Section 3.2
SECURITY & ACCESS
OVERVIEW
In our 2030 Vision, access to every asset can be authorized to a specific individual for a specific task and a specific duration. To that end, we need an industry-wide means to identify and validate every industry person who has access to a production asset (a single “Production User ID”). Writers, producers, colorists, studio executives and anyone else involved in the process would have a unique identity that would be used to determine what they can control, access or edit. Very few people need access to every asset on a production, so restricting access to certain assets or types of assets can immediately provide a more secure environment. A colorist may not need access to VFX assets, but does need final composited frames; a dubbing artist may need two weeks’ access to the final English master and the script, but does not need access to the final audio stems; and so on. A creative working on an asset may limit access to a small number of specific users, and then increase who has access as the asset progresses toward completion. We envision a system, therefore, in which a user on a project can be identified and authenticated and be assigned a specific task and access to specific files for a specific duration.
As studios, agencies, talent and vendors are attached to a project, the list of approved partners grows, including those who can, in turn, delegate rights to others.
EXAMPLES
A producer is working on two movies for two different studios. When she logs into her web portal to view assets and workflow tools, the platform separates the confidential assets from each movie so there is no danger of assets being shared between studios.
An editor leaves a post-production company to move to a competitor, and much like his corporate email is removed as he walks out the door, his access and permissions to sensitive media files are also immediately withdrawn.
An independent creative is typically provided multiple apps when starting any production to manage access to physical and digital assets and handle timecards, payroll and other operations support. Using a standardized production ID, the creative need only remember one username and password combination to access all the relevant apps. Ultimately usernames/passwords may be phased out, as they will in other industries, in favor of other authentication systems that are more secure and easier to use, such as biometrics.
IMPLICATIONS
The entertainment industry is likely unique in that it releases products after they have been conceived, created, touched, enhanced and financed by an astonishing number of independent parties who collectively contribute to the end result. Enabling individualized and fine-grain access controls to media assets in the way we describe has always been desired, but never before achieved. There will therefore be resulting work with all of the guilds and the creative community to ensure the new system is well understood, the value of it correctly conveyed and the system ultimately embraced.
A considerable amount of coordinated IT infrastructure and industry agreement is needed to enable this section of the Vision. IT demands are not just at studios but at production companies, vendors, software and tools providers and guilds and their individual members. This coordinated work will deliver payback in industry-wide efficiency gains and a more secure and auditable workflow. Users benefit by having one set of credentials that will follow them between productions. There is also a potential benefit in linking this single-user system to a blockchain to associate these users with their work via a distributed ledger.
This model could allow accurate tracking and auditing of any particular person’s involvement in a production. Their production profile (e.g., IMDB or resume) could be verified as correct and automatically updated. Likewise, studios and productions will be able to accurately pay out any fees or required back-end revenue shares with full knowledge of who contributed what to the production. Of course, respect for privacy would be a necessary element of this approach.
OVERVIEW
By 2030, workflow must be secured using the best cybersecurity technologies that exist at each moment in time. This requires continuously refactoring to stay ahead of ever-emerging malicious tools that exploit vulnerabilities and penetrate systems. Advances in technology, such as quantum computing, may mean that critical parts of the security system occasionally have to be replaced. Our 2030 Vision therefore includes a philosophy of cybersecurity built into the core architecture. Enterprise-centric security solutions that protect infrastructure are insufficient.
“Security by design,” the approach we are recommending, means designing systems where security is a foundational component of system design. The approach takes malicious practices for granted and makes no assumption as to the trustworthiness of users and services or what an attacker may or may not do.
It is critical that C-suite executives and all stakeholders actively support the security standards through policy, financial backing and internal promotion and by appreciating the enormous damage that can be done to profitability for every stakeholder if they are breached.
The MPAA’s Content Security Best Practices currently requires assessment of service providers, such as brick-and-mortar post-production facilities or cloud-based solutions, against a set of industry-accepted security best practices. The guidelines reflect today’s approach to cybersecurity in the broader enterprise world and are not yet envisioning entirely cloud- and software-based workflows. In addition, thinking on cybersecurity has evolved beyond perimeter defense (since it often fails to resist skilled attackers) and will continue to evolve over the next 10 years to include principles such as Zero Trust and predictive threat detection. While the practice of performing third-party assessments is not expected to go away in the next decade, there is hope that the validation aspects become less burdensome through the use of advanced cloud security tools and techniques and validation of security components built into the applications and processes that are the building blocks of cloud workflows.
Many of the breaches that are discovered daily across all industries fall into two categories:
- Problems in the selection, implementation, configuration and user training of security mechanisms.
- Vulnerabilities in the technology, primarily software, that is used by many enterprises.
Cybersecurity in the 2030 workflow will be built around the principles of a zero trust network model, in which nothing inside or outside the organization is automatically trusted and instead everything and anything is verified before a connection or access is permitted. UltraHD offered the industry the opportunity for significant improvement in the way content is protected for consumer delivery, and cloud workflows offer the same generational opportunity to change the way production is protected.
A separate document goes into more depth on the cybersecurity approach that will be needed to underpin this Vision.
