News, news analysis, and commentary on the latest trends in cybersecurity technology.

Remote Browser Isolation Stars in Content Protection Role

The entertainment industry has long had to deal with the challenge of protecting their high-value content and intellectual property. Enter remote browser isolation (RBI).

Nick Kael, CTO, Ericom Software

December 2, 2021

4 Min Read

The ever-increasing number of cyberattacks have spurred enterprises to scrutinize their security defenses to keep cybercriminals at bay. For film, entertainment, and visual effects companies, however, “enterprise data security” is as much about preventing prerelease content from getting out as it is about stopping cybercriminals from getting in.

When the group Guardians of Peace hacked Sony Pictures Entertainment in 2014 and publicly posted unreleased movies and confidential documents in retaliation for the company's refusal to cancel the controversial movie “The Interview,” it was big news. What doesn't get discussed as often, but is just as damaging, is the threat posed by unauthorized exfiltration of high-value content and intellectual property by insiders, including third-party content creators. 

Exposing even one image or frame of a film without authorization, or uploading a clip or a scene to YouTube before the release date, can result in millions of dollars of losses for content owners and distributors. The Motion Picture Association has been relying on its “Content Security Best Practices Common Guidelines” through its MPA Content Security Program since 2009 to protect data.

Canaries in the Coal Mine
Long before the COVID-19 pandemic sent businesses scrambling to secure their content, creative content producers have had to deal with the challenge of protecting data created by a sprawling ecosystem of third-party vendors working off-site. If content producers weren't going into the animation studio, then the studios couldn't check cell phones and tablets to ensure content was not being illicitly shared.  

The MPA Content Security Guidelines stipulates that third-party vendor workstations can’t be connected to the Internet – meaning artists can't email or use the Web on their work devices. This was a significant hardship for artists working remotely as it required switching devices just to communicate with colleagues. These kinds of draconian rules are untenable. They are too limiting, too inconvenient, and simply too frustrating for users.

Air-Gapping Intellectual Property 
Technology can solve this quandary. Remote browser isolation (RBI) is now included in the MPA Content Security Guidelines as a best practice for ensuring data security, as well as for protecting networks, workstations, and content from cyberattacks.

RBI solutions enable users to interact with the Web via a browser on their endpoints within policy-based limitations set by their organizations, while preventing direct contact with Internet code. Granular policies set by the organization limit which sites or categories of sites users can access and which content (if any) can be copied, pasted, and printed via browser functions, enabling users to browse and interact with sites in a compliant and secure manner.

For instance, policies can block or limit access and data sharing with cloud storage or social media sites. Critically, RBI also protects user devices and studio networks – as well as content – from email and Web-enabled cyberattacks, including phishing, ransomware, and other malware that can exfiltrate data.

When a user browses to a site, the RBI solution opens the site in a virtual browser located in an isolated container in the cloud or on a remote server. Only safe rendering data is sent to the browser on the user’s device. When the user stops actively browsing, the isolated container is destroyed, along with all website content within, including any malware or ransomware that may have been on the site. Because content never reaches the browser, there is no risk of exfiltration via the browser cache.  

Satisfying a Discerning Population  
Providing a robust and secure Web browsing experience that meets the expectations of professional animators and motion graphics creators is no simple task. While the MPA Security Content Security Program's acceptance of RBI creates hope for frustrated users, the user experience provided by some first-generation RBI solutions led to other frustrations – jerky Web page scrolling, disjointed video, and slow response to user inputs. For video professionals, this type of performance was roughly akin to the sound of nails on a chalkboard.

Fortunately, new high-performance, cloud-based RBI solutions have changed the picture dramatically. These next-gen solutions provide an outstanding, all-but-native browsing experience that content production professionals can appreciate (if they even realize that RBI is at work). Security and IT teams appreciate the ease with which they can be integrated with existing IT infrastructure.  

On the operational level, cutting-edge RBI solutions allow clientless deployments that make it quick and simple to provision services for remote users as production studios scale up workforces for projects. Clear management interfaces enable granular policy-setting for the robust data-sharing control that is absolutely essential for creative content production studios. The most advanced RBI solution even enables isolation of virtual meetings – a truly impressive achievement given the complexity involved in isolating and coordinating delivery of live video, audio, screen-sharing, and chat functions. 

In short, next-generation RBI solutions show how technology can be used to ease draconian, productivity-killing data access and sharing limitations for content producers while keeping dangerous malware away from networks.

About the Author(s)

Nick Kael

CTO, Ericom Software

A cybersecurity expert with over 20 years of experience in web technologies, architecture, infrastructure, networking and dev environments, Nick is responsible for solution management, technology strategy and technology partnerships. Nick was previously Symantec Group CTO for Global Service Providers, following his tenure as Director of the Chief Architect Team for Channel and Service Providers at Zscaler and an earlier position in the Symantec CTO organization. His certifications include CEH7, CCSK, BCCPP, Bluecoat Blue Knight, MCSE + Security, CCDP, CCNA, CCSA, VTP5 and VTSP5.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights