CYBERSECURITY
AUTHENTICATION AND AUTHORISATION ENABLE SECURE ACTIVITY
USER AUTHENTICATED
DEVICE AUTHENTICATED
APPLICATION AUTHENTICATED
AUTHENTICATION
CARRIES OUT AN AUTHORISED TASK
ON A TRUSTED DEVICE
USING AN APPROVED APPLICATION
TO A PROTECTED ASSET
AN AUTHENTICATED USER
ACTIVITY
...AND USER AUTHORISED TO USE APPLICATION
USER AUTHORISED TO CONDUCT TASK
...AND USER AUTHORISED TO ACCESS ASSET
...AND USER AUTHORISED TO USE DEVICE
AUTHORISATION
CUMULATIVE AUTHORISATION
THE ENEMY WITHIN Despite all the bad actors out there, the biggest threat is under your own roof. When a business falls prey to a cyberattack, the trigger is most often human error – someone clicking on a link they shouldn’t have done, using a weak password, responding to a phishing text. But if there are robust internal security procedures in place – and everyone follows them – the risk of disaster is massively reduced. Keeping content out of the wrong hands is the main challenge that first comes to mind when we think about the production industry and cybersecurity. And while content security and anti- piracy are both essential, they are also one of the most widely tackled and well-understood aspects of a studio’s defence strategy. In addition to restricting access to the content itself, digital watermarking, DRM, file monitoring and more intelligent workflows mean that systems are in
BUILDING SECURITY This diagram demonstrates the benefit of a ‘zero-trust’ system and the ‘cumulative authorisation’ effect inherent to it
place not just to cope with the pirate threat, but potentially eliminate it. In addition to piracy, there are cyberattacks that directly attempt to destroy infrastructure. These are the ones that keep governments up at night most – the literal destruction of essential assets by shutting down the cooling in a power plant, for example, or opening the floodgates of a dam. We don’t see too much of that in the world of film production, although the broadcast world – with a lot of money and prestige on the line during events – has seen its share of attacks where systems were taken offline with the goal of complete destruction. An attack on the Pyeongchang 2018 Winter Olympics, launched during the opening ceremony, threatened to destroy the Games’ entire IT infrastructure, and would have too if not for some last-second interventions. For Hollywood, common blackmail and extortion are a much greater vulnerability, through tools like
79
definitionmags
Powered by FlippingBook