TVN Tech | Engineering + IT + Security = Collaboration Roadmap
Broadcasters working their way through a long migration from hardware to software in their technology infrastructure have complained repeatedly about a lack of communication between their engineering and IT teams.
Television’s engineering community, long known for its round-the-clock devotion to keeping high-quality video and audio on the air, have little use for IT teams asking to shut down parts of the workflow in order to scan for potential security breaches.
IT teams, often charged with security and called upon to help with the IP transition, don’t have enough access to engineering teams and often lack a basic understanding of television production and distribution technology.
Technology vendors can get caught in the middle, particularly when responding to RFPs. Too often, they find themselves trying to fill out long, generic security questionnaires that don’t have much relevance to the technology being considered. This slows the process of creating a meaningful proposal.
The issue of increasing collaboration between engineering and IT comes up annually at TVNewsCheck’s Cybersecurity for Broadcasters Retreat. The most recent CBR, in February, featured participants from TV’s engineering, IT and security communities. They developed a roadmap of recommendations for solving the problem.
For security reasons, TVNewsCheck is publishing it here without reference to the people who created it or their companies.
Co-Locate Engineering And IT
- Locate engineering and IT teams in same shop
- Structure management of both teams to work closely together
- Have both groups represented on projects
Frame The Relationship As A Partnership, Not A One-Way Street
- Both teams are in this together, working for the same goals
- Work together on vendor engagements to leverage expertise of both sides
- Create cross-team backups for essential roles such as network, SEP or AD admins
Create Specs And RFP’s Jointly With Input From Creative, Engineering And IT/Security
- IT/Security requirements are just as important as editorial/creative features and engineering requirements. It’s important to Include input from all three groups as core information in an RFP
- Continuously discuss trade-offs and aim for a balance of functionality in the creative, engineering and IT/security triad
- Agree to internal compromises before the RFP is issued and set expectations
- Evaluate responses and agree to the selection with input from all three perspectives
- Performance of the product or service should be evaluated from all three perspectives before final acceptance
- Do not introduce IT/security requirements as an afterthought. This is not productive.
Acknowledge This Is Difficult
- Years of habit make this a difficult change
- Inertia in the industry means media companies don’t always have vendor support. Team up to win this fight.
- Engineers may feel a loss of control. Acknowledge this.
Vendor-Broadcaster Partnerships Are The Future
- This requires creating what is essentially a four-way partnership (creative, engineering, IT/security, vendor)
- Lack of internal synchronization (e.g. engineering and IT/security) is just as bad as a lack of sync between creative and the vendor
- Don’t point fingers – don’t allow a vendor to be “blamed” for new, more stringent internal security requirements
- Be mutually supportive
Empower Engineering To Embrace The Change
- Make them admins for security measures that impact their air-critical systems
- Educate them on traditional IT disciplines
- Segregate the network as necessary
- Make security a point of pride rather than a bone of contention
- Invite engineering into CAB and other IT teams
Reinforce The Change: Continuously Remind Why We Are Doing This
- Security makes it hard for engineers to do their job. We have to demonstrate its necessity
- Make direct connections from their work to how risk is mitigated
- Use structured change management to create awareness and desire
Keep Vendors Abreast Of Changing Security Requirements
- Make new IT/security requirements known to vendors so they can gracefully evolve their products and services
- Share preferred test procedures and methodologies with vendors so they can be replicated in their own labs
Do you have suggestions for this roadmap? Please email them to [email protected]