EXAMPLE
A future cloud-based security architecture would no longer rely on access control lists – instead, there would be cryptographic protection of assets (e.g., a frame, a shot, an audio stem or whatever the production decides). Where access control lists fail, when an attacker gains greater privileges than they should have, cryptographic protection adds a layer of security that protects assets even when the attacker can access them.
This Principle highlights the difference between a facility using cloud resources to augment or replace its infrastructure (a “hybrid cloud”), and production in the cloud, when the entire workflow is itself protected regardless of the infrastructure it is running on.
This principle highlights the difference between a facility using cloud resources to augment or replace its infrastructure (a “hybrid cloud”), and production in the cloud, when the entire workflow is itself protected regardless of the infrastructure it is running on. That does not mean each facility would drop its own perimeter security systems, but rather they can be focused on their own IT infrastructure instead of the job of managing content owners’ security on their behalf.
IMPLICATIONS
Zero trust networks require engagement by every contributor to the workflow ecosystem: network equipment vendors, cybersecurity tool providers, application providers and service providers, and the organizations that use the systems. One challenge will be to implement zero trust in a way that is frictionless for users. Single sign-on provides users seamless, secure access to the media and tools they need to do their work.
Today, an attacker will typically breach the weakest link in the chain, gain trusted status and then hop from one system to another inside an internal network. Building workflows around zero trust principles prevents someone with access to one system from gaining access to another without reestablishing their authorization. The zero trust principle requires trust, such as user credentials, to be verified at each hop. Fortunately, authentication is a global problem and new standardization initiatives, beyond the entertainment industry, will simplify the implementation and make the new security model transparent to users once they are authenticated.
A fundamental requirement for producing content is the ability to locate everything used in the production, whether it is camera frames, documents, sound files, CGI models or final rendered video. Further, it is essential to understand how those files all relate to each other. It is within these relationships and modifications to files that creative processes occur. In future systems, these media components will all be in the cloud (Principle 1), so a cloud-appropriate linking mechanism will be necessary to understand these relationships. Perhaps this would be through a new universal link, much like a URL is used to direct a standard browser to find a webpage even though that browser does not store the physical locations of every website in the world.
A linkage system would serve two critical functions:
- Links can be resolved to a physical location. An application using the link is directed to the appropriate storage and does not rely on it being in the same location where it was last accessed. Objects can move within a cloud or between clouds transparently to the user. The cloud can perform whatever optimizations make sense, such as caching at the edge, without impacting users or systems.
- An asset could carry the links to other assets associated with it. For example, a camera frame file can be linked to the metadata description of the frame, and the metadata description would be linked back to the camera frame file. A camera frame can also be linked to the dialogue file recorded at the same time and vice versa. Links between objects are bidirectional.
In Figure 1, the scene is linked to the takes and each take is linked to the assets that were created during the take. These links are maintained through production, post and distribution and into the archive. Even years after a production has wrapped, it will be possible to know which files made it to various cuts of the content and retrieve the appropriate files.
Figure 1: Unified linking maintains the relationship between assets
EXAMPLES
In today’s world, a production typically uses a VFX company whose render farm is in its private data center and the applications access the production’s files using a file system. Rearranging the files on the file system, or moving them to the studio-managed cloud, currently breaks access, which then must be manually reestablished. With this principle, the files could be moved between storage or cloud providers freely; applications would use the link, which would be seamlessly updated and access would be uninterrupted.
The linking system could also accommodate a “one-to-many” scenario, for example, to enable edge caching of critical files at various locations around the globe, but without each carrying a new location – the link could be the same for each copy of the file and applications could resolve the link to the closest local copy to them.
In current productions, processes occur in physical locations (with cameras, sets, props, actors) and in the digital world (digital characters, simulations, environments), but the two are kept very much separate. By 2030, this link system could bridge the physical and digital worlds, allowing digital assets to appear rendered perfectly in the physical world and physical objects and plates to seamlessly appear in the digital world. The greatest challenge here is to develop an open system of interfaces whereby lighting (location, intensity, direction), 3D camera positions/tracks and 3D locations of characters and objects can be freely passed between physical and digital environments within the linking system. So, for example, lighting and camera positions can be set in virtual production in 3D space before principal photography. If any changes are made to light or camera positions/tracks during actual photography, those changes are seamlessly transferred back to the digital representation of the scene, keeping the two in lockstep.
IMPLICATIONS
For this to work, applications and devices across the industry need to support the use of links to create and access files, in much the same way filenames are used today. As DNS enabled an explosion of web content and lowered barriers to entry, likewise a linked approach could enable an explosion of simplification across the industry when it is natively supported by partners.
The use of distributed ledgers (such as blockchains) is frequently suggested as a solution to a broad range of problems. Despite the hype, there are genuine use cases in the media and entertainment creation and distribution ecosystem for such blockchain technologies. The innovation we hope to engender in this principle could allow an industry-wide blockchain that can be used to track and link all the components within a finished piece of media with their agreed contract terms, all expressed as a series of smart contracts.
We believe there will be considerable savings compared to today’s VFX workflows. Ensuring via linking mechanisms that digital and physical camera and object locations will always match makes it unnecessary to perform processes such as match-move and rotoscope, or to calculate lighting references or camera tracks. These processes are time consuming and labor intensive, so reducing or eliminating them completely will save productions considerable time and money.