A New Approach to Securing Production Workflows
While creating the 2030 Vision it became clear that a new cloud based approach to production would require a new cloud based approach to security. We can no longer rely on legacy approaches to protect physical production facilities when our critical media assets will not live in those facilities but on cloud systems, potentially owned and operated by third parties.
With that in mind, MovieLabs and its member studios took a fresh look at production security from the ground up and created a Common Security Architecture for Production (CSAP) as a blueprint for any company looking to implement services, source cloud infrastructure or services, or integrate as part of a larger studio workflow.
Unlike some emerging technologies in our industry (real-time ray tracing, virtual production, holographic projection) the CSAP is specifically built to be implementable today from readily available cloud services. We believe it is critical that our industry’s cloud migration be built on solid security foundations which is why we made the CSAP the first architectural document from MovieLabs to enable the 2030 Vision.
Security Architecture for the 2030 Vision
The MovieLabs security architecture is designed for the paradigms of production in the cloud described in the 2030 Vision and to provide guidance for those implementing the principles of the 2030 Vision security white paper.
The architecture is a collaboration-oriented Zero-Trust Architecture (ZTA), concerned with securing and protecting the integrity of assets, processes, and workflows in the collaborative environment of media production. It is not concerned with providing perimeter security or protecting the underlying infrastructure of production, but is instead focused squarely on enabling secure production even on infrastructure that is not trusted.
The architecture describes the components of the security system and the interactions between those components. It strives to balance security, availability, usability, and cost-efficiency to deliver usable security.
However, we are at the very beginning of production in the cloud and cybersecurity is a rapidly evolving field. While every effort has been made to describe an architecture that is flexible and durable, this is an initial version. MovieLabs and the industry will learn as implementation of a new cloud security model proceeds, and it is expected that the architecture will evolve and improve through ongoing collaboration with partners across the ecosystem.
We periodically publish updates and additional parts to CSAP. The latest update was published in February 2023. All parts of CSAP are available on the MovieLabs Media Creation Documentation site here
ENHANCED CONTENT PROTECTION FOR PRODUCTION
Whereas the CSAP approach is designed for the 2030 Vision where media creation will largely occur in the cloud and be based on Software Defined Workflows we recognize that the industry has some way to go before we can deploy all of those technologies and that CSAP is only at the beginning of the implementation. To meet the immediate needs of those wanting to secure cloud resources today, perhaps in a hybrid pr private cloud environment, MovieLabs and its member studios have also developed a set of recommended practices for production security today. We refer to these recommended practices as the Enhanced Content Protection for Production (ECPP) .
The ECPP recommended practices and the Executive Guide to ECPP are available for download to help you in planning the security for your use of cloud resources in media production.