Akamai, Level 3, and many of the leading cloud based media platforms have made big strides going deeper into the media distribution supply chain, becoming a key component in the workflow process of content creators, broadcasters and studios. Akamai and Level 3 offer an end-to-end delivery solution for mezzanine file distribution, starting from ingest to consumption. Aspera takes care of the high speed upload, and the media platform stores, transcodes, encrypts, and delivers the file to any screen, anywhere in the world, or to a private network of editors who exchange files between themselves to do production work on it. From a functionality perspective, the platforms looks great. However, are these media platforms ready for the zero-day and advanced persistent threats?
One of the main concerns of any cloud based platform is security. In the media industry, the concerns for security are orders of magnitude higher, since they are dealing with episodes, features and broadcast segments. There is zero tolerance for any type of software vulnerability that will result in the theft of intellectual property. Either the media platform is fully secure, or else media companies like studios continue to do it in the old fashion way, hard drive delivery by courier. I’m sure the Akamai Cloud Workflow and Level 3 Content Exchange platforms are highly secure, and thoroughly vetted, where every line of software code was developed with security in mind, but are the other media platforms secure, that had fewer resources to spend on the security aspects of the application.
Media Platform Vulnerabilities
Have the media platform developers used all the available tools to scan the code for vulnerabilities? Have engineers harden and secured the operating systems, databases, caching software, web server software, and all other software plugins, and components that support the media platform? As we found out with OpenSSL and Applie iOS, all it takes is a simple basic programming mistake in the million lines of code to open up the entire application to attack. The technology media industry cannot afford an incident like Target. If it does happen, the studios and the professional content creators will go back to doing business the old way of non-cloud.
For now, we can assume there are teams of highly skilled mathematician hackers developing zero day threats, and advance malware for the Akamai and Level 3 media platforms of the world. The threat actors are sophisticated doing their reconnaissance homework, thoroughly researching all the various software components and technologies in use within the media platform that have the potential for breach. The same hackers will use social engineering techniques to obtain as much information as possible about the system, processes and personnel that maintain the media platform. Why go through all this exercise? Simple, because Lockheed Martin says so.
The Lockheed Martin Computer Incident Response Team published a whitepaper stating that an “Intelligence-driven, threat focused approach to study intrusions from the adversaries’ perspective that could give network defenders the upper hand in fighting cyber attackers”. In other words, Akamai and Level 3 need to think like a hacker in order to defeat the hacker.
Conclusion
There is a lot riding on Akamai and Level 3. The technology vendors in the media space can’t afford a Target like incident to occur ever. Any breach of the media platform is going to implode the trust that media customers have in the cloud vendors. As one of the leading thought leaders in Cyber Security stated “All of these [capabilities] are around early warning, understanding the [attackers] are already in here. We’ve already been compromised, but possibly they haven’t gone all the way to knowing where the ‘jewels’ are or starting to siphon off information.” …Jeff Spivey Are Media Cloud Platforms ready for Zero Day and Advanced Threats