Motion Picture Laboratories published Enhanced Content Protection for Production (ECPP) Recommended Security Practices for the Use of Cloud Services in Media Creation, version 1.0; which provides “a unifying set of recommended practices for those designing, building, configuring, or assessing the security of production workflows in the cloud.”
The ECPP is specifically focused on the new or significantly different practices for the cloud. It, together with its companion “Executive Guide to the ECPP,” looks at the current state of the threat environment and addresses the most common attack vectors along with the most active threat actors, and provides a set of global best practices that apply to all uses of cloud services and more specific best practices for Infrastructure-, Platform-, and Software-as a Service. It also discusses the challenges and considerations of securing multi-cloud production.
“We have developed the Common Security Architecture for Production (CSAP) on the premise that a different approach is required for securing production in the cloud, where the cloud is a resource shared across everyone working on a production,” said Richard Berger, CEO MovieLabs. “We hope that the different ecosystem participants across the industry can align their unique approaches to secure and assess cloud-based workflows and can benefit from the ECPP.”
Updating production guidelines in recognition of production in the cloud is fundamental. For example, pre-cloud, one important practice had been to air-gap production resources, to help minimize any risks that could be introduced by connectivity to a network.
Quoting from the introduction, “Once cloud services of any form are introduced, the perimeter security model breaks down because of the very nature of cloud services: for example, the cloud service provider controls the hardware and the network. You can’t airgap the cloud.”