The migration to cloud workflows within the M&E sector is advancing at pace. This includes the smallest post-production vendors, re-inventing themselves through necessity from the pandemic, right up to the largest content distributors, beginning to stream all their content from the cloud. As this Cloud for Media report highlights, the return on investment is justified by the time savings from increased performance and the ability to scale in more cost efficient ways.
A comprehensive security strategy underpins any successful cloud workflow. Without this you are taking unnecessary business risk and not taking full advantage of what the cloud offers.
At the DPP’s September 2021 Media Supply Festival, Sky made an impressive live presentation about their new end to end cloud workflow which has been created in partnership with their third party SaaS application vendors. When asked what they saw as their biggest headache, Sky responded: “Security is the standout point. Don’t come to us with a product that doesn’t tick the basic security requirements. It could be the most amazing cloud native product, but if it doesn’t have security, we simply can’t use it.”
While cloud providers do issue sound best practice guidance, implementing this isn’t always straightforward, especially if you are doing it retrospectively. The number of vulnerabilities surfacing from an independent cloud security assessment, that a vendor was most likely previously unaware of, can be daunting. But there’s a noticeable change in attitude and it’s encouraging to see the supply chain embracing security which instils confidence for staff, partners and customers, ultimately making their businesses more successful.
Convergent is a principal provider of risk assessment and security compliance services for the M&E sector, with offices in the US, UK and India and representation across EMEA, the Americas and Asia Pacific. Our global team of qualified assessors undertake site, cloud and SaaS application security assessments and testing efficiently, providing the required assurance to content owners and the supply chain. Additional services include web app and infrastructure threat assessment penetration testing; cloud configuration vulnerability scanning; pre-assessment and remediation consultancy; SanctumIR Incident Response; SOC2/ISO/NIST Readiness; privacy compliance; and policy development.