Jon Mason, CEO and co-founder of Hotspring on the security advantages of remote working in VFX

The events of recent years have ushered in some disruptive changes that have been game changers for many industries: certain businesses had to fully embrace cloud transformation or cease to exist. As remote working became a necessity rather than a perk of the job, teams had to break away from the traditional workflow models that have been set in stone for the past two decades. This shift was felt acutely across a range of sectors, with some cramming around a decade’s worth of digital change into just 90 days in something McKinsey referred to as The Quickening. For the VFX industry specifically, one of the main concerns was, of course, security.

Anybody who’s ever worked in post-production knows that it’s a closely guarded profession. From urban high rises to unassuming workspaces in the bustling metropolis, each office is home to layers upon layers of embedded security. Even making it to the reception area can be a challenge, let alone getting through the inevitable labyrinth of keycard barriers and ID-operated lifts. But what happens when those individuals are suddenly scattered, driven to logging in from home instead of clocking into the ‘fortress’ to start their day’s work? Just like everything else, the gold standard of security has to adapt and evolve.

Stepping beyond traditional facilities

These highly controlled environments used to be regarded as the pinnacle of security. At least, physical security. That’s because, for a long time, physical security was more or less all that mattered. If you could safeguard servers, discs and devices from potential thieves with security staff, locked doors and cameras, your assets were safe. Even as technology evolved and workflows became increasingly connected and digitised, the industry’s security mindset remained very much focused on protecting physical spaces. However, the majority of leaks either come from employees themselves, or creative works being digitally stolen in instances of cybercrime, neither of which can be mitigated by the traditional ‘facility model’ of security.

Take Quentin Tarantino’s script for The Hateful Eight, which mysteriously turned up on Gawker as a PDF months before the film’s release, prompting a furious Tarantino to temporarily shelve the film. In 2014, Sony Pictures was hacked, resulting in swathes of leaked documents, scripts and films that ended up costing the Hollywood behemoth an estimated US$35m in lost earnings and IT repairs. The point is, creative leaks aren’t a new thing, but the avenues open to individuals that want to leak or steal assets are more numerous and nuanced than ever before.

Perhaps one small silver lining from the pandemic is that it’s compelled VFX companies to lean more into cloud security as they adopt more agile workflows, and that can only be a good thing.

Security challenges

Designing a facility like a fortress works well only until the assets need to go beyond those walls. Once content is shared externally, it ends up on a variety of different machines and devices, all with different levels of security and access. This decentralised approach to digital distribution makes content extremely vulnerable, bringing countless new endpoints into the mix that are virtually impossible to police. The industry has done its best to mitigate the risk involved in sharing digital assets between facilities, but even standardised measures such as the Motion Picture Association’s Trusted Partner Network (TPN) isn’t enough to account for the varying levels of risk exposure from one facility to the next. From differences in compliance policies to poorly trained employees, there will always be a weak link.

This is where the cloud comes in. By storing data and assets on the cloud, everything is centralised within a hyper-secure environment that isn’t confined by geography. Distributed teams can work remotely and securely within the same cloud security infrastructure using things like virtual desktops and VPNs that can simulate the in-office experience and give employees access to the assets they need. Economies of scale also come into play, allowing smaller companies or those with sub-par digital security capabilities to tap into the premium-tier security almost exclusively offered by cloud hosting companies. The fact that everybody can tap into the same tools and assets under the same cloud umbrella means that data has to be transferred far less, making it less vulnerable and less exposed to risk.

Centralisation via the cloud can also help to mitigate risk from the weakest link of all - people. Truth is, the majority of the industry’s most devastating hacks and leaks don’t come from faulty network policies, they come from someone falling for a phishing email, opening a compromised attachment or plugging in a rogue USB drive.

Moving operations to a secure cloud environment means that these risks are eliminated or severely mitigated, because access to content can be centrally orchestrated and organised programmatically. In other words, it gives businesses the ability to finetune various levels of user access to precise degrees - something that’s only partly possible in a traditional facility environment. Such steps might involve restricting access to certain IP addresses for instance, or requiring users to use multi-factor authentication when accessing sensitive material. Furthermore, when files do need to leave the network they can be encrypted with military-grade technology, which is exclusive to the cloud. Auditing and data trails can also be set up, allowing for proactive monitoring and real-time security such as being able to tell who has opened a file, on which device, and at what time.

All of these features and more are made possible via cloud security. Now that the industry has evolved its workflows to be cloud-based, the question now is, will cloud security ever replace traditional on-site security?

The future of cloud security in VFX

It’s still tempting to put a great deal of stock into physical security. For decades we’ve become accustomed to the notion that building walls and locking doors is the best way to keep something safe and hidden. However, in a digital ecosystem that’s constantly spiralling outward, with more touchpoints and greater levels of convenience being constantly added into the mix, physical security isn’t the ‘big hitter’ it once was. Of course, the reassurance that comes with having content stored and worked on locally is understandable, but it’s simply not compatible with VFX workflows in a post-pandemic landscape.

The future for creatives lies undoubtedly in the cloud, so it follows that a cloud-first approach to security will be the emerging trend as we move into 2022 and beyond. For those determined not to rely completely on cloud workflows, either due to lack of trust or simply because they’re being held back by legacy systems, a hybrid infrastructure will be a valuable compromise. But even these hybrid workflows will eventually give way to the immeasurable benefits of cloud-first security as businesses continue to evolve. A recent survey revealed that nearly one third (27%) of business leaders had significantly increased their cloud spend as a direct result of lockdowns and other measures.

Once the benefits of cloud workflows and cloud security are truly realised and become widespread, cloud-first will become the de facto solution for distributed teams working with sensitive data or assets like those in the world of VFX.

Jon_headshot_portrait

 Jon Mason is CEO and co-founder of Hotspring