Godzilla vs. Kong may be an epic match-up, but it’s nothing compared to the ongoing battle between infosec professionals and emerging cloud-based threats.
Dan Meacham knows all about such titanic challenges, as the vice president of global security and corporate operations and chief information security officer/CSO at Legendary Entertainment, the production company behind Godzilla vs. Kong and other popular films such as The Dark Knight and Jurassic World.
As a cloud-first organization, Legendary must be able to securely manage its online digital assets, and for the last half-decade Meacham has developed and perfected a user-central security model – the key tenet of which was devising an identity and access management system built around trusted users and devices.
“I cannot do zero trust at all,” Meacham told SC Media. Because “if I don't trust anything, then how do I give anybody access to the environment?”
Instead, Legendary verifies the authenticity of users and allows them access based upon the identification of trusted devices, IP addresses and user locations when they first log in to a system. If they can pass this authentication process, then they don’t even need a password to log in.
If however, you log in from an unknown device or an unusual location not normally associated with your user identity, “then we scale back what things you can do,” Meacham continued. For instance, “maybe you could check your email in the browser, but you can't sync the email to the mail application... You can't download any other corporate applications obviously because you can't have access to the catalog.”
The ability to operate in the cloud safely became even more crucial once COVID-19 struck and employees increasingly had to work from home. Meacham’s architecture allowed the company to ensure the secure editing of projects anywhere in the world via the cloud. And as the chairman of the Technology Committee for the Cloud Secure Alliance, Meacham has promoted these protocols as an industry standard, helping fellow film and TV companies establish a secure methodology for remote editing.
“The transition for corporate users was seamless, and users had the capability to expand their circle of trust without impeding their workflows of sacrificing security for convenience,” reads Meacham’s nomination from email security firm Avanan.
Meacham further secured work-from-home protocols by guiding Legendary’s post-production team and security teams in the development of workflow guidelines, creating in a matter of two weeks a WFH model that could be shared internally and across the industry.
Meacham, whose background includes health care IT, even helped to implement a system for employees to answer health questions and then receive a notification informing them if they were safe to enter production for that day.
Over his 25-plus-year career, Meacham has held prominent IT security roles in such organizations as Trident USA Health Services and Aramark Uniform Services. He has long been a proponent of negotiating vendor contracts that pay an extra dollar per unit, and then placing those supplemental funds in a pool to help pay for the security of not-for-profit and underprivileged organizations. He is still striving to encourage industry-wide adoption of this practice.