Security

Prioritizing DAM Security from the Start: Addressing this Common Oversight in Vendor Selection

Learn how to prioritize DAM security with MediaValet. We help organizations safeguard brand reputation & prevent costly data breach incidents.
Jean Lozano

June 26, 2024

Jean Lozano

Chief Technology Officer

4 min read

b00cab8cde60c37cb7394147e5d59bb43144b1e3 1400x1280 2

I’m Jean Lozano, CTO at MediaValet.

Over the years, I’ve had the privilege of speaking with hundreds of our customers. What often emerges from these conversations is a pattern: DAM security tends to be initially overlooked in the vendor selection process, only to surface as a critical factor later in the sales cycle.

With this piece, I aim to highlight why a secure digital asset management system isn’t just important—it’s essential. Your business deserves top-notch protection, and I want to make sure you’re equipped with the knowledge to make informed decisions. This guide will delve into why security should be a central consideration right from the start of your DAM buying journey.

In this blog post we’ll cover:

The State of Data Security in the Digital Landscape

Our digital world is full of opportunities, but it also comes with significant challenges. With the surge in digital data due to cloud computing, IoT, and remote work, the need for robust security has never been greater.

Cyber threats are becoming more sophisticated and frequent. Just look at these recent breaches:

  • Pegasus Airlines breach: In May 2022, the airline had a significant breach due to an unprotected AWS S3 bucket, exposing 6.5 terabytes of sensitive data, including flight information and personal data of employees
  • MOVEit Transfer breach: In May 2023, the cybercrime group Clop exploited a vulnerability in MOVEit Transfer, affecting over 600 companies and exposing sensitive data of 40 million people
  • Dropbox breach: In January 2024, 26 billion leaked records, including Dropbox data were found. Considered one of the biggest data breaches ever, it highlights the vulnerabilities and potential risks for growing organizations considering an option that cannot provide true security.
  • T-Mobile API breach: In January 2023, T-Mobile faced a breach due to an API vulnerability, impacting 37 million customer accounts

These incidents highlight the devastating consequences of inadequate security, from financial losses to reputational damage. For instance, the global average cost of a data breach in 2023 was USD 4.45 million, marking a 15% increase over the past three years. Furthermore, cybercrime is projected to cost the world $23.84 trillion by 2027, up from $8.44 trillion in 2022.

As regulations tighten, businesses must prioritize security and compliance. There’s no excuse for anyone operating in the cloud to not take this seriously and make the necessary investments.

The Importance of DAM Security in the DAM Buying Process

Despite the critical need for DAM security, it often takes a backseat during the buying process. Many organizations focus on usability and scalability, forgetting to thoroughly assess security measures. This oversight can lead to significant vulnerabilities, as usability and scalability are important, but they do not protect against cyber threats.

Additionally, security is often not top of mind for marketers until a vendor selection process reaches the IT team. This delay in considering security can leave gaps in the evaluation process, as IT teams may uncover significant security deficiencies that were previously overlooked. Smaller organizations are especially susceptible to this risk because they often lack dedicated software oversight, increasing their vulnerability to cyber threats. These businesses frequently do not have the resources to invest in comprehensive security evaluations or the personnel to manage ongoing security needs.

For example, small to mid-sized businesses (SMBs) often fall prey to cyberattacks due to inadequate security measures. Studies have shown that over half of small businesses go out of business within six months of a cyberattack. Moreover, 70% of SMBs do not enforce multi-factor authentication, a critical security measure, and 43% of cyberattacks target SMBs specifically due to their weaker security postures.

These statistics highlight the critical need for integrating robust security evaluations early in the DAM selection process, ensuring that all potential vulnerabilities are addressed before they can be exploited. By prioritizing security from the outset, organizations can protect their data, reputation, and bottom line from the ever-growing threat of cybercrime.

Common Oversights when Buying a DAM
  • Focus on functionality: Buyers often become distracted by features over security.
  • Perception of low risk: There’s a misconception that DAM systems are low-risk targets.
  • Vendor assurances: Companies may take vendors’ security claims at face value without due diligence.
Consequences of Ignoring DAM Security
  • Data breaches: Breaches like Dropbox and MOVEit show the severe impacts of neglecting security.
  • Compliance issues: Non-compliance with GDPR, CCPA, and other regulations can lead to hefty fines.
  • Operational disruptions: Cyberattacks can halt operations, delaying critical projects or worse flat lining the business.

Integrating DAM Security into Buying Process

Ensuring robust security in your DAM system is essential to protect your organization’s valuable data from cyber threats. Here’s how to make security a central focus in the DAM procurement process.

