In looking for the most intriguing topics to address related to cloud for 2023, I began by exploring what were the most significant challenges for cloud technologies and found that one of the most repetitively stated challenges related to “security” and maintaining “data integrity” (Fig. 1).  Data breaches remain one of the most significant threats facing cloud computing today. 

What did I find in my search? Most reports predicted that cybercriminals would continue to target the cloud as a means of gaining access to sensitive information. Summarily, the kinds of sensitive information included customer data, financial records and proprietary business intelligence.

Figuratively, most organizations today operate to some degree in the cloud. While employing the cloud simplifies operations in many ways, this comes with its own set of risks that can significantly impact the bottom line for enterprise and similar scaled organizations. From a report published by Lookout, an IBM Security Cost of a Data Breach Report (prepared in 2021), found that “the average cost of a public cloud breach was $4.8 million.” 

The Challenges 
A significant grouping of priorities related to IT initiatives now involve cloud services and tools, automation and DevOps—which continually evolve as leaders seek to unlock new efficiencies from the front office to the back and every space between. The findings of a CyberArk report recently issued suggested that this technology adoption rate will see a 2.4x growth in human and machine resources, which is coupled with a 68% increase in the deployment of SaaS tools for such services.

This surely means that utilizing the cloud for operational activities is essential, as when trying to build out the scale of similar services on-prem (including construction, supporting and managing) is found to be many times more costly. Furthermore, of the many elements incorporated into developing a SaaS environment or their application is that of creating a set of “secure” authentication steps.

Creating identities that can authenticate the human user(s) and/or the machine(s) involved, can be automated in the cloud, which will significantly reduce the hands-on requirements otherwise required for upkeep, deployment and maintenance. The growing number of SaaS activities businesses must address in the digital future will be highly dependent upon these evolving cloud services.

What Can We Expect?
Trending technologies in 2023 included the Internet of Things (IoT), blockchain, artificial intelligence, machine learning, Kubernetes and docker. With many of those technologies already in place and in full use, we can expect other new technologies such as quantum computing, cloud gaming, augmented and virtual reality coming forth in the near term/upcoming years.

What will cloud computing be like in 2024? Expect a nonstop evolution of new capabilities enhanced by consumer growth, automation, virtuality and more.

Despite these advances, the top challenges expected in cloud computing seem to remain almost the same as they were in previous near-term years (i.e., that last three to five years). We distinguish cloud computing as characterized by those processes and components associated with “deploying computing services,” such as servers, storage, software, analytics, databases, networking and intelligence. Such services rely upon deployment, and of operations over the internet, which characteristically offers flexible resources, faster innovation and economies of scale.

Data Security and Privacy 
At the top of the challenges chart (Fig. 2) continues to be that of data security and privacy (including customer trust). 

Not unexpected in this group is the challenge of password security and protection. Try as we might with multifactor authentication (MFA), people still don’t fully understand or recognize the importance of having a secure, unique and protected password. A 14-character, mixed alpha+numeric+special-character password is essential when working within any compute environment, including the cloud. Continually changing your password—while time-consuming—is an effective (and essential) part of maintaining that security.

We note that not all cloud providers can assure 100% data privacy, so users should understand the values in privacy and security protection (see Fig. 3 for validation). Another methodology to protect your data privacy is to routinely install and implement the latest software updates, especially on the network hardware and configure those components properly and fully.

Cybersecurity compliance includes certain compliance processes and ensures that the provider(s) meet industry standards, regulations, legislation—including international policies and procedures. The NIST Cybersecurity Framework and ISO 27001 are both excellent guidelines for the prevention of cyberattacks and compliance. Even if you don’t believe you’ll be “working” internationally, you should still follow such guidelines as data may indeed cross over to those parts of the world without you knowing it.

Multicloud Environments
Given the growing number of cloud service providers, users will be expecting to work amongst more than one cloud platform, even sometimes to support the same applications or activity. A “multiple public cloud services environment” includes services provided from different vendors within one architecture at the same time. For instance, a business might use AWS for data storage, Google Cloud Platform for development and testing, and then Microsoft Azure for disaster recovery.

