By Rick Clarkson, Senior Director of Product Management for Signiant
As published in IBE’s January/February 2011 Issue
While we would all agree that there’s still plenty of tape out there, the digital revolution is exerting a profound influence on today’s broadcasting, media, and entertainment companies. For many media organizations, “going digital” means grappling with the transition from analog, linear content distribution to an exciting new world of electronic sell-through opportunities, video on demand, and multi-platform delivery.
To truly exploit these new opportunities, media companies depend on global collaboration and partnerships that enable the seamless exchange of content outside the bounds of the enterprise; therefore, their requirements for secure and effective content exchange have grown more complex and sophisticated. At the base level, these companies require a mechanism that can move unstructured video assets around and through processing workflows, and do it faster than their corporate networks would typically allow. But speed isn’t enough – media companies also need a file transfer solution that can be centrally managed and provide a secure exchange of assets with business partners such as post production companies and distributors.
Enter content supply chain management (CSCM), a comprehensive logistics-based file system that handles all the complexities of transporting multiple files to multiple destinations and out to the many different outlets where people consume content – rapidly and reliably, and with enterprise-class security. An effective CSCM solution is based on B2B content peering for a truly interconnected supply chain that crosses the boundaries of organizations and corporations, enabling content to flow across these boundaries seamlessly without interruptions while maintaining enterprise security policies.
So what exactly do we mean by enterprise-class security in the context of a business-to-business exchange of digital assets? What are the risks to media assets, and what are the most effective ways to protect them? In this article, we’ll attempt to answer those questions and describe how B2B content peering offers the state of the art in asset protection.
A trifecta of trends — the move to file-based operations, the migration to new and enhanced formats, and the quickening pace to market demanded by new distribution windows — is profoundly impacting media companies and their ability to manage digital assets. Adding to the challenge is the growing complexity of today’s business-to-business relationships. A global broadcaster, for instance, might operate as a hub with many international locations and maintain B2B relationships with many different service providers such as post-production companies and playout centers. Conversely, a large post house might be connected to an additional 10 or 15 large, multinational broadcasters. Taking all these connections into account, the landscape begins to look less like a hub and more like a spider web.
These factors make sharing assets with business partners across wide geographical areas a difficult proposition, with numerous network, security and process issues coming into play. At a minimum, businesses need to notify each other of incoming files, have visibility into what is delivered, and have control over all incoming and outgoing files including setting priority and managing bandwidth.
Currently, companies’ media transfer requirements are being addressed (to varying degrees of success) in three key ways. The first is physical media distribution – in other words, shipping tape. Having established that this outmoded method is economically and environmentally unsound, many companies are turning to niche service providers that specialize in file movement, but these services are just as expensive as shipping physical media and are not optimized for moving larger and larger files that are being used today.
The third method is an unmanaged IP-based solution such as FTP, but this approach is typically inefficient and unreliable from a network standpoint and lacks any reliable means for tracking the assets. Furthermore, FTP authentication mechanisms are weak and managing user IDs and passwords used by FTP scripts is labor-intensive, insecure and does not scale.
Asset protection during an FTP file transfer is an ad hoc, manual process that must be carried out in multiple stages. Consider the typical corporate network, which is highly secure and firewalled. At the next layer is a type of “demilitarized zone” with marginal security in which the corporate website and publically accessible servers reside, and on the outside is the public Internet. When Company A needs to transfer a video asset to Company B via FTP, the asset must traverse through the corporate network and DMZ and out to the public Internet, and then to the partner’s website layer and corporate network. Without the proper security to move through every layer, Company A is required to perform a time-consuming series of manual FTP steps at each level to accomplish the transfer.
Inefficiency aside, these manual processes present real security risks for companies at every stage in the media supply chain. In an age when piracy is a global epidemic and well-documented digital security breaches have cost media companies many millions of dollars, the risks are just too great to leave asset transfer security to chance.
Through B2B content peering, CSCM systems overcome these challenges by automating manual security steps, and by providing a common model for companies to link to and exchange content freely with their business partners. As exemplified by the Signiant CSCM solution, peering is based on the placement of trusted software agents that can be installed in all layers of the network, on both sides of the B2B content exchange.
In a typical peering implementation, Company A’s software agents contact a locally-running management system that provides third-party certificate authority as the security mechanism to facilitate the transfer of assets to Company B. In other words, the manager gives the agent the information it needs to validate that Company B is trusted (the certificate authority), including public key security credentials necessary to mutually authenticate with Company B’s agents and guarantee the privacy and integrity of data. In this manner, the agent can securely and automatically pass the content via public key encryption through all of the network layers and into Company B’s network (figure 1).
As an added control measure, Company B can fine-tune the file transfer by applying workflow and resource management rules to include the type of transfer that its agent can conduct with Company A. Therefore, Company A’s agent is only authorized to send content that meets Company B’s specific criteria; e.g. no executable files, only *.mpg files that were created by a certain person, no more than three *.mpg files at once, only content that’s been virus-scanned, or no files without XML instructions. Once the sending agent meets the criteria, it is qualified as a trusted agent and the content is transferred smoothly. Thus, both sides have powerful control over such aspects as bandwidth usage, how much of their networks will be allocated for the transaction, and the location in the network where the content will be downloaded.
Figure 1. Secure content transfer via software agents.
In a more concrete example, a large post production house has its own network of CSCM agents and managers, as do each of the broadcasters the company does business with. Upon completion of the latest phase of a project (say, a new cut of the latest episode of a popular television series), the post engineer is ready to send the content to the broadcaster for review and approval. The sending engineer simply drops the content into a folder monitored by the trusted agent for that broadcaster. Since the post engineer and the receiving engineer at the broadcaster had previously exchanged security certificates, the post house’s security certificate now resides in the broadcaster’s peer manager system as a guarantee that the content is coming from a trusted source and coupled with the business rules meets the broadcaster’s guidelines. Once accepted, the trusted agent can be viewed by the post engineer and the transfer can occur smoothly, and at a bandwidth specified by the receiving party. Both ends of the transaction are trusted and both have control, making the exchange truly collaborative.
File-based workflows have become more the norm than the exception in today’s most sophisticated media operations. As a consequence, global collaboration and partnerships are vital in today’s media enterprises, with the seamless exchange of content of paramount importance. The stakes have never been higher for companies to prevent network security breaches and protect valuable content assets – particularly when they are exchanged between enterprises.
By establishing mutual trust between trading partners through the exchange of security certificates, B2B content peering provides a much more effective and powerful alternative to the manual and time-consuming security aspects of FTP file transfers. Thus, peering has become an integral component in any media company’s strategy for content supply chain management.
Rick Clarkson is senior director, product management for Signiant, a leading developer of content supply chain solutions headquartered in Burlington, Mass.