20th Century Fox reduces risk of film leaks by standardising file transfer systems

The task of keeping up with employees' file transfers via public clouds is "getting more and more complex"

Twentieth Century Fox, one of the world's largest film companies, is considering upgrading its file transfer system to protect against hackers.

Increasingly, the film company's employees are using email and public clouds to send files to their own devices so that they are able to work away from the office - risking leaks of pre-released material, including films, trailers and posters.

To improve the security of file transfers, the company is therefore encouraging all its employees in Europe to standardise on one private cloud system that has been in place at Twentieth Century Fox for a year, GlobalScape's EFT (Enhanced File Transfer).

Baji Patel, director of infrastructure and technology at Twentieth Century Fox, said: "We might receive a Photoshop file sent over one of our internal systems, about 2GBs in size. Our local teams will customise it for the European market with a local creative agency. But how do you get it from the Fox office to the agency? Is their system secure? We typically use EFT to send these materials back and forth until they go to the printers. It's more of a point-to-point rather than storage."

According to Patel, the EFT system is "very easy to use" and "you can either log into an account or send it anonymously, so that was quite a big win."

Over the last five years, the availability of free public clouds and email transfer services has put pressure on the company's infrastructure to support and secure these systems and solutions were becoming "more and more complex".

While using EFT is preferable for the company, for its auditability features, Patel said that staff often uses public cloud file transfer services for film trailers and posters only, which is less of a concern as leaks of this material would be "just more publicity" for a new film.

He admitted to using Dropbox on a PC himself "for a time" because "there was nothing else that did what Dropbox was doing at the time". However, where possible, the company "names and shames" employees who download material via public clouds that breach the security policy, and asks them to delete the public cloud-based app.

Twentieth Century Fox also uses the file transfer service Hightail, formerly YouSendit, after the company's LA-based headquarters signed a deal with the provider for unlimited storage of large file transfers. It encourages staff who have previously used other public clouds to use Hightail, although it still prefers the GlobalSCAPE system to be the primary tool, because file transfers can be tracked.

"I'm not sure really how many people are using YouSendit - GlobalSCAPE are the only people that I can pull a report out with to see how many GBs of data have been transferred and by whom - I don't get any stats from the others," Patel said.

Tied into various clouds

As well as Hightail and GlobalSCAPE, Twentieth Century Fox uses Microsoft OneDrive for cloud storage. This was partly due to employee demand.

"A number of users started saying to me 'there are Microsoft office apps for the iPad - can I pull files from my Hightail account and open them from my iPad?' After looking into that we have found that while you can have the ITIL app on your iPad and you can open files in Microsoft Word. If you want to save your file, Microsoft has very cleverly has tied you into OneDrive," Patel said.

As a result, the company is now supporting a variety of cloud systems, which Patel admitted was getting "a bit too complicated" for users to understand when they can use which service.

He said: "If we can we can integrate all these functions with GlobalSCAPE it would make sense, so that users can get to their files, wherever they are, in a secure manner."

Join the CSO newsletter!

Error: Please check your email address.

Tags securitycloud computinginternet

More about DropboxGlobalScapeHightailMicrosoftTwentieth Century Fox

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Margi Murphy

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place