“In the modern world, the most valuable asset that any entertainment organization can have is content. The TPN assessment program allows the entertainment industry to have a standard of security practices that will push the industry to protect their content in the manner that matches its value. It’s a huge step in a market that has not historically valued data security in the way other markets have valued their most prized assets."
“It’s not about compliance– it’s about trust.”
How often have screen play writers labored for months or years on a script, only to have it show up, unauthorized, on Reddit before the film is released? All that work, the investments of time, specialized teams, and money poured into a work of art, and someone spoils the ending out of sheer malice. When this happens, not only is a movie ruined for countless fans, but the film makers’ most valuable asset, intellectual property, has been stolen and devalued. Just as potentially damaging, many agencies exchange confidential emails about their actors’ salaries, personal details, and other highly sensitive information. When those emails are hacked and leaked to the press, not only can the affected actors’ careers be affected, but the movies in which they star can come under increased scrutiny in the public eye.
Face-off Between Thieves and Security Experts
Like the brilliant but socially awkward teenage computer whiz who helps Robert De Niro steal millions as a hacker in The Score,without ever having to leave the comfort of his mom’s basement, cyber thieves are becoming a real, viable, financial threat in the movie industry. Only this time, cyber security experts are helping potential victims get ahead of the game–and in this round, those who jump into the fight soonest have the best chance of winning. For the first time in cinema, tangible data security standards and certified cyber security experts have evolved to address the ongoing cat-and-mouse scenario played out between those who make movies, and those who steal them.
Theft of Intellectual Property is Rampant in the Film Industry
From their inception, movies have been created as proprietary works of art, but they represent billions annually in profits, and where there is value, there is also theft. In fact, thieves willing to find a vulnerability somewhere in the supply chain regularly steal copyrighted material, releasing it online for their own profit. The black market for unauthorized copies of films has become incredibly popular, in fact, complete with its own underground economy. To illustrate how widespread this is, how many of your own friends boast and watch almost exclusively stolen movies, citing their financial savings and personal genius in getting ahold of them? The practice is rampant, and major movie companies are looking for new, innovative ways to ensure their profits are protected.
The Need for Verified-Secure Vendors in the Cinema Supply Chain
While final content can be stored in highly secured networks belonging to film companies like Netflix or Disney, which have been architected with layers of effective security controls, 24x7x365 network monitoring, and other best practices around data security, those same companies also rely heavily on countless 3rdparty providers. Such providers could be independent cinematographers working from a small town in the Midwest, or animators just across the street who have been charged with developing particular scenes within a feature film. Any way you slice it, securing an ecosystem that wide, especially when the 3rdparty providers will change from one project to the next, is nearly impossible. So, how can film companies ensure that every aspect of their supply chain is secure?
Film Industry’s Answer to Vendor Security: Trusted Partner Network
The creation of the Trusted Partner Network (TPN) heralds a shift in best practices for any and all third-party vendors in the film industry, regardless of where they are located. TPN was developed through the efforts of the Motion Picture Association of America (MPAA), which consists of all the major players–Disney, Netflix, Paramount, Sony, Universal, and Warner Bros.
The MPAA website offers an overview:
In 2018, the MPAA joined forces with the Content Delivery & Security Association (CDSA) to form the Trusted Partner Network (TPN)—an industry-wide film and television content security initiative designed to help prevent leaks, breaches, and hacks in the production pipeline prior to a film or TV show’s intended release. The joint venture provides industry vendors with a voluntary cost-effective way to ensure that the security of their facilities, staffs, and workflows meets MPAA’s best practices and it accredits experienced auditors to conduct them globally. Through the TPN, the film and TV industry will elevate the security standards and responsiveness of the vendor community, while greatly expanding the number of facilities that are assessed annually.
Who Needs to be Assessed?
Anyone who wants to provide services to a major film studio in the MPAA needs to be TPN certified, regardless of their role in promotion, production, talent management, and even sanctioned showings of a film. In fact, Disney and Marvel have announced that going forward, they will only work with vendors who are TPN-certified–and the other MPAA member studios plan to follow suit shortly. That means creative services providers, agencies, movie firms, etc. have a little bit of time to be security assessed by a certified TPN auditor, and remediate any gaps identified in their current physical and cyber security strategy. Those who undertake this process sooner than later will be in a much stronger competitive position than those organizations who choose to wait because they will be prepared to jump into opportunities to help create movie content right away. Providers who decide to wait may find themselves remediating vulnerabilities and having to turn down new offers that come in from major studios.
Benefits of Becoming a Trusted Partner
In an industry where every third-party provider is bidding for the chance to become a preferred vendor of camera work, script writing, animation, editing services, and so on, earning the trust of a major film company is essential. No longer, however, isverifyingone’s trustworthiness optional. Demonstrating a willingness to become absolutely secure in your communications, the way you store and interact with IP, and even network or physical security of the location where creative work occurs, has become an absolute necessity for any vendors wishing to engage meaningfully in Hollywood. In this case, it’s not about compliance–it’s about trust.
True Digital Security is proud to announce that through the work of Qualified Security Assessor, Vince Fusco, we can provide official TPN Security Assessments to any vendor who wishes to become part of the Trusted Partner Network.