HITS 2024: MovieLabs Teams With TPN to Measure Supply Chain Security Preparedness

The Trusted Partner Network (TPN) teamed up with MovieLabs to bring Zero Trust and Common Security Architecture for Production (CSAP) to their global assessment programs to measure security preparedness in the supply chain, according to the two groups.

On May 22, at the Hollywood Innovation & Transformation Summit (HITS), during the session “Zero Trust: Partnering for a Secure Future,” executives from both groups, stressed the importance of Zero Trust in companies’ software development and architecture.

To kick off the session, Terri Davies, TPN president, noted that her group is comprised of all the major Hollywood studios and runs a content security program. “We write and maintain the MPA content security best practices,  and we also run an assessment program so that we can assess service providers in the industry against those best practices,” she said.

MovieLabs, meanwhile, is also a joint venture of the studios, making them sister associations that are “absolutely united in the need for content security and doing the right thing for the industry,” she said.  “MovieLabs really focuses on innovation and trying to move everything forward for the industry.”

She went on to tell attendees: “We’ve been talking for a while about Zero Trust. MovieLabs has been talking about Zero Trust for quite a long time – in particular, getting to their 2030 vision. And, of course, we’re united in  the desire to have that North Star that we’re moving towards with regard to content security.”

She added: “This year, we’re in a position where we’ve been able to talk a lot about the recommended practices that MovieLabs created for Zero Trust and what would it look like if we included them in the MPA Content Security Best Practices. So that’s exactly what we’re going to do this year. We are publishing version 5. 3. A couple of years ago, we had a rebrand for TPN and we decided that we were going to republish, update and publish the MPA Best Practices every year, which gives us the opportunity to have these great conversations in the industry about what has changed, what technology is new, [and] how do we include” artificial intelligence (AI) and machine learning (ML).

So TPN will be “republishing in December and that has really allowed us to have some really great conversations” with Spencer Stephens, SVP of production technology and security at MovieLabs, and the MovieLabs team, she said.

Version 5. 3 will include the Zero Trust recommended practices that are the foundation of CISA, she noted.

When it comes to content security best practices, “TPN has best practices, which are a minimum requirement guideline,” she said. “We write those with the studios. So, once a month, we come together in a controls committee with all of the studios – all eight of them – and we talk about what’s new [and] what needs to go in. We map their controls against our controls and make sure that the gap between the two is as small as possible. And we also have additional recommendations.”

One of the things that TPN “built within the rebranded, relaunched TPN program is the ability to scope the assessments that you all do,” she went on to say. “So what we’re now able to do by introducing Zero Trust is, at the very beginning, when you come into TPN and we ask you some baseline questions to scope and size your company and understand what we should be asking you about from a content security point of view, we’re now able to say, ‘do you follow Zero Trust?’”

Four or five years ago, MovieLabs “published what we call the 2030 Vision, which is a vision of where production is going to be evolving up to 2030,” Stephens told attendees. “Part of that was the realization that we need a new security model, a new way of doing security. And … we created the Common Security Architecture for Production, which is a Zero Trust architecture, specifically for media production.”

He added: “One of the things about Zero Trust is that everybody’s got one, and they’re all different and that was really what prompted the recommended practices, because we’re trying to steer people towards a few implementations of Zero Trust that fit in with the next step.”

To download the presentation, click here.

To watch the session, click here.

HITS Spring was presented by Box, with sponsorship by Fortinet, SHIB, AMD, Brightspot, Grant Thornton, MicroStrategy, the Trusted Partner Network, the Content Delivery & Security Association (CDSA) and EIDR, and was produced by MESA in partnership with the Pepperdine Graziadio School of Business.