February 18, 2019
The Content Delivery & Security Association (CDSA), in collaboration with the Motion Picture Association of America (MPAA), are responding to next-gen threats with the Trusted Partner Network (TPN), “a voluntary process by which vendors can assess the security preparedness of their facilities, staffs and workflows against industry best practices.” CDSA executive director Guy Finley, who is also MESA president, and CDSA chairman of the board Ben Stanbury, Amazon’s chief security officer, described TPN at the HPA Tech Retreat.
The TPN initiative is also supported by the 28 member companies of CDSA and MESA (Media & Entertainment Services Alliance), 20 of which were present at the Tech Retreat. In addition to improving content security, TPN “also aims to reduce the number of often-duplicative content owner audits film and TV vendors undergo every year.”
“There are a lot of issues to take into account to keep assets safe,” said Finley. “Breaches and leaks have been in the news. Other issues include regulatory compliance requirements, MPAA best practices, extortion, hacking, corporate espionage.”
Stanbury added that, “as these threats advance, it’s about going back to basics.” “It’s about a unified approach — doing the simple things well,” he said. “It brings content owners, the vendor community, MPAA and CDSA together to build services and programs.” They are also “looking at partnerships with DPP, Cloud Security Alliance and other groups to aggregate information.”
Phase 1 of the project was facility assessments, “to consolidate and not duplicate services.” “We’ve formed this consolidated set of security requirements,” said Stanbury. “Anyone who meets eligibility requirements can be a qualified assessor.” The next step, explained Finley and Stanbury, is to “get the information out there.” Each service provider or vendor can nominate a security advocate who is given training and a community to interact with.
“It’s not limited only to facilities,” said Stanbury. “We want to broaden participation.”
“Most industries have a dedicated threat aggregation program,” he explained. “The automotive industry has ISAC (Information Sharing Analysis Center), for example. We’re building a program where any relevant threats to our constituents are being broadly shared with them.”
Finley added that the group has 2,400 vendors in its database. “We look at this as a fringe benefit of the program,” he said. “You can sign up for this and get information specific to M&E and that impacts your IT infrastructure, regardless of size.”
Phase 2 will launch at NAB 2019. “It’ll be fully functional by Q3 or Q4 this year,” promised Stanbury. “You’ll be able to test your framework — including a cloud platform capability assessment — through the system. We’ll also offer secure configuration guidelines and implementation configuration assessment.”