Hardware Infrastructure Global Viewpoint – June 2021

Securing Cloud Storage Access

In recent years, a cloud services technology has become available that has the potential to take the broadcasting world by storm – granular storage rights management.

Most public cloud vendors provide object storage that can be used to store media assets. These objects scale easily, have a great deal of flexibility, and costs can be varied depending on the required access speed – from milliseconds to days. But even more important, for me at least, is the availability of granular rights management.

On the face of it this may not seem too impressive, but when we scratch beneath the surface of its potential, the opportunities for improving security are overwhelming, especially if we combine this type of storage with microservices.

Security is playing an increasingly important role in broadcasting and the whole media supply chain. Not surprisingly, content owners are extremely reluctant to allow their high value content out of their sight.

In the early days of television this was less of a problem as media was distributed on vendor specific tape formats and only a handful of companies had the ability to view or copy them. Most, if not all the post houses and broadcasters with these facilities were known to the VTR vendors so security was much higher.

As digital file distribution is now the norm, content creators are going to great lengths to protect their assets potentially leading to expensive and invasive IT audits for their post house and facility suppliers.

For me, storage rights management combined with microservices may provide the ultimate in secure access for the contractors within the content owners media supply chain. Not only do they have the ability to store a file in the cloud, but they can authorize access for individual microservices for a specified time. When allowing access, the content owner creates a unique token identifier which is given to their vendors microservice program, this can also be used to provide critical forensic audit trails.

When the token expires, the vendors microservice no longer has access to the media asset, also, the content owner can stop access at any time they like, even after the token identifier has been issued. This level of security is further improved if the vendors microservice doesn’t need access to the whole asset but instead takes a limited number of frame chunks. For example, a transcoder would only need a few seconds of data at a time and may only need to store that chunk in volatile memory, meaning it’s never transferred to any other persistent storage.

I accept there’s a whole load of “ifs and buts” here, and a lot of faith is placed in the credibility of the vendors microservices. But isn’t that what building a reputation is all about in business? A vendor’s brand and reputation are sacrosanct.

I truly believe that cloud services can really drive forward broadcasting. Keeping the assets in the cloud is incredibly efficient and potentially more secure than moving to a physical facility. But equally important is that the content owner must continue to build relationships with their supply chain partners to gain faith and trust in their services.