Crystal Pham from the Trusted Partner Network talks about how content owners use MPA Best Practices to gain complete visibility into service and software providers’ security preparedness.
Despite years of deploying sophisticated content protection systems and services, piracy is still a significant challenge for content owners, distributors and thousands of related service providers. Indeed, millions of dollars are spent and lost each year addressing the problem.
Crystal Pham is Vice President of Operations and Program Management at the Trusted Partner Network (TPN) and talks here about how the organisation tackles the evolving issue of protecting content as it moves along the supply chain.
Proactive Protection
From pre-script to screen debut, producing content requires valuable data and assets to pass through many hands. “Protecting assets from theft and pre-release leaks is among the key challenges content owners face,” she said. “As a result, all companies and individuals throughout the supply chain must be proactive about identifying and remediating their vulnerabilities to safeguard content properly.
“That’s why the Motion Picture Association’s (MPA) studio members and other content owners, using their own independent and risk-based decision-making, often partner with service and application providers across the content creation and distribution landscape who are compliant with the MPA Content Security Best Practices.”
Maintained by the TPN, this document works as a verified framework and set of controls preparing content owners and production teams to secure content in the cloud and on-site, including work-from-home and software applications.
Interactive Online Community
Their work covers a wide range of issues, from developing new best practices around cloud storage and virtualised applications, to emerging security concerns relating to AI and machine learning, each of which can present specific security risks and weak points.
“TPN has an interactive online community platform that centralises trusted information resources where member companies – including service and application providers – can participate, centrally communicate and self-manage their security status. They can also can identify and reduce duplicate security reporting efforts,” said Crystal.
“Using TPN’s expertise, content owner members can search for suppliers while viewing their self-reported or assessed security status, based on MPA Best Practices. Using this information, content owners have access and complete visibility into service and software providers’ content security preparedness.” Ultimately, by publishing security best practices and proactive assessments of vendors prior to project engagement, TPN encourages efficiency and alignment between content owners and service providers on crucial content security requirements.
Benchmark and Assessment Process
To date, more than 1,000 production, editorial, post and distribution companies, content producers and content owners have signed up as TPN members, and others continue to join the online registry every day. Its sole purpose is to ensure content security preparedness across the media and entertainment industry, thus saving content owners time and money in finding a suitable match.
For service providers handling high-value content, TPN operates a benchmark and assessment process for security preparedness and awareness. Through this program, service providers work with an accredited TPN third-party assessor, who supplies a comprehensive report focusing on important security issues, from network backbone and access points to business continuity.
When all the required content security criteria have been met, service providers are presented with a Gold Shield rating. Crystal said, “This rating is widely recognised and not only helps attract new business but also assures content owners of their technology partners’ focus on security. Owners can then use this rating to make independent risk-based decisions regarding vendor partnerships.
“TPN’s assessor community includes a diverse range of global content security experts. They support the TPN initiative by carrying out thorough security assessments, standardised on the MPA Best Practices framework and TPN program for assessing site, application and cloud security.”
Keeping Up with Security Trends
To support its approach and policies, TPN conducts research to identify security trends and regional risk factors and then works with its local membership to address various obstacles to compliance. “For instance, the most recent TPN report examined the APAC region, where 63% of TPN’s APAC members are based in India and are responsible for more pre-release post-production work than anywhere else in the world,” noted Crystal.
“But this group also clearly appears to be the least prepared or compliant with MPA Incident Management Best Practices. More specifically, slightly more than half of the region’s TPN members say they have no defined scope for risk management, no third-party to conduct risk assessments, and they do not meet with management to document risks.
“Being aware of this situation can be invaluable to a TPN content owner in another part of the world looking to work with vendors in the APAC region. It also alerts underperforming service providers that they need to raise security standards if they want to work with content owners.”
Business Continuity in the Cloud
Another eye-opening statistic TPN uncovered is that in terms of business continuity, close to 70% of TPN APAC members do not test business continuity procedures regularly and despite a growing supply chain using the cloud, do not have a well-defined Shared Security Responsibility Model – that is, a framework for establishing cloud security responsibilities between cloud service providers and customers.
Furthermore, most have not identified workarounds or alternatives for when problems occur. “Finally, the research also shows that when it comes to disaster recovery, 77% of TPN APAC members may not have cybersecurity insurance or a set of established priorities for disaster recovery procedures,” Crystal said.
“To help address issues such as these, TPN has planned a series of workshops in each region of the world, during which it will share more focused data with members. In each case, TPN moderators will discuss how that region rates in terms of content security and discuss ideas about how TPN can better support their security preparedness. This work will include supporting members who must work with limited resources and security budgets.”
Moving forward, TPN will continue to pursue its goal of building a more secure future for content owners, to make the process of finding and vetting new remotely located suppliers much easier for smaller, independent owners as well as for the larger MPA members. This forms part of TPN’s wider mission to raise the overall standard of content security in the most efficient, cost-effective way. www.ttpn.org
