Media & Entertainment
• Governance and compliance—This is the
less sexy part of security. But once you have
security technologies, services, and policies in
place, you have to continuously enforce them.
• Security event data volume—There's
probably a lot of data moving around your
organization, especially when you add in
partner networks. You have to distill threatattempt data into actionable intelligence so
security measures can be implemented to
stay ahead of evolving threats.
• Extension and softening of network
boundaries—This is partly driven by the
increased use of contractors in media
and entertainment. But the so-called
"consumerization of IT," driven by the
rapid consumer adoption of mobility and
social media platforms, also means you will
have to address the erosion of traditional
• User identity management—Providing
access to your content is no longer a one-time
event. You have to provide, scale, and cut off
access throughout the content lifecycle.
• Focus on core competency—Security is
probably not your primary focus, so you
should partner with an organization that has
the competency, capital, capacity, and speed
to secure your content.
• nfettered expansion of security vendors—
You have a lot of options in securing your
content. You can implement the technologies
yourself or obtain security as a service. But
no matter which path you choose, it's critical
to first get a complete understanding of the
options, their capabilities, and trade-offs.
of a mature
In meeting security challenges, it's critical
to implement a comprehensive solution
that has the breadth and depth to cover
all vulnerabilities over the long-term. Just
remember, you have to succeed continuously
in protecting your content, but criminals only
have to succeed once.
Attribute 1: Risk-based approach
When considering security options, it's best to
first determine your organization's tolerance for
risk. You can begin to do this by evaluating your
current risk posture. Content is often scattered
around the organization, and you need to find
out what's being done to secure it. Most likely,
it will first have to be classified and prioritized
to know how risky the loss of specific content
would be to the business.