JULY 31, 2020

Addressing Post-Production Security Concerns in Remote Workflows

Remote editing securely

Imagine a building with a security guard who checks your pass against a vetted list before allowing you access to your edit suite. It sits air-gapped (offline) from the internet. It’s only connected to a local RAID, on which every piece of media is watermarked, both visibly and invisibly. You need your own credentials to log in, and you can’t take any other hardware with you into the room. CCTV keeps tabs on your movements and media access software tracks files as they’re created or transferred.

Now imagine trying to maintain that level of security across multiple editors across the globe, who are all accessing critical media via the internet and dialing in from home Wi-Fi.

Traditional approaches to production security isolate a production’s critical assets physically, technologically, and with regard to personnel. This reduces the potential “threat surface” a bad actor might be able to penetrate. But in the radical shift to remote post-production workflows, many traditional processes and procedures have fallen by the wayside, creating the need to implement new security technologies and procedures.

It’s crucial to not leave the door open for hackers to steal the production’s valuable media assets. But how should post-production teams approach security now that the new normal involves remotely accessing critical hardware and sensitive media from home? And how can editors and post supervisors operate remote video editing workflows securely to prevent embarrassing (or even career-threatening) errors?

To break down this problem, remote post-production teams should work to refresh their security measures in three critical areas: securing media, connections, and hardware.

Securing Media in a Remote Workflow

Delivering files outside of the post-house team requires some method of theft prevention. Securing those files within the team’s remote video editing workflow makes two steps essential: using file watermarking (both visible and invisible) and directly encrypting media files on local storage or when using a file transfer service. Invisible watermarking or file fingerprinting can also aid in forensics and copyright theft situations.

Another practical benefit of visibly watermarking media files is that it helps prevent footage being leaked via screen capture at home or while on video conference calls.

While encrypting and watermarking your files is an important step, it’s just as important to track the movement of media and record a chain of custody.

Without protocols for controlling the movement of media and a correct chain of custody, it’s easy for sensitive prerelease content to get misplaced or inadvertently accessed by those without authorization. The chain of custody also ensures there’s a log of any changes made to files as they pass through post-production departments.

Securing Remote Connection Points

A system isn’t secure unless all points of access are secure at the same time. There’s no point triple-locking all your doors if you leave the window open. To improve production security for a remote video editing workflow, this means:

  • Securing each collaborator’s home Wi-Fi network.
  • Protecting on-premises systems through VPNs, isolating them from outside access.
  • Using secure remote applications with encrypted protocols such as HTTPS or Teradici PCoIP encrypted desktop sharing.

Another potential point of access is group conversations over collaboration systems like Slack, Trello, or Zoom, particularly when screen-sharing private information. Teams need to stay sensitive to what they share and when—while these kinds of conversations may have been secure in a private physical environment, remote conversations don’t always offer the same level of privacy.

On a practical level, it’s well worth considering the use of cloud and on-premises virtualization as a way to spin up new productions that are inherently secure. Virtualized machines look and act like desktop computers running creative software locally, but they’re actually virtual machines running in the cloud. This setup creates opportunities for centralized and automated management, automated security updates, centralized trusted storage for all media, and controlled access to applications and media.

Securing the Hardware

As post-production teams get better at working from home, they’re embracing the growing number of devices that are able to host post-production tasks. More phones, tablets, and laptops are up to the task—but this means that the range of hardware that needs to be evaluated for security has exploded.

For example, phishing scams targeted at team members can deploy malware to steal a user’s credentials from their home computer. In this situation, no amount of security software will be able to stop someone from getting past the facility’s perimeter security and potentially stealing sensitive media.

Since so much of security rests with the team, educating team members to be wary of potential fake emails, links, and websites (especially ones that have been spoofed to appear from genuine connections) is an important piece of the puzzle. Protect their home hardware as well by installing antimalware and antivirus tools, and consider investing in a complete endpoint protection software solution to facilitate intrusion detection and prevention.

A patch management assessment of both operating systems and creative applications, across all devices, would also help to establish a secure and consistent baseline, from which updates could be more easily maintained.

Given the immediacy of all these new areas of concern, is the same level of security even possible within a new remote workflow? The encouraging news is that it’s more than realistic with the right prep. While the number of potential hazards has increased significantly with remote workflows, technical solutions and best practices are emerging to solve each one of them.

  • © 2024