M+E Connections

Convergent Risks CEO Chris Johnson explored how security has changed and evolved over the past 15 years, since MESA’s inception, at the Content Protection Summit @ NAB 2024 in Las Vegas on April 13.

During the session “The Only Constant is Change,” Johnson and JT Gaietto, chief of staff at Digital Silence, which merged with Convergent Risks in April to form ConvergentDS, discussed the current challenges and future roadmap of security in media and entertainment. Gaietto is serving as COO on the new ConvergentDS leadership team. He and Johnson are among its co-founders.

“I’m very proud to say that I’ve been to every single one of these events since the start” and the one thing that has stood out in the sector over the past 15 years is that “the only constant thing is that things will change,” Johnson said at the start of the session.

Johnson recalled that about 15 years ago, he was working for EMI Records and had just finished working on Love, The Beatles show at the Mirage hotel in Las Vegas. “I actually realised that I was sending, for the first time, data to and from the Mirage Beatles show back to Abbey Road in London,” he recalled.

“That was the first time we’d sort of got into that sort of technology,” Johnson said. “Fifteen years ago: that’s all it was. So we’ve come a very long way. Most of my guys at the time were traveling around the world and we were visiting CD and DVD and Blu-ray replication plants, which actually, if you think about it, is still very relevant today.”

He told attendees: “There’s still a need for us to secure those types of things. We wrote our first two security programmes for CDSA. We wrote the site security programme, which has eventually morphed into the [Trusted Partner Network]. And we had a copyright and license verification programme, which looked at the integrity of how many discs were pressed. It looked at the mirrored images and the IFPI [International Federation of the Phonographic Industry] codes that were on DVDs…. And that’s what we spent most of our time doing.”

At that time, most companies were large corporate organisations and “security at the time was more about protecting them from their own mistakes than it was from being damaged from the outside,” he said.

Convergent Risks was focused on internal detection, which he said, “brought us to the first common theme, [which] is that people knew what their job was [and] they did it really well.”

He added: “They did it because they were very well trained.  And that is still a common theme today. We need to train our people well…. People are our greatest asset. And whilst we talk a lot about the technology and AI, we think it’s really important that we continue to push … the training and education.”

At NAB, the company announced it was partnering with media localisation firm OOONA to introduce a new security training course for the media and entertainment industry, to help clients prepare to respond to unforeseen threats and actual security events, he pointed out.

That course is “going to, over time, expand into multiple subjects, and we’ll be linking it to most of the security activities that we do,” he said.

He went on to say: “Fresh technologies are constantly emerging. And cyber threats are now very fast to evolve. Digital landscapes are constantly shifting.”

But the industry was “not quick enough to change security controls that we were using and we had some significant casualties…. Several big businesses that were subject to ransomware attacks that have subsequently had to go out of business or have had to pay out lots of money, which is a question in itself whether it’s the right thing to do.”

Now, however, the Hollywood studios are “evolving [and] we’re working very closely with the studios to look at what controls need to come into these best practices,” he said. “What we’re trying to do is now associating and make the process a lot more frictionless.”

Wrapping up the session, Gaietto said: “We’ve moved into a much more hybrid and remote workforce strategy [in which] security now is at the web browser level. So we really need to train our users on how to manage content and manage security for themselves because they’re not always behind that barbed wire fence and that castle wall that we’ve developed over the last 10 years.”