Content Protection Summit: Avid, Azure Tout Benefits of Secure Content Workflows in the Cloud

There’s a wide range of benefits to shifting editorial and other creative workloads to the cloud, including enhanced security, according to Avid and Microsoft Azure.

Editorial in particular is “just a natural fit just because of the scale requirements” and desire to “bring users to the data” that are involved, Joel Sloss, Azure senior program manager, said during a session on “Limitless Creativity (Secure and on Schedule) in the Cloud” Dec. 6 at the Content Protection Summit in Los Angeles.

“Instead of having content on hard drives and shipping it from remote locations and between producers and editors and all that, why not have everything within the cloud?” After all, he said, “that’s one place that everybody can come and access the content securely, have the tools that they’re used to using” and, when needed, work on the content collaboratively within an organization.

Avid announced at NAB earlier this year that it selected Azure as its platform of choice for cloud solutions, Michael Krulik, Avid principal solutions specialist, pointed out at the summit.

“It’s an ongoing process,” Krulik said, noting that his company’s already offering video on demand and over-the-top delivery for web, mobile and social platforms. “The nice thing about these cloud-based technologies is you’re suddenly given security because it all is on the Azure platform … and all those Azure mechanisms come into play immediately,” he said.

In film production, Avid is currently working on proof of concepts “with a lot of our studio” and network customers making use of Azure and Azure Stack, Krulik went on to say. Avid’s also developing disaster recovery solutions using Azure, he said.

Using solutions such as Avid’s Media Composer film and video editing system, artists, editors, and IT alike can take advantage of near limitless scale and creative process control, according to Avid and Azure. When you add Microsoft devices including Surface Studio and Surface Book 2, creativity is unbounded, while analytics and artificial intelligence services for image/face and audio recognition from both companies enable users to get the most out of their production schedules, according to the companies.

Krulik demonstrated what’s currently possible as part of the Avid-Azure partnership. But “there’s a lot of stuff that’s coming down the pike,” Sloss said. “As Avid does more integration work and development with Azure, you’re going to see more of the workflows that you’re used to operating in [and] more of the functionality of the full platform show up in various mechanisms and tools within Azure,” he said.

Singling out editorial as a “new workflow that’s coming to the cloud,” Sloss said solutions include a “hybrid scenario” where you have content on premises that’s being moved to the cloud. But “ultimately the roadmap is leading us to being able to do cloud-native editorial workflows,” he said.

Sloss stressed the ongoing challenges that the industry faces on the security front, telling attendees: “The level of sophistication of attacks is increasing. It’s certainly not going to get any better for any of us. And, as the old adage goes, they only have to be right once. We have to be right all the time. But I think that what some of the recent hacks and ransomware attacks are showing us is that there’s more to it than just the level of sophistication. It’s also that the people that are getting exploited [are getting exploited] because there’s not a high-enough level of preparation – whether it’s that they haven’t done what they need to do to protect their networks or they’re not encrypting content or they don’t have robust processes around how they handle security.”

Sloss added: “Using a compliance regime can actually prevent a breach from happening in the first place. So, there’s no substitute for having the controls within your environment and whether you’re doing an ISO audit or you’re doing the CDSA or an MPAA assessment, the guidelines are there to help you avoid these kinds of incidents in the future. And it’s with this in mind that we’re designing new systems and bringing in partners like Avid in this space in order to have that cloud future where you’re better protected and your assets are better protected.”

One major advantage to moving to the cloud is the “transfer of risk” involved, he said, explaining: “Instead of absolutely everything, from the dirt up through the applications and the data having to be your problem, there’s at least a big chunk of it – all the way up through the core infrastructure – that you don’t have to worry about. It’s not that those risks aren’t there. It’s that somebody else has to meet those obligations for you. So, even taking a cloud-agnostic approach to it, most of the major cloud vendors have very rigorous protocols in place. They have rigorous systems. There’s compliance regimes that all of us have to map to, whether it’s ISO or [another one]. You can take some level of comfort in what we as a cloud provider are doing to ensure the security of data that is within our possession.”

But Sloss added: “That still leaves quite a bit that you have to do in your environments – whether it’s your applications, encrypting your data, safeguarding your identity, managing your encryption and authentication infrastructure. These are still things that have to be done. Just because you’re running in the cloud doesn’t mean that all of the responsibility leaves your hands. But it does alleviate some of those challenges. And really when you look at a framework like CDSA, the elements of security and compliance … feed off each other. If you are running a secure environment, then by its very nature, it’s going to be easier to be compliant with an industry mandate. And, similarly, if you are running in compliance and according to best practices, just by virtue of that, you are going to be running a more secure environment. So, think of these as going together and that, if you take a fundamental security approach to how you operate and how you manage content and information, then you’re going to be very well-positioned not only against threats, but for passing audits and safeguarding your business.”

Azure is made up of “hundreds of different services” and operates live now with dedicated data center facilities in 42 regions globally, he noted, adding that the “sheer volume of scale that’s available to you is really pretty staggering.”

Also, important, he said, is that by moving production and post-production processes into the cloud, “you take advantage of that scale, and, as we move to the 4K world and 8K and immersive” virtual reality and high dynamic range and “who knows what’s going to come in the future, the data requirements are just astonishing and the infrastructure that you would have to build to be able to take advantage of that is going to start becoming overwhelming.”

Therefore, unless you’re part of an organization that wants to be in the data center business, it makes more sense to move one’s creative processes to the cloud, according to Sloss.
He told the summit: “Editorial is one of those things where there’s a huge amount of data moving. There’s a lot of processing power involved. And cloud provides not only the secure infrastructure, but it provides the scale and the durability and is a natural home for” handling workloads.

The Content Protection Summit was produced by MESA and CDSA, presented by MediaSilo, and sponsored by Independent Security Evaluators, Aspera, the Digital Watermarking Alliance, Menlo Security, Microsoft Azure, NAGRA, NexGuard, Convergent Risks, HGST, PwC, Thinklogical, Avid, Militus Cybersecurity Solutions, Amazon Web Services and Bob Gold & Associates.