Software Infrastructure Global Viewpoint – August 2021
Since the first images and sound were transmitted, broadcasters have sat in a seemingly secure bubble as security breaches were few and far between, or at least, not that well publicized. But as broadcasters move to IP and cloud infrastructures, the whole security landscape is changing.
Why then is the issue of security raising in profile once again? In my view, this is due to the massive increase we’ve seen in IT equipment perpetuating the broadcast workflows. Although IP has been a part of broadcast facilities for a good twenty years, in the form of audio over IP and control of SDI processing equipment, this equipment was custom designed and had little to offer any hacker.
Transitioning to IP, virtualized, and cloud infrastructures is offering broadcasters untold opportunities, whether this is in the way of dynamically scaling systems or advanced resilient solutions. Packet switched networks and COTS infrastructures have now reached the processing speeds where the resource can easily meet the demands of 4K media facilities.
However, in using this industry standard hardware, we must make sure we are meeting, or even surpassing the security protocols and practices that IT has brought to our lives.
It might be the case that the Von Neumann x86 architecture was never designed with security in mind. After all, is running kernel code in read-writeable memory the most secure solution? I accept this may provide massive flexibility, but should we be doing it? And how often do we need to update the kernel anyway and do the risks outweigh the benefits? Placing the kernel or operating system in read-only memory would make far more sense when improving security, but in doing so would require fundamental redesigns of the server architecture and most of the software running on it.
One of the great attributes of engineers is that they understand they must work with what they have, not necessarily what they want. So, redesigning the x86 architecture, however attractive it might sound, is not a viable option now. I’m not saying this will never happen, and as more services become abstracted away from the underlying hardware operation, the opportunity to redesign hardware becomes more apparent.
Until this revolution happens, we must work with the systems we have, and the great news is that IT have understood and solved many of the challenges for us. No system is ever 100% secure as the moment we allow user access, we create potential vulnerabilities as humans are the weakest link in any secure system.
Everything from Active Directory to firewalls and virtual LANs are all well documented and understood. Demilitarized zones and trusted networks are installed as standard. However, treating the network as a purely technological solution is not the answer.
Building secure systems means we need to think about the users as well as the technology. But this is not as easy as it sounds as the skillset needed to understand how users think may not compliment the way engineers solve problems. But that’s where industry experts shine.