We also hear the term “multicloud computing.” Fundamentally, there are three main types of cloud computing: public cloud, private cloud and hybrid cloud. Today, using one or more of these is not uncommon. (I discussed multimedia cloud and hybrid cloud uses and values in my October 2021 column, “Evolution of Multimedia Cloud;” my February 2022 column, “Cloud Production for Media,” and December 2023 column on “Hybrid Cloud Choices”.)  

A private cloud is one built, usually by the owner, for its own independent uses and it most likely would be built on-prem. Public clouds have the most familiar and recognizable cloud service naming with provisions from Google Cloud, Microsoft Azure, Amazon Web Services (AWS), IBM Cloud, Oracle Cloud Infrastructure (OCI) and others. 

Each of these public offerings differs in varying ways and can offer hybrid cloud services and migration paths from one platform to another. Be sure to crosscheck the capabilities from each vendor’s offerings when developing a cloud architecture for your uses.

Performance, Reliability and Availability
Interoperability, flexibility and performance are another set of challenges but possibly less expected are the performance and reliability/availability of the services to, from and within the cloud. Transferring large data sets (volumes) between cloud data servers depends upon sufficient internet bandwidth, which is a common problem. 

On the topic of availability—as with any internet service provider—getting to (or from) the host is usually a core “bottleneck” concern that is essentially out of the user’s control. And of course, once “in the (public) cloud” a user is now in a somewhat “hands off” world where the internal architecture of the cloud is something that you can only minimally affect—and are often determined by the SLAs written into the cloud agreement.

What are the Drawbacks?
A more serious and probably obvious challenge will be the lack of knowledge. Finding the appropriate cloud talent is another common challenge when maneuvering the cloud computing environment. 

As workloads increase through cloud dependencies, so do the number of tools available to global users. Enterprises, regardless of size, need strong expertise in order to properly utilize a growing set of tools and capabilities in the cloud. The solution here is to use/hire cloud professionals who have DevOps and automation specializations and experience.

Karl Paulsen is a frequent TV Tech contributor who has been writing about storage, the cloud and media solution technologies for the past three decades. He can be reached at karl@ivideoserver.tv.

VANCOUVER, B.C.—As more media companies rollout consumer experiences for sports and entertainment in the metaverse, a new survey from Telus International indicates that consumers have a lot of concerns about privacy and security in the medium, with the majority of respondents (60%) citing privacy and data security concerns as a reason for why they’d be uncomfortable completing various tasks in this emerging digital world.

“The metaverse provides an exciting and immersive way for consumers to interact with their favorite brands. Unfortunately, with the emergence and adoption of new technologies and platforms there are also opportunities for bad actors to deploy new and oftentimes more sophisticated forms of identity theft,” said Michael Ringman, chief information officer, Telus International. “Add to the fact that the metaverse is still in its nascency of being regulated, making it easier for fraudsters to impersonate an individual and carry out unauthorized activity without any real world implications. To safeguard their customers and brand reputation, companies must prioritize embedding robust trust and safety measures in the foundation of their metaverse strategy, while also ensuring that these measures are seamlessly integrated so they do not overly complicate the customer journey.”

As the metaverse continues to gain traction among brands and consumers alike, more than one-third (34%) of respondents said their top concern was that their personal data will be compromised. Additionally, 56% believe that it will be easier for hackers to steal their identity or data in this new digital space, the survey found. 

For companies seeking to address consumers’ metaverse concerns, a quarter (25%) of respondents indicated that robust and transparent privacy and security guidelines would encourage them to interact with brands in this space, the researchers said. 

In addition to having security measures in place, companies should post about them on their website or email customers directly so they are informed about the measures in place, as well as highlighting tactics for consumers to proactively decrease their exposure and vulnerability to bad actors.

