Operating in a hybrid or cloud-native environment with third-party components involves many moving parts. Achieving the correct security posture can be challenging, and even more so if you provide a web application as part of the service.
Mathew Gilliat-Smith (Convergent Risks) hosted a “Challenges of cloud and application security” session during the Content Protection Summit in Las Vegas, USA. Members of the panel session, including Vlado Struhar (QTAKE) discussed their experiences.
“There are lots of different configurations … and security can be quite challenging,” Gilliat-Smith said during the session, which featured various industry representatives who are living the journey. He used a seatbelt analogy to help explain it: “So you can drive from L.A. to New York without a seatbelt and you’ll get there and be fine, no issues. But best practice says to wear a seatbelt and, to the manufacturer, set an alarm so if the seatbelt isn’t worn, it buzzes so that if you do have an issue, then you’re going to survive more likely.”
Vlado Struhar, product manager of QTAKE advanced video assist software at developer IN2CORE, pointed out that QTAKE is a special application for filmmakers, noting his original profession was a film director.“QTAKE was born out of my necessity to have some kind of a tool to use on set as a decoder playback but also for many other aspects of on-set control. The software is helping to transform the regular video village into the remote video village,” he said, explaining: “With our application, you can stream the video from set to remote locations or even access clips and metadata and collaborate on clips.”
Gilliat-Smith asked Struhar how his company makes sure that people are not pretending to be someone by sharing passwords. Struhar responded that his company requires ID and for the user to be authenticated, adding: “Filmmakers are not used to it, so of course, there’s a pushback. But there’s no other way to ensure that you’re streaming to the correct target.” At the same time, his company tries to make the platform as friendly as possible. While big Hollywood studios require extra security, QTAKE is also used by “many independent productions where this security level is not required,” Struhar said, adding: “We have the whole security built on layers. So every production gets to choose their level and they can say, ‘okay, we are mandating two-factor authentication because this is a huge blockbuster movie,” for example.
Also on the panel was Jason Deadrich, CTO of Vision Media; Tridib Chakravarty, CEO of StorageDNA and Rick Soto, SVP, global IT and security at Pixelogic.
For the full original article, click here.