Vendor Risk Assessment for the Entertainment Industry
What was the problem/objective?
This production company conducts business with a large number of vendors ranging from content creators to film editors, illustrators, and animators, to marketing and business development teams. We needed to create a quick, consistent, and repeatable process of evaluating these vendors’ security posture, before a business contract could be signed with them.
What was the solution?
Created a standardized process of evaluating risks and validating evidence, negotiating additional security measures wherever necessary, and measuring and monitoring these on an annual basis.
What are some of the other benefits?
Business could have quicker turnaround times and focused discussion, based on what is available and whether any critical controls are missing.
What was the problem/objective?
Movies and productions are a seasonal activity. A rotating group of staff members would come in with their own specific access requests, ranging from accessing corporate assets to securely distributing pre-production content.
What was the solution?
Created a standardized process of evaluating risks and recommending solutions that minimize risk, as well as ensure security and an easy tear-down.
What are some of the other benefits?
Production needs are fast-paced and resource intensive. Being able to provide working and scalable solutions helped increase productivity.
What was the problem/objective?
We were missing critical system logs and this hindered investigations in the case of a security event.
What was the solution?
Conducted a thorough gap analysis of what logs were missing and created working solutions with clearly defined instructions on how to enable collect and consolidate these missing logs.
What are some of the other benefits?
The security log collection process was well enriched with the missing log components now being readily available. This helped investigations and confirming false positives or true positives in a much shorter time, with fewer resources being involved.
What was the problem/objective?
Setting up a secure cloud architecture for some high demand shows like Ellen and Conan. The development team and the infrastructure team did a great job of building scalable resources in the cloud. However, the cybersecurity team was involved as an afterthought and asked to greenlight projects that may or may not have the underlying the security infrastructure.
What was the solution?
Built a scalable security infrastructure in the cloud that was segregated, securely configured, and continuously monitored.
What are some of the other benefits?
Once the underlying framework was in place, more teams could leverage this infrastructure and even start migrating some of the traditionally on-premise applications to the cloud as data-centers and co-locations were being decommissioned.