Everyone, it seems, is doing it – shifting cash outlay from capex to opex by migrating to the cloud. Those who make the leap to cloud computing see significant benefits. Migrating away from on-premises deployment environments, though, is not an idyllic yellow-brick road of scalability and cost savings. In addition to requiring a new way of doing things for the IT staff, cloud computing security, with its inherent highly interconnected ecosystem, comes with unique considerations.

This is particularly true for the media and entertainment industry where the attack surface is magnified by the sheer number of individuals making digital contributions and the dependence on third-party vendors, from original media acquisition to distribution and delivery.

Migrate to Cloud Computing Security

The media and entertainment industry is under intense market pressure from customers demanding more streaming, greater access over mobile devices, and anytime availability. Moreover, the media industry is seeing a significant shift in its revenue streams from traditional to internet-based sources.

As a result, media companies need to create more content, deliver it to market faster, while ensuring high quality throughout the process. The business realities in this changing environment demand that companies expand into a global digital marketplace where they will face additional competitive pressures – and yet they must still control their costs and find a way to focus on their core competencies.

Migrating to the cloud offers companies significant advantages in a highly competitive, demand-focused marketplace, including:

  • Pay-as-you-go processing and storage to keep costs to a minimum;
  • The capacity to dynamically scale computing and storage based on changing needs;
  • Highly flexible output and data transfer capabilities that adjust with unpredictable customer demand;
  • Increased agility, automation, and collaboration with vendors and partners to shorten the time to market for new content; and
  • An instantaneous global availability without the need to commit to massive infrastructure builds

However, along with the numerous advantages to the cloud come certain new threats and risks associated with a highly interconnected cyber ecosystem and rapidly evolving cyber threats landscape. Media companies and workflows are attractive targets for both financially motived and state-sponsored attackers.

If the benefits of the cloud are to be fully realized and maintained, the media industry must migrate to cloud computing security. Securing a media production end-to-end requires taking a “big picture” view of the workflow and the required IT ecosystem. Because of the inherent complexity of producing media, gaining a “big picture” view of the end-to-end security picture requires enterprise threat modeling.

 Understanding the End-to-End Workflow in the Cloud

From a high perspective, media production and distribution can be broken down into 8 major workloads:

  • Content acquisition – including capturing source content, encoding, encrypting and transferring content;
  • Post-production work – including visual and special effects, editing, and rendering;
  • Digital asset management and archiving – to store the studio’s work including tagging content and adding metadata;
  • Media supply – including moving the mastered content, quality control, and delivery to various outlets;
  • Over the Top – a digital content outlet providing live feeds and streaming content. Most consumers are very familiar with this segment’s major players including Netflix, Amazon Video, and the BBC;
  • Playout and Distribution – Another digital content outlet providing streaming via direct connect. Discovery Communications is an example of such an outlet.
  • Digital Publishing – aggregation and streaming of published content; often used by digital magazines and newspapers; and
  • Analytics – including the analysis of viewing data and social media feeds to predict user behavior and other outcomes.

Cloud Computing Security

Threat Modeling for Cloud Computing Security

From the above high-level architectural diagram of the major media workflows, we can build an end-to-end threat model that will identify and prioritize the cloud computing security issues faced by the media and entertainment industry.

Cloud Computing Security


The above threat model identified 540 potential threats and 460 security requirements across the eight major media workflows when deployed to the cloud.

In this threat model, each container group (i.e. Acquisition, Post Production, and so forth) corresponds to one of the major media workflows identified in the AWS diagram. Each group is representative of an independent cloud deployment instance in as much as each workflow may be assigned to one or more independent third party vendors. The above threat model diagram shows the entire media workflow from original content acquisition at the upper left corner to distribution and analytics.

User connections are represented in the above threat model diagram with the User Connection group in the lower left corner. Connections to the any of the cloud deployments may be made through a user’s desktop or laptop computer or any number of IoT devices – each of which is represented by nested threat models. ThreatModeler allows for the inclusion of previously completed threat models as architectural components into any other threat model.

The computing endpoint may connect directly to the AWS cloud through the Internet. IoT devices may connect either through a telecom network or through a satellite connection – both of which are also represented by nested threat models.

In addition to the security issues of users connecting to the cloud, specific cloud computing security issues are identified by the AWS Cloud icon representing potential configurations of any one of the media workflow deployment environments.

If you would like to learn more about how enterprise threat modeling with ThreatModeler can help you develop better cloud computing security, then schedule a live demo today!


ThreatModeler revolutionizes threat modeling during the design phase by automatically analyzing potential attack surfaces. Harness our patented functionalities to make critical architectural decisions and fortify your security posture.

Learn more >


Threat modeling remains essential even after deploying workloads, given the constantly evolving landscape of cloud development and digital transformation. CloudModeler not only connects to your live cloud environment but also accurately represents the current state, enabling precise modeling of your future state

Learn more >


DevOps Engineers can reclaim a full (security-driven) sprint with IAC-Assist, which streamlines the implementation of vital security policies by automatically generating threat models through its intuitive designer.

Learn more >