The EBU Technical Committee has approved R 146, the EBU Recommendation on Cloud Security for Media Companies [LINK]. It is the latest addition to the suite of Recommendations developed by the EBU Strategic Programme on Media Security.
Whether for reasons of cost or convenience, media organizations are increasingly looking to the cloud to provide services of all kinds. Administration and business-related functions are today often handled in the cloud, while media services such as encoding, transcoding, editing and even playout are becoming realistic options. However, with cyberattacks a constant threat for all organizations, the adoption of cloud services requires specific steps to ensure the integrity and confidentiality of data and the reliability of services.
EBU R 146 consists of the Recommendation itself along with four annexes designed to offer practical guidance to organizations procuring cloud services. It should be read in conjunction with two other Recommendations, namely R 143, Cybersecurity for media vendor systems, software & services, and R 144, Cybersecurity Governance for Media Companies. For media organizations considering the deployment of systems, software or services to the cloud, R 146 recommends:
- following a communicated and accepted cloud adoption procedure that should be embedded into the corporate risk and enterprise strategy;
- achievement of a minimum Cybersecurity Maturity Level of three, as set out in EBU R 144; and
- adoption of the minimum baseline security recommended by R 143.
The document goes on to set out a series of steps that should form part of the cloud adoption procedure, among them the determination of the applicable regulatory framework and the performance of a final risk analysis. Some of the recommended steps are supported by the detailed annexes. For example, Annex C provides advice on conducting consistent and thorough assessments of cloud service providers, while Annex D provides a framework for the classification of data intended to be handled in a cloud environment.
Join the community
Chief Information Security Officers (CISOs) of EBU Members are encouraged to join and contribute to the Strategic Programme on Media Security, while others interested in this topic are invited to jour the Media Cybersecurity Forum.