WebBar for Jigsaw Article
Blog

What is the TPN+ platform

October 24, 2023

And what does it mean for content security in the cloud?

This piece was originally published on the Jigsaw24 Media website.

Everyone’s heard the horror stories. The cautionary tales about some of the biggest titles across film and TV, from Hulk to Wolverine and Game of Thrones, and how they fell foul of security protocols. Keeping content secure against leaks, breaches and hacks is a perpetual challenge for the media and entertainment industry and, increasingly, for content creators working with confidential corporate information. But when the way video content is produced is completely revolutionised almost overnight (ie: when a pandemic drives the mass adoption of cloud-based workflows) it can leave even the most up-to-date security protocols playing catch-up and potentially put content at risk. It’s not all doom and gloom though – if security concerns have previously prohibited you from signing up to cloud services, we’ve got some good news…

The organisation widely recognised as the gold standard in global film and television content security now covers cloud and application workflows. And some of the most recognised names in the content production business have already been certified as early adopters. With Jigsaw24 Media partners LucidLink and Adobe being among the first providers of cloud services to adopt the recently launched TPN+ platform, we thought it may be useful to provide a bit of background about the TPN and why you may want to consider joining – whether you’re in the business of creating content or supporting those that do.

What is the Trusted Partner Network (TPN) and what do they do?

The TPN is a global programme, owned and operated by the Motion Picture Association, that aims to unite content owners, services providers and assessors to avoid leaks, breaches and hacks of content. Originally established in 2018, the organisation curates a single benchmark of Content Security Best Practices, runs an assessment programme against these best practices to determine a service provider’s security status and provides a registry of “Trusted Partner” service providers that content owners can use to identify suppliers whose processes meet their security requirements.

Why is the TPN considered the ‘gold standard’ in film and TV content security?

The Motion Picture Association member companies are some of the top names in entertainment and include Netflix Studios, LLC; Paramount Pictures Corporation; Sony Pictures Entertainment Inc.; Universal City Studios LLC; Walt Disney Studios Motion Pictures; and Warner Bros. Discovery Inc. The MPA has managed content security assessments for these industry leaders for more than three decades and originally set up the TPN along with the Content Delivery and Security Association.

So, what’s changed?

Until recently, the TPN programme only covered physical security assessments of things like cameras and locked doors. Cloud and remote workflows weren’t part of their Content Security Bast Practices or assessments. However, in February 2023, they responded to the changing media landscape by launching an enhanced programme that includes application and cloud security assessments, a new membership model, and the TPN+ platform. This means that service providers are now able to provide studios, broadcasters and other content owners with industry-recognised evidence of your commitment to, and compliance with, content security best practices – across on-prem, WFH and cloud workflows.

Is the programme only suited to big organisations?

Not anymore. The new tiered membership model means that fees for service providers are now linked to revenue, making the programme accessible to a much wider range of content creators and service providers. For example, self-employed membership fees are only $250 a year and organisations with an annual gross revenue of $5-10M will pay $5K per year. This membership allows service providers to centrally share your security status with multiple content owners through your listing in the searchable TPN+ registry.

What are the levels of content security and how are they assessed?

Service providers can qualify for TPN Blue or Gold Shield status. Both are assessed against the TPN’s Content Security Best Practices, but the Blue Shield status is achieved through self-reporting while the Gold Shield status requires an assessment by an accredited third-party. The platform now also offers members the ability to include non-TPN security certifications (such as ISO 27001) in their TPN+ listing.

Who has already signed up to the TPN+ Platform?

It’s hard to say because the TPN+ platform is only accessible to members and only searchable by content owners. However, some of the early adopters of the TPN+ platform include Adobe and Frame.io, DNEG, LucidLink, RightsLine, SDVI and Zoo Digital.

While the pandemic may have accelerated the adoption of cloud workflows, this isn’t the first step-change that the industry has seen, and it certainly won’t be the last. The nature of content creation and the ever-evolving workflows involved means that content security processes will always be a work-in-progress. It helps to have an industry standard to work towards, but organisations like the TPN will have to constantly reinvent themselves and their assessments to keep pace.