Production Specs & Resources
With the change from on-premises to production using cloud services (whether hyperscale cloud providers, hybrid cloud, or on privately hosted cloud services) a new approach to security is required. In response, MovieLabs has defined the Common Security Architecture for Production (CSAP), a security architecture that can be used by anyone building next generation security systems for production workflows. The need for a CSAP was driven by our 2030 Vision work, where MovieLabs foresaw the challenges of securing workflows happening outside of facility security perimeters. CSAP makes extensive use of common and well-documented services available from major cloud service providers and other common security services. This approach is intentional because we need to build a common and high-quality security ecosystem before we implement advanced software defined workflows on top. Provided below are the critical documents included in the download ZIP package.
The architecture is divided into parts with parts 1 to 5 published so far. The current version of CSAP, 1.2, was published in October 2022 with an update in December 2022.
- CSAP Part 1: Architecture Description is the main architecture document and introduces core concepts such as dynamic security policies.
- CSAP Part 2: Interfaces is a high-level description of the interfaces between components.
- CSAP Part 3: Security Levels defines a set of security levels to demonstrate how the security implementation can be scaled to fit the requirements of different types of production.
- CSAP Part 4: Securing Software-Defined Workflows discusses the integration of security into workflows utilizing software to support collaboration and automation.
- CSAP Part 5: Implementation Considerations includes three documents (5A, 5B and 5C) with recommendations and suggestions for those implementing CSAP today.
As part of the package we include the “Evolution of Production Security” (2020) whitepaper that is an introductory document explaining the need and the approach taken.
MovieLabs and its member studios are working on the next part of the architecture, which will cover a security policy description language.