EditShare EFS File Auditing
Introducing a new way of enforcing accountability to secure your content against data theft. EditShare’s highly anticipated storage auditing capabilities – which will ship with all single node and enterprise class XStream EFS platforms – are realised through a sophisticated Auditing Dashboard.
Offering peace of mind for content creators
The intuitive Auditing UI will provide system administrators with a high-level view of all actions across the EFS storage pool, historic and real-time, right down to individual user and file level.
Protection and Efficiency
The design objective of the EditShare EFS Shared Storage is to minimize or manage the resource contention that is inevitable in a busy storage cluster. For example, by storing system metadata in dedicated, fast RAM, EFS response to file transactions is never delayed by other file system processes. Likewise, our approach to media file storage ensures that disk and node contention and latency are detected and managed long before they impact latency real-time operations. This same philosophy is applied to EFS File Auditing. Dedicated, redundant audit log storage means that collection and analysis of audit logs is fast, efficient and secure.
Driving forces in content security
An early advocate for content protection best practices, the Content Delivery and Security Association (CDSA) published ‘best security practices’ documents for production/post production as well as music recording studios. The CDSA advocates a multi-layer approach, spanning management, personnel asset management, physical access, IT security, training, incident management, workflow and script handling when considering the security of valuable assets and content.
The Motion Picture Association of America (MPAA), which represents Walt Disney Studios, Paramount Pictures, Sony Pictures Entertainment, Twentieth Century Fox Film Corporation, Universal City Studios and Warner Bros. Entertainment, has weighed in. Like the CDSA, the organisation recommends several layers of security practices for safeguarding critical media assets, including management oversight practices, physical security practices and digital security practices. These recommendations are outlined in its published document titled Content Security Best Practices Common Guidelines.
Compliance with the new security best practices and technologies is fast becoming the standard for production, post production and content producers doing business with studios and networks. These new content management protocols and technologies are also shaping 2018 capital investments for facilities all over the world looking to come in line with recommendations.
Better, more flexible and riskier IT-based tools
The file-based workflows, distributed collaboration, cloud-based production and IP replacement of coax and SDI have delivered on their promises to make media and entertainment content production more agile and efficient. These new workflows and solutions have also significantly expanded threat surfaces available to cyber criminals.
Application servers, media processing systems, asset management systems and media storage are typically protected from external threats by firewall solutions. LDAP-based user permissions and network policy management systems like Active Directory are being deployed to implement ‘fewest permissions’ access to critical assets. Encryption and watermarking technologies have been leveraged to prevent or detect piracy or other misuse of media assets. Firewalls, Active Directory system, encryption and watermarking can be effective barriers to cyber criminals. However, if breached (or circumvented by insiders) they provide no information about who was involved and which assets were risked.
An important missing link
The media and entertainment industry as a whole is largely aware that it is vulnerable to these types of threats. However, the challenge was that until recently, there were no shared production storage solutions designed for the M&E space that had embedded file auditing capabilities.
File auditing solutions focus on answering ‘Who did what to which files and when did they do it?’. Solutions like these are designed to deter would-be internal threats as each interaction with a given file leaves a traceable digital footprint. Pulling audit files provides administrators with a look back into the history of the facility’s operations. This can be especially useful when considering the events surrounding a data breach and then using the information as the basis for security procedures in the future.
“Application servers, media processing systems, asset management systems and media storage are typically protected from external threats by firewall solutions.”
MPAA best practices call out requirements to have file audit logging capability on all significant systems and workstations, to collect file audit logging information in a central repository and to store file audit logging information for a minimum of one year.
File auditing solutions are tightly linked with specific systems. In the case of our company’s solution, EditShare XStream EFS media storage solution, file auditing operates as part of the file system itself. As such, it ‘sees’ all user behaviours including all logins and logouts and all file opens, creations, modifications, movements and deletions.
Security information and event management
In the security industry, it is well understood that some security events can be more easily detected through correlation of separate events occurring on different systems throughout the facility.
For example, it may be possible to detect unauthorised media asset access via file moves in a storage server combined with file copies to a removable storage device such as a USB. Solutions supporting this approach are called security information and events management (SIEM) systems. To harness the power of SIEM in your video production facility, it is important to choose media production elements that are capable of forwarding file audit logs to third party systems.
Preparing with technology and protocols is the new norm
Preparedness with layered security systems and protocols is one of the best ways to protect valuable content in the era of cyber crime. In the past, security efforts were focused on creating barriers preventing access to media assets. However, as cyber criminals have found ways around these, the focus has shifted to file auditing to prevent internal and external theft. By tracking all interactions with a facility’s files we can answer ‘Who did what to which files and when did they do it?’.