If you ask any content owners out there regarding having Internet connectivity on systems that have direct access to content, almost all of them will not allow it. No one wants to be responsible for any content leak, maliciously driven or not. This is a fairly old argument but a very important one. With constant improvements in technology, there are two drivers for the notion of no Internet on production computers:
- The fear of the user maliciously share content outside of the production systems
- The fear of content being leaked through improper use or external threats
Let’s take a look at both concepts to better understand and draw your own conclusions.
Sharing Content
It’s no secret that if there is a will, there is a way. Unless you completely seal your environment from humans and technologies, if someone really wants to steal content, they probably can. I’m not necessarily referring to the ability to steal an entire episode or a film but it’s enough to sneak a screen capture for that to be considered a leak. There must be some trust when it comes to this industry. However, even with trust many studios must adhere to basic security protocols to ensure that content is safe.
Normally the content touches many hands and goes through several cycles before becoming available for theater or TV. Any company involved in the creation/manipulation of the content has some responsibility and must protect the content in ways related to their activities with the content. By not having the Internet on computers with access to content, the ability to share content through unauthorized means is also limited. However, sharing necessary information for the production use of the content is also limited and can slow productions down.
Improper Use
When any device is connected to the Internet, there are associated risks. There are two main issues that can arise from Internet connected devices:
- Users on the device may unintentionally download or click on malware/virus that can harm the device.
- If device is vulnerable, bad actors can take advantage of it and attempt to access it and cause problems including content leaks
It is important to note that most problems with Internet connectivity are based on user behavior and not necessarily external attack. In most cases users are behind firewalls, or on home based routers which provide some basic protection from such attacks. However, user behavior on the Internet is critical here. If the content computer is used to search sites, access various web addresses and download software, the risk is much higher than from an external attack.
Next Steps
So what can you do now? Well, that depends on whether or not you want to allow Internet access on your production computers. If you are under studios guidelines or requirements, most likely you don’t have too many options and need to remove Internet access from content facing computers. If you’re not under such restrictions, I would still consider removing Internet access. If you still want Internet access, I highly recommend you install good anti-virus/malware software on any computers with access to the Internet. This will at least protect you from some known viruses or malware attacks and prevent you from opening harmful programs. In addition, if you have a decent firewall in hand with current subscription, I would also recommend you enable its URL filtering where you can restrict access to some categories when it comes to browsing. Examples would be shareware sites, known harmful sites and porn sites.
If you decide to block out the Internet, you still have options when it comes to necessary services. Here are some options to consider. Keep in mind there are more out there and you should always consult your studio guidelines for more information:
- Use personal or spare computers for Internet access – These computers will need to be connected to an Internet connected network and cannot have any relationship to where content exists.
- Allow only specific access to the external world – Some studios will allow you to only open specific ports to specific locations as long as they are legitimate and necessary to do your job. Examples would include licensing servers, specific software requiring Internet and in some cases cloud services. Keep in mind that none of these options will allow you to browse the Internet as you normally would
- Use third party software to allow browsing from your production computer – This option will allow you to browse the Internet safely from your production computer by using some kind of relay software that uses another network to do the browsing. The software will prevent any access to the content network so even if someone is able to download/install malware, the infected computer will not be the production computer and will have no way to harm content. There is an obvious cost here and in some cases it can complicate your network environment.
If you are serious about removing Internet access from your production computers and need help in doing so, don’t hesitate to contact us!