“Ensuring proper data security in any online environment is complex and partnering with an experienced and proven trust and safety provider offers numerous benefits, including peace of mind,” said Ringman at Telus, which designs, builds and delivers end-to-end digital solutions to help global and disruptive brands enhance and protect the customer experience. “In addition to monitoring and addressing issues in real time, external providers can help anticipate new and emerging threats and have the expertise, agility, technology, processes and controls in place, including AI and human content reviewers, to detect suspicious activity,” 

The survey findings are based on a Pollfish survey that was conducted on Oct. 17, 2022, and included responses from 1,500 Americans familiar with the metaverse.

As an industry, we talk a lot about “business continuity” or “disaster recovery.” But what we actually mean is “revenue protection.”

If you are a broadcaster and cannot transmit the commercials you’re contracted to transmit, you cannot invoice for them, and you’ve lost money. For a mid-market station, you might expect to bill around $10,000 dollars for a single commercial break in general programming. Going off air for a break during a live weekend football game might cost $400k or more in lost advertising revenue. This is likely to be a seven-figure sum for a 30-second spot in a major sport event. Can you afford to risk that loss of income?

Outages also affect brand value. You work to ensure a premium viewing experience for your viewers, because going off-air negatively impacts your brand. This has the potential to impact your ratings and market share, as audiences switch to more reliable competitor channels.

Threats to revenue can come from anywhere, and we’re tracking more every day. Natural disasters, human error and now pandemics are all legitimate threats to the bottom line. A new and growing risk now comes in the form of cybercrime. According to Cybersecurity Ventures, global cybercrime costs are set to reach $10.5 trillion a year by 2025. Cybercrooks attack any size business, large or small.

Researcher Sophos says that the average ransomware attack costs the victim $1.85 million. And even if you pay the ransom, typically you typically see only two-thirds of your data restored.

Can your business sustain a seven-figure loss through cybercrime? Very few could. So, along with all the other threats to your business driving us towards increasingly decentralized, remote working architectures, protection against cybercrime must be at the top of the list. It is vital to build the tightest security into everything you do, and the cloud can play a pivotal and practical role in doing just this.    

Availability in the cloud
Broadcast engineers have been brought up with on-premises, hardware solutions. They know from experience and knowledge how to deploy and architect this hardware to achieve the reliability and touchpoint-level control they want. More so, because these legacy systems are isolated both physically and connectedly, content and control security is easy to impose.

It is important to understand, first and foremost, that business continuity in the cloud provides the scrutinizing levels of security you demand. With the right supplier, the cloud delivers the necessary reliability, resilience and security to meet your revenue protection needs.

Let’s talk about playout. For premium channels at least, broadcasters expect very high availability. A channel that is off air is not making money. Engineers have always seen “five nines” ― 99.999% up time ― as a minimum requirement. That sounds like very high availability, but arithmetic tells us that 0.001% equates to about 5 ¼ minutes of dead air a year ― potentially an entire lost break and more.

A cloud provider’s entire business model is to deliver computing services for its clients the instant it’s needed. In broadcast terms this means unimagined availability ― maybe nine nines, or a fraction of a second of downtime a year, assuming, of course, that you have designed a robust solution. And this high availability also comes with value-add features. Routine maintenance, upgrades and replacements are someone else’s job! Someone entirely focused on those tasks.

A broadcaster never needs to check the SMART status of disk drives in servers, or clean the air conditioning, or manage load transfers to allow for software upgrades. The cloud provider will also handle business continuity with geographically diverse server farms, each with multiple power feeds.

Just as broadcasters can leverage the cloud’s effectively infinite scalability to spin up pop-up channels for special events, it can also be used to spin up a disaster recovery channel. The channel remains cost-effectively dormant — not consuming resources — waiting to be initialized should a crisis arise. 

The cloud is also an ideal environment for remote working. Indeed, every connection is a remote connection, even if it is in your machine room, because the storage and processing are somewhere else. Given a reasonable internet connection, your master control operator could be anywhere in the world and still have exactly the same capabilities, response and user experience as if they were on site. A channel controller can monitor and manage playout from home as easily as from the network operations center (NOC).

Despite the common misconception, this also applies to live channels. All the playout requirements — including the unpredictable interventions associated with fitting commercial breaks into live sports programming — can be hosted in the cloud, with operators sitting wherever it’s convenient and safe. 

