one link system. That means the demands on the kit continues to rise and includes the need for fail safe multi-camera operation, ease of use and backwards compatibility all within a small, lightweight and budget-friendly package.
Tags: iss133 | boxx tv | wireless | mpeg-4 | multicam | rf | multi-cam | Darren Bilton
Contributing Author Darren Bilton Click to read or download PDF