Blog

Will Hollywood’s latest cyber-attack further inhibit cloud adoption?

By Meg Cater | Dec 22, 2014

By Meg Cater

Within Media & Entertainment, those responsible for the technology future of their companies are facing a dilemma. Cloud solutions provide what might be the only answer to escalating data amounts within an increasingly agile industry. But security fears inhibit many from taking advantage of SaaS and other cloud technologies.

A North Bridge survey conducted earlier this year on the Future of Cloud Computing, found security to be the biggest inhibitor of cloud adoption across all industries including M&E. And that was before Sony’s massive security breach put everyone on high alert. However, despite concerns, 60 – 80% of respondents said they still have plans to make significant moves to the cloud within the next year or two. And the reasons why haven’t gone anywhere in the past month.

“Agility, reduction in capital expenditures, and reduced operating expenditures – in almost 100% of the situations – have been the primary drivers of cloud adoption,” said Jim Morrisroe, CEO of Piston Cloud Computing, in the survey report.

The truth is, even with Hollywood’s latest cyber-attack, security fears are not likely to inhibit the pace of cloud adoption, especially as more and more companies cross the threshold of considering to absolutely needing the flexibility and cost advantages of cloud software. Pressures from within the industry — from enormous file sizes due to advances in image resolution technology to handling fully digital workflows including international VFX artists and post houses — are just too great.

The up side to this dilemma is that security is finally getting some needed attention, and people are starting to understand that not all cloud software security is designed the same.

Controlling the security of data requires expertise whether it’s on-premises or in the cloud. However, even more points of exposure exist in cloud based services, including data transfer, data storage, software interfaces, user access and data separation.

At Signiant, content security has been at the forefront of our concerns since we first started moving the high-value movies of our customers in the mid 2000s when they transitioned from tape to file-based workflows.

How Signiant developed hybrid SaaS to addresses security concerns when moving large and important files

As Signiant embraced cloud software design, we knew we had to keep the same level of commitment to the security of our customer’s content and developed a unique architecture for securing SaaS, something we call hybrid SaaS.

Hybrid SaaS borrows some concepts from Software Defined Networking (SDN). In SDN, the separation of the control plane (the part of the network responsible for routing and directing) from the data plane (the part that carries the traffic itself) allows network resources to be virtualized and much more easily adjusted to meet growing business needs.

As SDN concepts translate to SaaS file transfer, the data and control planes are likewise separated. The independent data plane makes it possible to enforce higher security measures around data transfer, data storage, data separation and access.

Meanwhile, control plane specific security measures can be enforced, while the control plane continues to evolve and adjust automatically through the rapid innovation unique to SaaS and Agile software development practices.

Another high security measure this approach provides is a “storage agnostic” element in the software, which integrates with user’s on-premises storage or their own cloud storage tenancies like Amazon S3, Microsoft Azure and Google Cloud.

This allows freedom to strategize around the security level and storage needs of different files, how to best utilized limited on-premises storage space, and freedom from vendor lock-in if cloud storage is needed.

Securing SaaS cannot be an afterthought

Unfortunately, SaaS security measures are often implemented as an after thought to security breaches. While some reactive security will always be necessary, technology vendors can do a lot better by simply making security a priority from the beginning.

Every software engineering team needs security function expertise (authentication, authorization, data confidentiality, data integrity, non-repudiation and availability), as well as education in secure design principles relevant to the particular software environment and assets they are designing to protect.

Signiant’s engineering and product teams have high expertise in secure design principles for large file transfers, and hybrid SaaS is a result of our thinking first and foremost about security as we moved into cloud software design.

Hybrid SaaS is not the only way to approach designing secure cloud software, but it is an example of the kind of thinking we need as we face a future of more cyber-attacks, at least at the level of cloud vendor solutions.

If you are interested in secure cloud based solutions for the accelerated transfers of large and important files, check out Media Shuttle (for person-to-person transfers) and Signiant Flight (for transferring content to and from cloud storage.)