Outsourcing security
Just as it is the cloud provider’s business to ensure very high availability without intervention from the client, so too is security. With cyberattacks now an all too familiar headline, no broadcaster wants to risk the output due to incursions and ransom demands leading to loss of revenue and brand reputation, as well as the direct and indirect costs of mitigating the attack and the potential loss of critical assets.

This is all part of the broadening of scope in broadcast business continuity and revenue protection. We used to think a disaster recovery system was there in case of fire or flood. Now we have to add to the list pandemics keeping staff at home and cyberattacks robbing you of control of your own assets.

Building your own data security team means recruiting and managing a whole new category of workforce. That is a business and financial overhead you do not need.

But this is part of the core offering of a cloud provider: no business, in any sector, should trust their data and processing if they can’t be sure it’s completely secure. Big cloud providers have a win-win: they can afford to put together the best possible team, and software security experts will want to work for a big cloud provider because that is where the challenges are.

Moving to the cloud requires investment and careful decision-making on the part of the broadcaster. Relying on the right technology partners will help. But get your architecture right and the cloud will deliver processing power and storage that always flexes to your demands, gives you unimagined reliability, and provides data security that’s even good enough for the U.S. Secret Service. As we move to decentralized platforms and remote access, the cloud can comfortably provide the level of service the media industry expects. 

LAS VEGAS—Speaking in front of the Consumer Technology Association’s Government Affairs Council, FCC Commissioner Geoffrey Starks took the time to recognize many of the biggest tech advancements being made today, but rather than just marvel at them, take a critical look at where they are coming from and how we may need to protect ourselves against them.

Giving his speech on Jan. 6 before the official start of the CES 2020 conference, Starks laid out what his primary goals will be for 2020: “... ensuring that our communications networks and technologies support security, privacy and our democratic values.”

Starks brought up many different forms of technologies that on the surface prove beneficial to our everyday lives—entities accessing our data for more personalization; algorithms that can help classify and research topics based on data and past trends; and face recognition technology for increasing security. But he also offered instances where all of these technologies can prove dangerous or misleading.

“We must undertake, right now and continuously, the thorough examination of all these new capabilities to decide now how we will ensure that they are all poised to serve a future that creates opportunities instead of reinforcing existing inequalities,” he said.

He also brought up the potential danger he sees in China. He notes that he has been working to remove equipment provided by Huawei and ZTE from communications networks because he says there have been instances when such equipment transferred secure data to the Chinese government. He also says that technology developed in China is often not taking into consideration the civil liberties that are required for non-authoritarian regimes.

Potentially helping alleviate all of this, according to Starks, is 5G.

“I am optimistic that technology developments, especially 5G standards, will support our efforts to improve network and data security,” he said. But still, it will fall on people to make sure that the new technology meets the appropriate standards.

“If we work together, I am confident we can build a future that is more advanced, more secure and more prosperous, and more equitable for all.”

CARDIFF, WALES—So, the big topic that is on the tip of every Tom, Dick and Harry’s tongue is content security. Chances are, you’ve heard that a few high-profile companies have fallen victim to ruthless cyber-attacks recently. As Simon Harper, channel marketing manager, Sony has said: “it sounds like a mediocre science fiction film, doesn’t it?” In fact, Simon has pointed out that the National Cyber Security Centre’s ‘Cyber Security Break Survey’, published in April, revealed that nearly seven in 10 large businesses identified a breach or attack in 2016. Scary, right?

If you haven’t heard of the Workflow Innovation Group (WIG), it was started back in 2009 by a group of small companies dedicated to solving the woes of the broadcast technology community. Right now, we are on a mission to tackle the thorny and painful issue of content security. Our next event is in October this year at the Principality Stadium, Cardiff, where we are all going to be learning from the broadcast community about the challenges they are facing and what they are doing about it. We will also be discussing the best ways to combat those challenges using technologies that are integrated into the way that they work.

But first, we’re going to explain to you exactly why the recent scandals are simply a drop in the ocean. It is happening to everyone—and it could happen to you.

