securing SaaS

Two related zero-day vulnerabilities in Google Chrome and Microsoft Windows were recently discovered out in the wild, and may be part of a broader trend in cyber crimes. Here’s why software updates are still the best defense.

With the latest high-profile cyberattack within Media & Entertainment, this one on HBO, occurring just months after the much-reported hack of Netflix’s Orange is the New Black, cybersecurity and the importance of safeguarding valuable media content is once again on everyone’s mind.

Is our personal information more vulnerable than a year ago? 84 percent of Americans think so. In order to bring some light to the many information security myths that plague our paranoid nation, David Spark of Art of the Hack reached out to dozens of industry experts, including Signiant’s CTO Ian Hamilton.

Signiant executives will be participating in prestigious panel sessions at the 2015 NAB Show, the world’s largest electronic media show covering the creation, management and delivery of content across all platforms. Signiant CEO Margaret Craig and CTO Ian Hamilton will join industry visionaries to discuss the business and technology trends that will shape the industry in the coming year.

Software security and User Experience Design are both popular subjects in tech media, but they usually draw different audiences and the important space where they overlap gets far less attention. After all, except for high-profile cyber breaches, software security is not nearly as trendy as “UX”. And thank goodness for the trend. Though we’ve come a long way, this 2007 Dilbert comic still holds some hilarious yet painful truth about how much we still need to improve user experience in regard to security measures.

Within Media & Entertainment, those responsible for the technology future of their companies are facing a dilemma. Cloud solutions provide what might be the only answer to escalating data amounts within an increasingly agile industry. But security fears inhibit many from taking advantage of SaaS and other cloud technologies.

Last week, Signiant CTO Ian Hamilton joined a panel discussion at the 5th annual Content Protection Summit in Hollywood, looking at security practices for cloud solutions within the media industry.

Operational policies and procedures are key to the security of any SaaS offering. Signiant operational policies and procedures are established in accordance with industry standards for service organization controls. Connectivity between the production service environment and Signiant business operations is restricted in accordance with least privilege and defense-in-depth principals. Fully independent production and development Media Shuttle environments are also maintained. This blog highlights some of the operational controls in place for production elements of the cloud environment.

In Part 1 of the Securing SaaS series, we offered a background of the hybrid SaaS Architecture that Media Shuttle relies on for safe, easy media transfer. Part 2 looked specifically at security related to customer provisioning, user rights, and transfer validation. Now, we can look at specific design principles including data storage, audit collection, and secure-by-default.

In Part 1, we discussed the hybrid SaaS architecture behind Media Shuttle including file storage, the cloud tier, TLS, and password policies. Now that we have the basics out of the way, let’s turn to the security behind the customer journey—from setup with the help of Signiant Customer Care to authorized transfers.

When you are in the midst of the tedious editorial process of a big project, the security of your files as they pass among the various players on your team isn’t something you want to think about. Signiant designed Media Shuttle as a file sharing solution that is especially conducive to the flow of media production and post-production with a technical backend as rigorous as your IT team.