Take1 is now a company Learn More

5 questions you should be asking your service providers about video content security

10th April 2019

Next Post

Whether you’re producing a feature film or reality series it’s almost guaranteed that your video content will leave the safety of your building at some point during your production process.

You may need to send a rough cut to a producer that can’t be in the edit suite, share clips with visual effects artists, composers and other contributors or get interviews transcribed and translated.  Twenty years ago that would have meant sending a tape across town or across the world, but now, thanks to digital workflows and the cloud, we can share anything with anyone at the touch of a button.  And while these developments have made production workflows much more efficient and enabled creative collaborations that were previously impossible, they have also made the issue of video content security more complicated.  Add to this the fact that it is now also possible to share this content with a global audience at the touch of a button, it’s clear why video content security has also become much more important.

Digital Data Security Padlock
The importance of data security in the production industry has risen sharply over the last 5 years

Worldwide revenues lost to online television and movie piracy are expected to reach almost US$52 billion by 2022, almost double the figures from 2016, but video content isn’t the only production data that needs to be kept secure. The infamous Sony Pictures hack of 2014 revealed personal data about the company’s employees and their families as well as confidential emails containing some embarrassing conversations between high-level execs, and in the same year five scripts of the new Doctor Who series were leaked online seven weeks before they were scheduled for broadcast, prompting the BBC to radically upgrade their content security processes.

So how can you ensure that the people you’re sharing your content and data with will keep it safe?  A good place to start is by asking the following questions;


1. How will you send content to them?

Sensitive content should never be shared in an email or by sending a URL of any description, as these can easily be shared with third parties and can potentially even be discovered online by search engines.  This is precisely how the Doctor Who scripts were leaked when they were sent to the BBC’s Latin American headquarters for translation, according to security expert Graham Cluley.

There are various methods that service providers might use to securely access your content – from private web portals to virtual private network tunnels – but the most important thing here is to ensure that your content (whether that’s video or data) will be strongly encrypted at all times.   Similarly, if your service provider shares content with other contributors or a remote workforce, they will need to ensure that the same security measures are employed.


2. What keeps outsiders from accessing content on their systems?

In 2017 a group known as The Dark Overlord hacked a PC running an old version of Windows at audio post-production house, Larson Studios.  The hackers blackmailed the studios out of $50,000 and went on to leak 10 episodes of “Orange Is the New Black.”  This was Hollywood’s biggest security breach since the Sony Pictures hack of 2014 and it made the whole industry reconsider security at third-party vendors.

Orange is the new Black
Hackers attempted to blackmail Netflix before releasing the episodes online

Every service provider should have a firewall in place to control and monitor incoming and outgoing network traffic based on security rules.  In addition, even on their internal systems, sensitive video and data should be stored in encrypted formats with two-factor authentication to ensure that only users with the required privileges (in relation to their role) can access your material. For maximum security, internal networks should be segregated so that the content processing network is kept completely isolated from email and internet access.


3. How do they minimise the risk of leaks by staff and contractors?

Whether accidental or by malicious intent, it’s almost impossible to guarantee that the people who work on your productions don’t leak the content or share spoilers.  But there are steps that can be taken to reduce this risk.

As well as employing physical security measures like restricted areas, visitor access policies and CCTV, the companies you entrust with your content should do background checks on all employees, ensure that non-disclosure agreements are signed by anyone with access to client content and have regular training and monitoring programmes in place to reinforce a security-conscious culture in their business.  Once again, a segregated network is ideal as this makes it impossible to distribute content online from within the content network, even accidentally!

Game of Thrones Season 8
Game of Thrones used digital scripts that ceased to function after filming to avoid leaks

The final season of Game of Thrones may have been the latest victim of content leaks. A Redditor/YouTuber has shared a video and written posts that describe the Season 8 premiere storyline in great detail weeks before the scheduled broadcast.  Whether this content is merely a super fan’s predictions or the actual storyline remains to be seen, but this shows how security risks can extend beyond physical leaks.



4. What happens if your content does fall into the wrong hands?

Even if someone manages to get past all the security processes and technologies that your service providers have put in place, and your files are leaked to outside parties, video encryption should ensure that the content is inaccessible without the necessary viewing software (which requires up to date user authentication.) In addition, visual and forensic watermarking can be used to identify copyrighted material and provide traceability    if leaks are detected.



5. What security accreditations do they have?

Finally, if your video service provider really does take your content security as seriously as they should, then they’ve probably been awarded some sort of accreditation to prove it.  Two well-known and respected broadcast industry security programmes to look out for are the DPP’s Committed to Security Marks and the Trusted Partner Network.

DPP Committed to Security Broadcast and Production Shields


So how secure are your existing vendors?

At Take 1 we process premium content on behalf of leading international broadcasters and streaming platforms, so content security is embedded into our culture.  We continuously assess security measures and implement best practice to ensure the continued confidentiality of all media assets in our care.  But not every video service provider in our industry takes content security quite as seriously as we do, and many are happy to compromise on security in favour of speed and ease.

Get in touch to find out more about Take 1’s secure transcription, translation and post-production script services.