CYBERSECURITY
WHETHER YOU’RE A CAMERA ASSISTANT OR VFX SUPERVISOR, YOUR DAILY JOB WILL INVOLVE EXCHANGING FILES – and it’s now a priority to be able to do that securely ”
STUDIO- PROVIDED CLOUD INFRASTRUCTURE
a wall – with controls put on everything passing through the main gates. With the cloud and a fractured workforce making those walls irrelevant, even a liability, a new model is required. “Complexity is the enemy of security,” says Stephens. “The more complex your security management, the greater the chance it’s not going to work.” The answer has been a shift of focus from this ’perimeter security‘ model to a ‘zero-trust’ model. Zero trust is being adopted rapidly across multiple sectors – in 2021, US president Joe Biden issued an executive order on cybersecurity, requiring federal agencies to start using it. In a zero-trust framework, every device, service and person inside the network must be authenticated before it can connect. Because authentication happens at every connection point, the network is divided into small, isolated segments, making it far more difficult for a cyberattack to propagate through the business. Zero trust is also built on a ‘least- privilege’ system, which means that users only have the level of access they need to do their jobs. This allows for finer granularity of controls. You might have access to the assets and software to do the VFX shots your team is working on, but you don’t get to access the dailies of a love scene between the two stars. A COMMON SECURITY ARCHITECTURE As part of its 2030 vision, MovieLabs published a Common Security
Architecture for Production (CSAP). A working document that continues to be updated, CSAP anticipates an ever- greater migration to the cloud for movie production workflows. One of the basic principles in the CSAP document is that security must be intrinsic to the system and cannot inhibit the creative process. “At the start of my career, 20 years ago, I ran a production group at Disney,” Stephens continues. “We didn’t want IT coming anywhere near our computers with antivirus software because it got in the way. The friction that security introduced was not something we wanted to deal with. “That still happens today – security gets in the way of the creative process. And the tighter the security, the more it does so. CSAP doesn’t do that, though, because of the principle of security by design – things are intrinsically secure, so you don’t have to impose security from the outside.” The security-by-design principle is built on the concept of a ‘protect surface’. In contrast with the attack surface, which is the sum total of all your vulnerabilities, the protect surface describes the smallest thing that needs safeguarding. Rather than securing every single asset and process, you assess what is important to protect and at what level it needs to be protected. “One of the premises of the zero- trust model is that your network is in a constant state of breach. Bad actors are already in,” explains Stephens. “It’s the things on that network, the assets and the workflows, not the network itself.”
POST HOUSE
RELATIONSHIP GOALS An example of the relationships in a typical production. Different levels of access can be delegated to each party as per CSAP best practice
82
DEFINITIONMAGAZINE.COM
Powered by FlippingBook