  1. Security certifications: Look for vendors with certifications like SOC 2 Type II and ISO 27001. These certifications demonstrate that the vendor has met stringent security standards. SOC 2 Type II focuses on the operational effectiveness of security controls over a period, ensuring that your data remains protected. ISO 27001 is an internationally recognized standard for managing information security, highlighting a vendor’s commitment to maintaining robust security practices across their organization.
  2. Comprehensive security features: Ensure the DAM system includes encryption, access controls, audit logs, and secure data centers. These features protect data integrity, limit access to authorized users, track user activities, and safeguard data in well-protected physical locations.
  3. Vendor assessments: Thoroughly review vendors’ security policies and incident response plans. Understanding their approach to security and their preparedness for handling breaches will help ensure they can effectively protect your data.
  4. Ongoing security management: Choose vendors that offer regular updates and continuous monitoring. This ensures that the system is protected against evolving threats and that any unusual activities are promptly detected and addressed.

Secure Your Digital Future with MediaValet

Security isn’t just an option—it’s a necessity. Prioritizing DAM security in your buying process protects your digital assets, ensures compliance, and maintains operational integrity. By integrating robust security measures, you can confidently navigate the digital landscape and safeguard your business’s future.

MediaValet is the #1 in DAM security, making security a priority from the outset will help safeguard your organization’s reputation and prevent costly incidents in the future. Book a demo today to learn more about how MediaValetcan secure your digital assets.


Related Articles

Ready to see what the DAM hype's about?

Meet with one of our product experts

Book a demo

DAM Knowledge

4 CIO Priorities You Need to Know (and Where DAM Fits In)

In this post, we share the top priorities for CIOs in 2022 and how a digital asset management solution can help address them.

Jean Lozano

January 19, 2023

Jean Lozano

Chief Technology Officer

4 min read

b92ea26a29e326063c3ea570bcf56c458e60f75f 1400x1280 1

CIO priorities include implementing initiatives that are going to have the biggest impact on the business. As leaders in the IT world, CIOs are faced with the challenge of implementing and managing the right technology and processes to support all areas of the business. In a world where technology is constantly improving, adapting, and changing, this is no easy task.

Last year, CIO.com released an article sharing the top 8 priorities for CIOs in 2022 – many of which still resonate. Our takeaway? DAM could play a big role for CIOs leaning into some of these trends—and with good reason. Review the trends and see how DAM fits in.

4 CIO Priorities in 2023

While CIO.com covered 8 trends in their article, there were 4 in particular that stood out:

Trend 1: Optimize Digital Dexterity

One of the top priorities of the article is the need to improve digital dexterity. Specifically, the need to lean into technology that helps teams to streamline processes, even when working in a remote environment. As highlighted in the article: “The days when a team member could simply walk down the hall with an important contract and have a colleague physically sign it are over.” This thinking isn’t just limited to contracts. The “over the shoulder” way of collaborating and communicating is now much more limited. This emphasizes the need for new solutions and digital transformation.

Trend 2: Transitioning to The Cloud

Central to the topic of digital transformation is the need to commit to the cloud. The past three years have seen many organizations transition from on-premise solutions to the cloud—a trend that CIO.com anticipates will only continue to grow. In fact, even Steve Hagerman, CIO of Wells Fargo, shared that the organization will be moving to the cloud this year, despite operating in a highly regulated and security-focused industry. He expects the shift will result in benefits including “a more scalable workload, innovative practices, and an enhanced customer experience“. Those that fall behind on this trend risk being outpaced by their more agile competitors.

Trend 3: Double-Down on Automation

As the world moved to a work-from-home environment, many organizations were forced to accelerate their digital transformation to ensure that everyone could work efficiently outside of the office. With this in mind, it came as no surprise to see that CIOs are prioritizing automating redundant tasks and processes. Oliver Saucin, VP of Global IT Solutions at Computer Task Group, shared his insights into automating cost-inefficient processes to better position yourself to meet increasing business needs. He emphasized the need to prioritize areas where automation is already built into the solutions, in order to see faster proof of success.

Trend 4: Prepare for The Hybrid Workplace

While many have focused on enabling employees to work effectively from home, the next challenge for CIOs will be to address the hybrid working environment. Moving into 2023 and beyond, CIOs are addressing the needs of both those that are working in the office and at home, ensuring that tech and processes aren’t isolating or inconvenient. Just as important is ensuring that security remains high. Rahul Mahna, Managing Director of EisnerAmper, shares that the next phase will be creating hybrid environments that “function effectively and still facilitate secure platforms and delivery systems”. While the article focuses primarily on the impact of COVID-19 on employees ability to come into the office, the hybrid work environment is becoming a norm for many organizations.

