These motes are personal and reflect the key points that raised my interest. They do not report the already known issues, already approved best practices and security guidelines.
The conference was held on 7th December at Los Angeles. The audience was rather large for such event (more than 120 attendees) with representatives of content owners, service and technology providers and a few distributors. CPS is becoming the annual event in content protection. The event was as interesting as last year.
A special focus has been placed on cyber security rather than purely content protection.
Welcome remarks (ROSE M.)
The end of EU safe harbor is an issue.
CDSA: A focus on the right things at the right time (by ATKINSON R.)
A set of work streams for 2016 with nothing innovative. Some focus on training and education. A second focus on opportunity versus piracy.
IP security the creative perspective (by McNELIS B.)
An attack against YouTube that does not have in place a strong enough position against piracy. Google does not play the game despite it could (for instance, there is no porn on YouTube, proving the efficiency of curation). The difference between Apple and Google is the intent.
Creators do usually not want to bother about content protection. They want to communicate directly with consumers. The moderator explained that indie filmmakers are far more concerned as piracy may be more impacting their revenue stream. The middle class of creators is disappearing.
The BMG / Cox communication legal decision is a good promising sign.
Breakthrough in watermark (by OAKES G.)
NNSS (Nihil Nove Sub Sole, i.e., nothing new under the sun)
The move to digital pre-release screeners: DVD R.I.P. (panel with ANDERSON A., TANG E., PRIMACHENKO D.)
- Nobody any more uses exclusively DVD at home, they use additional media. The user experience of DVD is bad (dixit Fox).
- E-screener is more eco-friendly than DVD distribution.
- Less liability due to no need to dispose of the physical support.
- Higher quality is possible.
- According to Fox, on-line screeners are intrinsically more secure than DVD screeners.
- The challenge is the multiplicity of platforms to serve. Anthony pleads for 2FA.
- Some guild members want to build a library.
- Connectivity is still an issue for many members.
Suspicious behavior monitoring is a key security feature.
The global state of information security (by FRANK W.)
Feedback on the PcW annual survey of 40 questions.
- Former employees are still the most cited sources. Third party related risk is rising.
- Theft of employee and customer records raised this year.
- 26% of increase of security budget over 2014.
- ISO27001 is the most used framework. 94% of companies use a security framework.
- Top Cyber threats: vulnerabilities, social engineering and zero-day vulnerabilities.
- Data traversal becomes a visible issue with leaks via Dropbox, Google Drive…)
Would you rather be red and blue, or black and blue (by SLOSS J.)
A highlight on high-profile attacks. A plea for having an in-house red team (attack team)
He advocates the stance of assuming that you’re already penetrated. This requires:
- War game exercises
- Central security monitoring
- Live site penetration test (not really new)
Secrets to build an incident response team (panel with RICKELTYON C., CATHCART H., SLOSS J.)
An Incident Response Team is now mandatory together with real-time continuous monitoring.
Personalize the risk by making personal what the consequences of a breach would be.
Hiring experts for a red team or IRT is tough.
Vulnerability scanning penetration testing (panel with EVERTS A., JOHNSON C., MEACHAM D., MONTECILLO M.)
Best practice for sending and receiving content (by MORAN T.)
Cooperation between IT and production staff is key.
Don’t tolerate shadow IT. Manage it
Monitor the progress of Network Function Virtual (NFV)and Software Defined Network (SDN) as they may be the next paradigms
Production in the cloud (panel with BUSSINGER B., DIEHL E., O’CONNOR M., PARKER C.)
CDSA reported about this panel at http://www.cdsaonline.org/latest-news/cps-panel-treat-production-in-the-cloud-carefully-cdsa/
Production security compliance (panel with CANNING J., CHANDRA A., PEARSON J., ZEZZA L.)
It is all about education. The most challenging targets are the creatives
New Regency tried on a production of a TV show to provide all creatives with the computer, tablet, and phone. They also allocated a full-time IT guy.