Cybercrime has become a mature industry. It’s been around since the earliest days of the Internet, and it grows and adapts to market conditions. From Nigerian princes to phishing to password and identity theft to email hacks to ransomware, cybercrime only gets more sophisticated. And it has entered nearly all facets of our lives. Even a camera aimed at the front porch is a potential open door to a hacker.
Yet, the vast majority of everyday people, in their everyday lives, do very little to protect themselves—i.e., their personal metadata—from potential theft, even when it’s made relatively simple to do and doesn’t cost much. Who knows why? It’s the same for data backup and disaster preparedness kits; people tend to pay attention after the need becomes clear.
The team at Fortium Technologies is well aware of these tendencies, and they’ve heard every excuse in the world, often after a breach, for why data encryption was not integrated into a system or workflow. The British company (with a big presence in Los Angeles) has been involved in information security for many years, from its origins in protecting the content of emails, to discbased encryption and now security on the file level, regardless of file type. The company specializes in what’s called encryption-at-rest. And they specialize in the entertainment industry.
“Use of encryption is all about compatibility,” says Fortium CEO Mathew Gilliat-Smith. “If you think about TV and motion picture productions, you shoot and cut, then get to final cut and final mix—you are typically using professional editing tools, which can’t deal with encryption because they need the original format to do editing. That’s where we come in.
“We were able to build a system that could handle encrypted files at the kernel level and hand them off to the editing program,” he continues. “Media Composer, Pro Tools, Premiere and Final Cut would see the file as normal, but with an access control wrapper by individual file and user. To do that it had to be file-agnostic, so you can work on any editing program with any file type.”
About 12 years ago, Fortium got involved in content security when it undertook outsourced development for a number of the studios, including NBC Universal. More recently, routine MPAA security audits began to flag up that content was often being “edited in the clear without any protection present,” Gilliat-Smith says. “Studio systems were generally pretty good, except for this vulnerable hole in post-production picture and sound editing. That’s where our MediaSeal product got going.”
MediaSeal is based on military-standard AES encryption and designed to address the entertainment industry and its unique workflows directly. With an established encryption wrapper in place, updates primarily have to do with system compatibility, authentication levels and ease of use.
Fortium’s MediaSeal encryption product is billed on a relatively low-cost per-user/per-month basis. Clients range from the big studios and big-budget films to ad agencies and marketing companies that might work on the trailer, and mid-sized post houses that work on TV. Last year, MediaSeal expanded to encryption-on-the-fly with the introduction of Live Folders.
“Encryption-on the-fly is sort of a self-protection tool, so that if you are editing a rendered out file, you can just drop it into a folder and it is automatically encrypted,” Gilliat-Smith explains. “This has been very warmly received. Studios see it as much easier to use in a workflow, especially where there are segregated networks and it’s difficult to talk to the outside world.”
Encryption-on-the-fly is just one of the many ways that Fortium tries to make it easier to protect content, at any point in a production. They are aware of the psychological gap when people have to introduce a new step into an established process but try to make the encryption seamless and normal.
“It’s really an education about perception,” Gilliat-Smith says. “I think people automatically associate encryption with complexity and extra time. But almost everything you do today requires some kind of password or point of access. If you’re working on something worth millions of dollars, why should that be any more laborious?
“In respect of security I think the larger issue, however, is that in any production there are many different owners of the various stages—producer, head of post, sound editors, special effects, marketing people,” Gilliat-Smith says. “Budgets and responsibilities are silo’d, and aspects that cover a whole production can get lost. Also, these people are used to their own way of doing things, and change can be unwelcome. Perhaps the best way to tackle the problem is for a directive from the top, for security to be a budgeted line item on each production. The finance directors would put it in the budget from the outset, and funding for a production would only get signed off once the content security check box was ticked.”
There have been more than a few high-profile content-security breaches in the past couple of years, and many more that are never reported. Ransomware, or cyber theft holding you to ransom, has proven particularly malicious recently, and the experts forecast worse to come. Already in January we have the Intel chip flaw, and Gilliat-Smith asks, “Is this the next big thing?
“Still,” he adds, “at the end of the day, everybody working in the industry wants to make sure the content they’re working on is safe. No one can chance whether to have security anymore, its more a question of how best to implement it. MediaSeal was designed by a studio for studio use.”