{"id":7334,"date":"2021-01-27T08:24:49","date_gmt":"2021-01-27T08:24:49","guid":{"rendered":"https:\/\/movielabs.com\/?p=7334"},"modified":"2023-08-01T01:04:58","modified_gmt":"2023-08-01T01:04:58","slug":"how-to-secure-the-cloud-as-a-universal-production-resource","status":"publish","type":"post","link":"https:\/\/movielabs.com\/how-to-secure-the-cloud-as-a-universal-production-resource\/","title":{"rendered":"How to Secure the Cloud as a Universal Production Resource?"},"content":{"rendered":"
MovieLabs releases new security architecture<\/strong><\/em><\/p>\n The complexity of delivering security to cloud users far beyond the perimeters of any facility needs a new approach to security. That was the premise of the MovieLabs security model published in December 2019. The Evolution of Production Security \u2013 Securing the 10-Year Vision for the Future of Media Production, Post and Creative Technologies<\/a><\/strong> presented a model based on six key principles for the future of production security. Today MovieLabs is publishing a security architecture that takes that model a major step toward realization<\/a>.<\/p>\n In other industries, we have seen conventional perimeter security fail in dramatic ways. According to Verizon\u2019s 2020 Data Breach Investigations Report, attacks that target perimeter security\u2014phishing and the use of stolen credentials\u2014are the top two contributors to security breaches. Media production in the cloud presents security challenges that go beyond those of other industries. For example, most production personnel are hired only for the duration of the production, and many small companies with distinct security perimeters and policies work collaboratively in a typical production. To respond to those threats, the security architecture must go beyond keeping intruders out, which is the role of perimeter security, and instead rely on authentication with continuous trust inference, as well as dynamic policies that authorize activity and apply the principle of least privilege temporally as well as spatially.<\/p>\n A resource for everyone on the production<\/strong><\/em><\/p>\n For us, the cloud is becoming a resource shared by everyone working on a production, and so should security. Sooner or later, copying data to local storage for processing on local compute will be a matter of choice rather than the de facto way of working. Security controls must be separated from the location of the data. The data, the compute, and therefore the processes that are the wheels of production, all will be in the cloud.<\/p>\n As the industry rose to meet the challenges of the pandemic, the explosion in work outside the protected walls of production facilities highlighted the urgent need for a new security architecture, because perimeter security cannot deal effectively with today\u2019s threat landscape. But just as importantly, the shared cloud with its multitude of different types of users\u2014the heart of production in the cloud\u2014cannot be secured inside a security perimeter without seriously impacting the creative process. To attempt to do so would mean a security solution that is the antithesis of the security-by-design principle: keep security simple.<\/p>\nIn the MovieLabs white paper The Evolution of Media Creation<\/strong>,<\/a> we outlined a vision for implementing true cloud-native production workflows. In that vision media production moves outside of the security perimeters that protect individual facilities such as post-production and VFX companies and becomes a virtualized security system to protect all of those involved in production workflows. These workflows transcend organizations, and simply stated, protecting them requires a new approach to security.<\/p>\n