Content Security in the CLoud


Bruce Devlin TV-Bay Magazine
Read ezine online

Security is a difficult topic. There is no such thing a generic security. You always secure yourself against specific threats and hope the solution is generic enough to cover other similar classes of threat. For example - placing an expensive lock on the front door of your house prevents the specific threat of gaining access by using the door handle on the door. It gives you no protection at all from someone using a diamond tipped chainsaw to cut through the house to make a new door. (Yes this is a real thing - a friend of mine trains law enforcement officers to do this).

One of the great opportunities that comes with cloud processing and cloud storage of content is that it 's new and it 's flexible and it allows new ways of collaborative working that cannot be done any other way.

One of the commercial risks that need to be addressed with cloud processing is that of security. In any cloud deployment there will be multiple organisations involved. You may be buying Software As A Service (SaaS) to store, edit and manage your content. The SaaS provider is running parts of their software on top of another company 's Platform As A Service (PaaS) to provide some global service to their software (e.g. Authentication and Identity services) and that platform may be physically running on multiple Infrastructure As A Service (IaaS) datacentre instances to make the whole thing work.

If security is a key commercial driver for you adoption of any cloud technology then understanding the threats to the different stakeholders in the chain is vital to the overall security model. Having great user authentication at the SaaS layer is good, but it won 't protect against someone with a diamond tipped software chainsaw gaining entry at the PaaS layer. Likewise the PaaS layer is only secure when the physical, network and software security at the IaaS remain intact and no-one leaves a back door open.

Cloud security is a fluid and ever changing topic with Best Practise being re-written with every new data breach. It 's important to realise, however, that an unencrypted server full of content on-premise is unlikely to be more secure than having the same data encrypted in a best practise cloud environment.

Most security specialists agree that building an impenetrable system is impossible, so the pragmatic approach to securing content in the cloud is to have a variety of strategies that can mitigate against an inevitable breach. This can lead to interesting conversations with the software and platform suppliers. For example - assuming that your content is encrypted on the servers of your SaaS provider then who holds the keys to the decryption? Is it the SaaS provider or is it you? There is no correct universal answer to the question, but know that it should be asked and knowing the answer can help to build a risk model and from that a mitigation strategy if you need content security.

One of the final issues to consider is "How do you detect a data breach". This is more difficult than it sounds. If you 've followed the Linked In 2012 data breach story (see Wikipedia for up to date references) you will see that it took some time to detect that a breach had occurred and much longer to evaluate the full scale of the breach. If security of content is important in your business then detection of a breach must form part of an overall risk mitigation strategy.

Time for me to go home and write next month 's class. Now where did I leave my keys?


Tags: iss114 | cloud security | saas | paas | Bruce Devlin
Contributing Author Bruce Devlin

Read this article in the tv-bay digital magazine
Article Copyright tv-bay limited. All trademarks recognised.
Reproduction of the content strictly prohibited without written consent.

Related Interviews
  • New CEO and news update from TMD at NAB 2017

    New CEO and news update from TMD at NAB 2017

  • Forscene at IBC 2014

    Forscene at IBC 2014


Articles
The Making of Zero
Keith and David Lynch

The Brothers Lynch explain how they created the sinister atmospheric world for their new sci-fi short

In a post-apocalyptic world where humankind has emerged victorious in a war against artificial intelligent machines, a young girl dares to venture into the unknown. This is Zero, the new sci-fi short film from acclaimed British writer-director duo The Brothers Lynch which has premiered at the Tribeca Film Festival.

Tags: iss139 | blackmagic design | davinci resolve | editing | grading | grade | mk2 zeiss | superspeeds | cinema 4d | molinaire | Keith and David Lynch
Contributing Author Keith and David Lynch Click to read or download PDF
Covering Ironman Australia
KitPlus KitPlus recently chatted with Stephen Kane, production manager of IRONMAN Oceania in Australia and New Zealand. IRONMAN is one of the leading mass sports brands in the world, consisting of over 260 events across 44 countries including long (IRONMAN and IRONMAN 70.3) and short (Sprint and Olympic) distance triathlons, mountain bike stage racing, road cycling and running, both marathon and trail. One of those events is IRONMAN Australia, which takes place yearly on the Australian east coast.
Tags: iss139 | ironman | dejero | streaming | cellsat | 5g | engo | mobile transmitter | facebook live | wi-fi | cellular | satellite | KitPlus
Contributing Author KitPlus Click to read or download PDF
Original KVM or KVM over IP
Jochen Bauer Will the technology used in broadcasting solely consist of IP devices? For years, IP has been entering all areas of life. Especially control room applications as they are typically deployed in broadcasting benefit from the IP revolution in many ways. But an “IP-only broadcast world” is not yet here. Nevertheless, the trend clearly moves towards IP transmission, even though a large part of content production still uses traditional transmission paths. And therefore we continue to live in a hybrid world, using both original and IP-based technology. KVM experts Guntermann und Drunck still rely on both original KVM and KVM-over-IP™ to be able to offer their customers the best of both worlds.
Tags: iss139 | kvm | gdsys | guntermann and drunck | kvm-over-ip | Jochen Bauer
Contributing Author Jochen Bauer Click to read or download PDF
The Future of Broadcast Connectivity
Jamie Adkin The use of KVM equipment has been essential to meet the evolving needs of the broadcast industry for many years. Over that time, many in the industry have recognised the importance of using IP-enabled KVM to break down technological barriers and enable real-time access to visuals wherever and whenever they’re needed. These components are vital parts in live production environments in particular.
Tags: iss139 | adder | kvm | ip kvm | Jamie Adkin
Contributing Author Jamie Adkin Click to read or download PDF
Keeping Pace with the Content Revolution
Kevin Fitzgerald These are uniquely challenging times for broadcasters and their technical teams. Not only are they having to negotiate the move to IP-based infrastructures and the introduction of new formats and techniques such as 4K and HDR, they are also having to generate more content than ever before to support OTT and web services as well as traditional linear broadcast.
Tags: iss139 | streamstar | streaming | case 800 | ipx | ipx-3g | Kevin Fitzgerald
Contributing Author Kevin Fitzgerald Click to read or download PDF