3 Best Practices to Enforce Media Data Security with Encryption Key Management Services

Imam Sheikh

As cyberattacks evolve, media industry is prioritizing cybersecurity initiatives and creating awareness around good security practices. National Association of Broadcasters (NAB) debuted a Cybersecurity Certificate Program [i] in November last year. This year at NAB, Cybersecurity & Content Protection [ii] program is a part of the conference. This program covers a spectrum of concerns related to media data security, including threats and weak links, boundary-crossing content sharing workflows, distribution models, asset protection in the cloud and security standards and guidelines.

The industry has developed comprehensive guidance regarding media data security. The MPAA Content Security Program Content Security Best Practices Common Guidelines [iii] and the more recent Content Delivery and Security Association Film & TV Production Security Guidelines [iv]. The guidelines address security issues such as physical security, digital security, infrastructure, transfers, networks and cloud services.

One of the most fundamental aspects of security is encryption-translating plaintext or data into unintelligible text, or ciphertext, that allows only those with access to the right encryption key to decrypt it-a security control often referenced in these guidelines because it protects media throughout the entire lifecycle, from production through archiving.

Based on Equinix’s experience in providing encryption and connectivity services for globally distributed enterprises, we share three best practices-cloud-neutral encryption key management services, private connections and partner ecosystems-for securely managing content and media data/assets:

1. Use a Cloud-Neutral Encryption Key Management Service

When media production involves collaboration across cloud environments-private, public and hybrid-managing encryption across multicloud environments can be challenging. Dailies may be uploaded and stored in one cloud environment. During post-production these assets may be transferred to other cloud environments for editing, scoring and special effects, then recombined into the rough cut in yet another environment before finalizing the locked cut. In many instances, cloud service providers like Amazon Web Services, Azure, Google Cloud or Oracle may be hosting many of the post-production services.

Encryption provides confidentiality for your critical assets because a breach of a media repository only finds unintelligible ciphertext that has no value without the encryption keys. Historically, encryption was done using specialized, proprietary hardware devices that were on-premises. However, they are complex and expensive to maintain in a flexible, cloud-first world. Encryption Key management as a service is an alternative that offers economic advantages related to the overall implementation, regardless of where the actual service is applied. A cloud-neutral key management as a service provides greater protection against data breaches because keys are stored and managed in an entity separate from the media assets. Another unique value of cloud-neutral encryption key management as a service is that, regardless of where the media assets originate from or where they are shared, the centrally managed key management service applies same security controls across multicloud environments.

2. Use Secure and Optimized Interconnections for Collaboration

Equally important as encrypting media assets is the secure transfer of these assets among the various locations that collaborate to create the finished product. Transfer of assets, particularly voluminous media files, between different cloud environments or locations using the internet, is not as efficient nor as secure as private connections that bypass the internet altogether. When transferring via internet you contend with a multitude of users sharing those channels. That can lead to re-routing and delays as the network attempts to optimize throughput. Transfer via internet also risks exposure to entities intent on disrupting the creative process or stealing valuable properties.

Secure transfers between cloud environments should be made available via data centers located strategically throughout the world. These data centers should also support direct private connections between cloud providers. Private connections ensure security and guarantee high service level agreements (SLA) for rapid data transfers that are critical to media production. Such global data centers that manage media assets and services (including encryption keys) should be located proximate to users of these assets to reduce latency and enable real-time streaming.

3. Pick Providers with a Global Partner Ecosystem

Media companies typically work with several partners. Secure connectivity among media partners can facilitate greater efficiency in all stages of media development. For example, a studio creates a set of media assets in their cloud environment and securely transfers them over to a partner for further processing. However, creating a secure interconnection with each partner separately can be expensive.

Any provider you work with should make it easy and cost effective to connect to your partners. Providers should act as global interconnection hubs for hundreds of IT services, communication, cloud and network service providers that content and media companies may already be working with. Providers that offer a consistent user experience for your partners globally can improve efficiency and drive down cost significantly.

Learn More About Best Practices for Media Data Security

At Equinix, we welcome the opportunity to share our best practices regarding critical media assets. Learn how Equinix SmartKey and Equinix Cloud Exchange Fabric can ensure media data security and bring greater efficiency to content production workflows.

You can also download Volume 2 of the Global Interconnect Index to learn how enterprises are solving the complex integration and control challenges of distributed infrastructures and the Content and Digital Media – Digital Edge Playbook that explains the value and benefit of content delivery architectures.

Equinix connects the world’s leading businesses to their customers, employees and partners inside the world’s most connected data centers in 50+ markets across five continents. Our integrated, global interconnection platform with 99.9999% availability makes running complex, global enterprise applications even easier, with greater performance, scalability and reliability.

[i] https://www.pathlms.com/nab/courses/9683

[ii]https://www.mesalliance.org/conferences/cdsa-nab-2019?page=program

[iii] https://www.mpaa.org/wp-content/uploads/2018/10/MPAA-Best-Practices-Common-Guidelines-V4.04-Final.pdf

[iv] https://www.mesalliance.org/wp-content/uploads/2019/02/CDSA-Production-Security-Guidelines-01-19-v1.pdf