Winter is coming. Protect your content kingdom

The struggles that HBO is facing are prime examples of a breach of confidentiality by a trusted user or group who bypassed multiple security controls to leak sensitive intellectual property

fivetotry nov20 gameofthrones

Like many of my high-tech colleagues I am an avid Game of Thrones viewer. However, its appeal is much broader. The series is set in a historical fictional medieval world made of seven kingdoms, all struggling for power in a tense battle between good and evil. No character is safe, and this unpredictably delights audiences by keeping them on their toes not being able to guess what comes next.

In fact, Game of Thrones shattered HBO’s viewership record with more than 10 million global fans tuning in for its season 7 debut in July. No doubt this record-breaking show is the crown jewel of HBO and guarded like Fort Knox, right?

As a published author on articles on content governance and analytics, my interest piqued as I learned about HBO’s data breach of Game of Thrones. How relevant to my recent article, “Think you can’t be breached? Think again,” where I discuss how 57 percent of breaches are internal and the steps companies can take to better protect themselves.

While most of them are from well-intended employees, the malicious insiders are more dangerous and costly to operations (per New York State Security Breach Reporting 2006-2013). Why? A malicious insider is rarely monitored and knows the location of the most valuable content, so the potential damage exceeds that of the external hacker.

In addition to the external hackers demanding in excess of $6 million, multiple insider breaches followed causing irreversible damage by leaking episodes of Game of Thrones before they broadcast, all at the hands of inside affiliates. Four employees or former employees of Star India, which has the rights to air the series in that country, have been arrested for stealing episode 4. Separately, HBO accused its third-party Nordic and Spanish distributors for an error that caused the sixth episode to be leaked before its broadcast.

The struggles that HBO is facing are prime examples of a breach of confidentiality by a trusted user or group who bypassed multiple security controls to leak sensitive intellectual property.

The first step to better protection is knowing what and where your most valuable content is—or for Game of Thrones, your most valuable kingdom. Like kingdoms, not all content is created equal. Would you place more emphasis guarding Eastern Essos or King’s Landing? King’s Landing, the royal capital of Westeros, has rich and fertile lands, has access to the sea, and is home to the Iron Throne and ruler of the Seven Kingdoms—an obvious target for conquest.

Similarly, would you place equal resources on marketing collateral leads as you do core intellectual property, contractual obligations, and regulated content to comply with Payment Card Industry (PCI) standards or the Health Insurance Portability and Accountability Act (HIPAA)? Do you treat them differently? You should.

What is your King’s Landing? Can you draw its map along with its valuable content to protect it with a wall?

Once you do, don’t be too busy fighting hackers that you forget about insiders. In Games of Thrones, the kingdoms are so busy fighting each other on one side of the wall that they ignore a much more dangerous threat to them all: the white walkers.

You can’t fight the white walkers alone—you must know your enemy and have the weapons to protect yourselves. Jon Snow knows the dead walkers, but did not have the weapon. Daenerys Targaryen has the dragons and the dragon stone, but did not know the enemy. The answer to safeguarding the kingdoms has got to be a teaming of these two beloved characters.

Similarly, business owners and managers understand the value of the data and are in the best position to assess preferred measures to “prepare for combat” such as training employees on procedure. IT provides visibility and weapons but is not intimately familiar with access entitlement nor equipped to prioritize the business value of content.

Once winter comes, you need to be ready for the battle with all your resources. IT together with the business owners, complete with an arsenal of tools and processes ready for the ongoing battle. You will continually need to refresh your strategy and perform ongoing training as your ecosystem of employees, suppliers, and distribution partners changes over time.

Even with careful planning, well-intended employees can and will mishandle data such as moving a confidential file to a folder unaware that a colleague has shared this folder with an external party. Thank goodness for the night watch to continuously monitor threats, and in our IT context all will sleep better knowing that a real time ongoing alerting system detecting abnormal behavior is in place and can take action immediately.

Perhaps HBO should have approached data governance the same way it thought about Games of Thrones—hopefully it will for the next season. The only difference between Games of Thrones and content governance is that for Games of Thrones I don’t want a spoiler whereas for content governance I would rather see what’s coming and know the end of the story (hopefully, it is a happy ending).

This article is published as part of the IDG Contributor Network. Want to Join?