Production Technology

Production Security

A New Approach to Securing Production Workflows

While creating the 2030 Vision it became clear that a new cloud based approach to production would require a new cloud based approach to security. We can no longer rely on legacy approaches to protect physical production facilities when our critical media assets will not live in those facilities but on cloud systems, potentially owned and operated by third parties.​

With that in mind, MovieLabs and its member studios took a fresh look at production security from the ground up and created a Common Security Architecture for Production (CSAP) as a blueprint for any company looking to implement services, source cloud infrastructure or services, or integrate as part of a larger studio workflow. ​

​Unlike some emerging technologies in our industry (real-time ray tracing, virtual production, holographic projection) the CSAP is specifically built to be implementable today from readily available cloud services. We believe it is critical that our industry’s cloud migration be built on solid security foundations which is why we made the CSAP the first architectural document from MovieLabs to enable the 2030 Vision.

Security Architecture for the 2030 Vision

The MovieLabs security architecture is designed for the paradigms of production in the cloud described in the 2030 Vision and to provide guidance for those implementing the principles of the 2030 Vision security white paper.

The architecture is a collaboration-oriented Zero-Trust Architecture (ZTA), concerned with securing and protecting the integrity of assets, processes, and workflows in the collaborative environment of media production. It is not concerned with providing perimeter security or protecting the underlying infrastructure of production but is instead focused squarely on enabling secure production even on infrastructure that is not trusted. It is designed to secure production workflows using infrastructure from hyperscale cloud providers, private cloud providers, datacenters, small facilities and at home users.

The architecture describes the components of the security system and the interactions between those components. It strives to balance security, availability, usability, and cost-efficiency to deliver usable and user friendly security.

However, we are at the beginning of production in the cloud, and cybersecurity is a rapidly evolving field. Since we first published CSAP, we have learned from implementers and, as we do so, we revise CSAP. We expect that the architecture will continue to evolve and improve through ongoing collaboration with partners across the ecosystem.

Much of the effort implementing CSAP is in the design and implementation of the underlying zero-trust architecture. CSAP aligned with the current shift in cybersecurity from perimeter security to zero-trust architectures, and the CSAP Zero Trust Foundation is a non-industry specific zero-trust implementation that has certain characteristics that make it a foundation on which to build CSAP.

We periodically publish updates and additional parts to CSAP. The latest update was published in August 2023.  All parts of CSAP are available on the MovieLabs Media Creation Documentation site here.



Whereas the CSAP approach is designed for the 2030 Vision where media creation will largely occur in the cloud and be based on Software Defined Workflows we recognize that the industry has some way to go before we can deploy all of those technologies and that CSAP  is only at the beginning of the implementation. To meet the immediate needs of those wanting to secure cloud resources today, perhaps in a hybrid pr private cloud environment, MovieLabs and its member studios have also developed a set of recommended practices for production security today.  We refer to these recommended practices as the Enhanced Content Protection for Production (ECPP) .

The ECPP recommended practices and the Executive Guide to ECPP are available for download to help you in planning the security for your  use of cloud resources in media production.

Specs & Resources