The security advantages of remote working09.9.21
Most people working in post-production have, at some point, walked into a lavish office in one of the metropolitan hubs and experienced the layers of embedded security for themselves. It’s no mean feat to get past reception, let alone operate lifts and open doors without a keycard. If you think you’re dodging the cameras, think again. Keeping the content in the building from prying eyes, as well as having a record of those moving around the office was once seen as the gold standard of security.
Now, that’s all changing thanks to the security advantages offered by the cloud. Thrown in at the deep end by necessity rather than choice, studios have adapted their facility driven approach to include remote setups to allow staff to keep working and deliver projects on time. These remote workflows are, in many ways, an improvement on the traditional model and offer an enhanced layer of protection against increasingly sophisticated attacks no locked door ever could.
The security benefits of centralization
Often in facility environments, once content is transferred externally it’s likely stored across multiple machines, in different locations that have differing levels of security and access. You’re relying on the diligence of others. By storing all content on the cloud, everything is centralized within a hyper secure environment and never has to be transferred externally. Every time content moves it’s exposed to the potential vulnerabilities of that new facility or environment, compounding the attack vectors over time.
There are industry-wide standardized measures in place to mitigate these risks, like MPAA and TPN, but the reality is that different facilities are run with varying levels of enforcement and compliance when it comes to sticking to the best practices. Major cloud providers with numerous ISO certifications also have the resources to manage the physical security of their facilities more thoroughly than the majority of businesses could ever logistically accomplish.
People are always the biggest vulnerability with any security system. Most of the major hacks aren’t derived from faulty network policies, they come from someone clicking on an email link they shouldn’t, opening a compromised attachment, or plugging in a USB drive. Working in a secure cloud environment means these risks are eliminated, and access to content can be managed programmatically, thereby significantly reducing the available touchpoints and overall risk to the system present with manual systems. Finegrain permissions settings determine who has access to data, and controls what can be done to it.
This can be as simple as restricting access to certain IP addresses, requiring users to use MFA or SSO systems, or encrypting your content at rest and in transit with military grade technology like FIPS 140-2, AES 256, TLS 1.2 and AWS-SSE. Also, with cloud systems you never run the risk of an unregistered company device that doesn’t have anti-virus, anti-malware protection or an up to date operating system security patch becoming the newest weak link in the chain.
Working in a centralized cloud environment also means that every action is audited in real-time throughout the entire supply chain. Rather than retrospectively trying to uncover what went wrong once a breach has already happened, cloud workflows allow for proactive and continuous monitoring throughout any high-security project. Alerts and notifications can be set up to ensure improper attempts are caught as they happen, offering immediate revocation of access and a reassurance that any attempted breaches can be dealt with before they become a problem.
This detailed log of everything that happens inside the cloud environment effectively provides a completely robust audit trail, introducing the aspect of personal accountability on a profound level. One of the best defences against security breaches is the fact that personal reputations are at stake within the industry. Data logs, digital watermarks and customisable hyperlinks tie actions to individuals beyond reasonable doubt, with companies able to trace back any breaches to a personally identifiable instance.
Can cloud computing replace physical security?
The reassurance that having content stored, and worked on, locally is undeniable. It taps into a primal misconception that what is in front us is under a greater degree of scrutiny, because of our physical presence. The truth is, the best magic is done up close, and cloud-first approaches remove a lot of the possibilities for nefarious actions to be carried out. The computer simply says no.
For those determined not to rely entirely on cloud workflows, and who need some level of physical security in place, hybrid infrastructure setups can combine aspects of both. For the most secure projects, artists can work in offices with all the reassurances provided by physical security, working from a virtual machine accessing content stored in the company’s AWS S3 bucket. This approach arguably combines the best of both worlds, and may offer many businesses the stepping stone required to make progress toward freeing up and further empowering their workforce.
Looking ahead, more studios will inevitably find ways of scaling their business using cloud technology and in so doing, will experience first hand the benefits of a more secure and robust system. The kicker is, cloud providers are innovating faster than ever and we’re only going to see this already improved way of doing things, getting even better.
– Jon Mason, co-founder and CEO at Hotspring
Be sure to check out our blog for the latest Hotspring news and updates.