08 Feb Real-World Tips for Media Security
We’ve learned a lot about security tonight, but what does it mean in the “real-world?” Michael Kammes, Director of Technology for KeyCode Media, shares his thoughts on what media creators – especially those in smaller companies – can do to protect their data.
Larry Jordan: In his current role as director of technology at Key Code Media, Michael Kammes consults on the latest in technology and best practices in digital media and communications. Hello Michael. Welcome back.
Michael Kammes: Hello Larry, good to hear your voice and thank you.
Larry Jordan: Michael, this evening we’ve learned about how to keep our files safe locally, the challenges of keeping our files safe in transit and how to improve security for files stored on the web. You’ve been listening to the whole show, what’s your reaction so far?
Michael Kammes: I’ve been listening to this show and in the chat room, talking about this on the Digital Production Buzz website and I think we’ve heard a lot of great concepts, but I think there’s kind of a missing link with those concepts as to how to apply those to the average lay person who isn’t transporting a ton of data and needs FileCatalyst or needs to operate on a server level. I think there’s some missing glue there.
Larry Jordan: OK, what’s some of the glue that we’re missing?
Michael Kammes: Well some of the glue would be, especially for folks in the media and entertainment space, you’re working on a television show or a film and you want to get data from on set back to the mother ship, back to where you’re going to edit or back to where the production company is. All the technologies and concepts your guests have talked about tonight, that can all be incorporated into portable drives, which is a very common way of transporting data securely.
Larry Jordan: Well that was the thought that Larry O’Connor mentioned, is it’s a whole lot easier to FedEx eight, ten, 15 terabytes of data than try to transfer it over the web. Would you agree with his comment though that file transfers over the web are reasonably secure these days?
Michael Kammes: Well I think your last guest hit it right on the nose which is, once you put it on the web, there’s no guarantee it’s going to be OK. We just saw the boot code for the iPhone posted online, on GitHub. If something like that can be hacked or delved into, then what’s to say what you’re paying 19.95 a month for can’t be hacked too. So I’m a big fan of the let’s have that abstraction layer and let’s not transport it online. Let’s do it the old fashioned way and carry it.
Larry Jordan: Well that brings up a bigger point. How can we tell, and we may need to go to another expert to come up with this answer, but how can we tell if we’ve been compromised? Is it just when somebody else tells us that they’re seeing our files on the web?
Michael Kammes: I think yes, that’s one way of doing it, and one way to thwart that, and this is what a lot of facilities do, I’m manipulating your question a little bit, is just watermarking. People are scared of getting in trouble, and being blackballed and being ostracized. So quite often facilities will put someone’s name on there, Bob Smith. Well Bob’s not going to take any chances of leaking footage if his name is on that footage. We can also go into forensic watermarking. Phillips has technology that does that. So you can’t see the watermark but it’s actually embedded in the video and those kind of scare tactics keep folks away from putting themselves in a situation where they may leak footage. I’m sure as you also know, many facilities are on lockdown meaning the computers aren’t online, a lot of times they keep the machines in the machine room or centralized room. So you can’t plug in a thumb drive, you can’t plug in a portable drive in order to get data out.
Larry Jordan: John Tkaczewski says that there’s a lack of security standards regarding media. Unlike where in medicine where HIPPA controls or financial data being transferred. Do you agree with the fact that media needs to have more consistent standards for encryption and security?
Michael Kammes: Well, there are standards. There’s the Advanced Encryption Standards. People who like acronyms have probably heard of AES encryption, 128 bit 256 bit, and that’s a standard for encryption, and just like codecs, we have the essence and then we have the wrapper around it. Having this encryption wrapper around your media can adhere to the standards that have already been put out there. And a lot of these hardware based security protocols we have, and a lot of the software based ones, adhere towards the AES 256 bit encryption which is very difficult to crack and NIST, the National Institute of Standards and Technology have said, “Yes, these are pretty much unbreakable.”
Larry Jordan: Although we can’t necessarily use that for files which are coming into our editing systems because it would take too much time, generate too much latency if we had to decrypt as it was being played back for editing. So this would be an encryption standard for storage and archiving correct?
Michael Kammes: That’s correct. It would be to have media locked on set, locked for transport and then stay locked until you plugged it in, booted up the computer and then entered in a password. You’re completely correct, if you try and do this in real time there’s a lot of latency on the computer and no-one’s been able to, for lack of a better term, crack that nut just yet.
Larry Jordan: Shifting back to the idea of applying our security standards in the real world, what habits do we need to break that are putting our files in jeopardy?
Michael Kammes: It’s a great question. First off is your editing machines, don’t put them online. And I know that there’s a lot of independent editors who say, “Look, I need to share stuff via Dropbox and I need to collaborate.” Don’t. Unplug it until you need it, then plug it back in, then unplug again. There’s nothing wrong with that. In a lot of facilities, that can’t afford enterprise security, they have an abstraction layer which means they have a firewall between the switch that controls all the internal data on the network, and a switch that goes out to the real world to hit YouTube or whatever websites you want to hit. Keeping a firewall between those is one more layer of security that prevents folks from getting out and getting in. So that’s one way to do it.
Larry Jordan: Seeing as you’re batting clean up here, we let you get all the important questions. What would you say are the three most important elements that people should consider when they’re looking at setting up a security workflow?
Michael Kammes: If you have anything that’s password protected, and that password is shared amongst multiple people, like Dropbox for example, multiple people can have the same password and same log in for a shared account. Don’t do that because all it takes is for one person to slip up and things are compromised. Keeping your machines off the internet, that certainly helps quite a bit. And any kind of media that you have on a hard drive that’s being transferred from one location to another, look at something like Apricorn, it’s Capricorn without the C, and they have portable drives and thumb drives which are all encrypted and you can store your data on that.
Larry Jordan: Well one of the things I enjoy is watching and listening to your five things podcast. Tell us what’s coming up because I think what you have coming is relevant to our discussion on security and remote editing.
Michael Kammes: Thank you for that, the upcoming episode which will probably be out later in February, will be on remote editing, and things to look forward to in remote editing and why it’s such a challenge to do it now in a cost effective way and still retain security.
Larry Jordan: Do you view remote editing as the same as collaborative editing?
Michael Kammes: I think the term collaborative gets thrown around quite a bit. Some people would look at Dropbox as being collaborative, which it is in some respect. But when I talk about editing and collaborative editing, I’m looking at shared projects, shared media, shared timelines. So there’s a complete flow as opposed to more of a push pull methodology that you would work with with Dropbox.
Larry Jordan: With the collaborative editing or with the remote editing, do we need to have assets stored locally, or are you accessing assets on the cloud?
Michael Kammes: That really depends on what system you’re going with. There are very few NLEs that support editing from a cloud based system, but they will support editing from your personal cloud in your own data center back at your office. So it really depends on what NLE you’re trying to use and what technology, but more importantly, what kind of budget you have.
Larry Jordan: And for people that just need to know where you are on the web and watch the next 5 things episode, where can they go on the web?
Larry Jordan: That’s the number five, 5thingsseries.com and michaelkammes.com and Michael Kammes himself is the voice you’re listening to. Director of technology at Key Code Media, and Michael as always, thanks for joining us today.
Michael Kammes: Thanks so much Larry.
Larry Jordan: Take care, bye bye.