IT'S EVERYWHERE

The truth that most of the industry doesn’t want to acknowledge is that it isn’t just high-profile targets that are being hit by this wave of cyber crime. It’s happening to everyone, from every industry. Like Mathew Gilliat-Smith, CEO, Fortium has said, “There are plenty of examples. Some high profile, some small and quiet.”

Even we have experienced emails requesting bank information that had supposedly come from our CEO. Luckily, we share offices and knew that this wasn’t true. But wouldn’t that have been awful? A data security company leaking banking information and probably being robbed blind? As ironic as that situation could have been, it probably wouldn’t have been broadcast. So, how many other stories do you think go untold?

PULL YOUR PANTS UP CHARLIE!

So, why are media companies so vulnerable? Something all of us can agree on is that media companies have the terrible habit of storing all of their data in one place. Not only that, but we all know how much consumers value content. “It’s the trophy and high profile aspects of what media companies do,” says Gilliat-Smith. The fact is that media companies are holding the crown jewels in their storage, and that is easily recognizable to criminals.

Harper has argued that “the fact is that content is the most important asset in the media industry”. The anticipation of a series finale, or the strong wish not to expose spoilers makes the leverage potential for stolen content extremely high, and therefore extremely valuable. Harper commented that “valuable data should always be backed-up in at least one, preferably two places.” So why aren’t they?

Media companies are also vulnerable because of the methods of their workflow. Gilliat-Smith commented that “[media companies] are typically working with multiple third parties, and the more people involved, the larger the vulnerability.” This opens the companies up to both internal and external weakness in security. Furthermore, Patrik Malmberg, marketing manager, Vidispine has pointed out that “the infrastructure aspect with a lot of legacy software and hardware built on top of each other to solve integration problems, simply makes security issues harder to find and address.”

Implementing a proper security platform can easily combat this, as can encryption of content so that even if it is accessed, it can’t be used as leverage. Fortium highly advocates the method of encryption at rest that stays with the file throughout the pre-release. Many companies have encryption standards for content when it is in transit, but fail to protect the files when they are at rest. This can be difficult and cause programming issues. However, companies like Fortium have developed solutions to make this easier for users.

DARKNESS AT THE END OF THE TUNNEL?

What does the future look like for media companies? Will they continue to fall victim to these attacks? Yes. A very big, resounding yes. Not only is content going to never lose its value, as OTT continues to make a rapid rise, but it “is a cat and mouse game” as Gilliat-Smith pointed out. Not only are media companies reluctant to invest in the needed security measures but overall seem uninformed of the sheer vulnerability of their systems.

This current situation of large name companies falling victim to the simplest of hacks, is only going to get worse. Malmberg has commented that “We think the situation will become worse over the next year(s) as equipment gets older. The shift to cloud can, if done badly, also make the situation worse before it gets better. However, moving things to cloud will hopefully be a part of modernizing infrastructure and workflows, which in itself will help with security.” As we have seen time and time again, companies are failing to recognize the issue here.

SOMETHING TO TAKE AWAY

The main message that we are trying to get across here is that with the evolution of technology over the last few years, media companies have become outdated and underprepared for cyber attacks, as we have seen. This, as well as the emergence of cloud storage and the considerations of a third party workflow has resulted in content being unsecure. We, as a collective, think that this isn’t something that can ever be completely overcome. We are all well aware that there is only so much preparation that can be undertaken to ensure data security, but the subject has been painfully overlooked and disregarded by the industry in the past.

Like Malmberg has said “Security is not only about technology, but also about processes and people.” Yes, the framework of security for your company will be based on technological solutions, but it is also important to make sure that your workflow is efficient and reliable. It is because of attempts to keep costs low and cut corners in security that companies are so vulnerable. Now we are witnessing the age old term of “you reap what you sow.” So, come on media companies, it is time to listen.

By Nick Pearce-Tomenius, sales and marketing director, Object Matrix.
With contribution from Fortium, Sony and Vidispine.

TV Technology is hosting a Cyber Defense Boot Camp in New York and Washington, D.C. Find out more here. 

This story originally appeared on TVT's sister publication TVB Europe.