How a DAM Can Help Solve CIO Priorities

Whether you’re remote, hybrid, or otherwise, improving processes and agility across teams is top of mind for CIOs. Using on-premise solutions, like servers and hard drives, to store your organization’s high-value assets (logos, images, videos, etc.) can significantly hinder your ability to work efficiently. Investing instead in a cloud-based digital asset management (DAM) solution can bring several benefits to your organization. Examples include:

  1. Access for Remote and Hybrid Teams: When your assets are stored in the cloud, they are available 24/7, regardless of where someone is located. This means your organization is able to lean into remote or hybrid work environments—or grow to multiple offices.
  2. Reduced Manual Processes: A DAM can help reduce some of the manual work from accessing the assets you need. No more requesting logos from the marketing team or asking your neighbor if they know where the latest document is. Everything is instantly available in the DAM.
  3. Automated Asset Discoverability: Relying on file names and folders alone can make it near impossible to find your assets. A DAM solution simplifies discoverability, allowing you to enhance your assets with keywords, custom attributes, AI auto tags, and more.
  4. Tailored Library Access: A DAM ensures users only have access to the assets that are useful for their specific role, location, or department. With custom user groups and permissions, it’s easy to tailor how each person can use the DAM (download, upload, share, etc.) and which categories they can access.

Learn More about MediaValet’s features

Benefits to The CIO

A cloud-based DAM brings many benefits to an organization. But it also has features that make it CIO-approved and friendly, including:

Enterprise-Level Security
A DAM offers enterprise-level security measures, such as triple redundancy, geo-replication, single sign-on, and more. These features ensure that your company’s assets are safe from loss due to human error or natural disaster. Some DAM vendors, like MediaValet, are even SOC 2 compliant.

Comprehensive Compliance
Many DAM vendors are compliant with common geographical and industry-related regulations. Plus, cloud providers, like Microsoft Azure, deliver a large set of compliance certifications and attestations and offer data residency in over 60 regions across the world.

Scalability
A DAM is able to scale endlessly and adapt to internal changes easily, as the organization grows and changes. Taking this one step further, MediaValet offers an unlimited model, allowing you to grow and change with minimal constraints.

Support and Training
A DAM vendor typically offers support and training as part of their solution, allowing the IT department to focus on other initiatives. MediaValet offers unlimited support and training to all customers.

Reduced TCO for Storage
A DAM reduces costs for storage hardware and removes the costs for upgrades, maintenance, and disaster recovery.

Learn more about MediaValet’s security

Prepare for Your Digital Transformation

If the CIO.com article made one thing clear, it’s that the time is now (if not yesterday) to invest in your digital transformation and, with that, your transition to the cloud. If your organization works with a ton of media assets, digital asset management should be your first stop.


Related Articles

What a DAM good read!

Fuel your DAM knowledge by browsing our Resource library

Build My DAM Knowledge

Product

Digital Asset Management Stakeholders: VP of IT

Here, we discuss the unique challenges and priorities of the VP of IT and show how a DAM initiative aligns with their goals.
Jean Lozano

January 14, 2019

Jean Lozano

Chief Technology Officer

4 min read

079c3a90c977c10940a849857bac831ce557ddac 1400x1280 3

Digital asset management initiatives usually involve multiple stakeholders representing different organizational divisions, such as creative, marketing, and IT. In this series, we’re highlighting some of the common stakeholders we see involved in a DAM project and discussing their unique challenges and priorities.

The VP of IT is usually responsible for overseeing all technology projects within an organization and making relevant changes to optimize the organization’s ability to meet their business goals, as well as reducing business risks or downtime. They oversee the research, development, and management of technology portfolios for each department, as well as audit and track existing technologies. Ultimately, the VP of IT implements and enforces policies and procedures to ensure all executed technology will improve business processes and increase user satisfaction.

In this section we will cover

Goals and Challenges of the VP of IT

The VP of IT typically focuses on these three primary goals to achieve marketing success.

VP of IT

1. Introducing technologies aligned with organization-wide goals

The VP of IT is accountable for corporate-level technology vision and implementation across the organization. In addition to finding solutions that align with budget requirements, the VP of IT also needs to prioritize technologies that will drastically improve business processes, increase organizational efficiency and provide a high return on investment.

The VP of IT needs to analyze which technology will best meet the organization’s needs today, and also scale in the future as the company grows and priorities change.

2. Ensuring systems meet security and compliance requirements

Typically, when individual departments are looking to implement new technology, they’re concerned with the functional components, like the usability of the platform, how features align with their use case, and available integrations. The IT department, however, is focused on critical, security-related components, like regional and industry compliance (HIPAA, FERPA, etc.) and organization-required security measures (SOC2, Single-Sign-On, etc.).

This means that in addition to meeting the functionality requirements, selected platforms need to meet IT’s security, scalability, and compliance requirements. They also need to conform to the larger organizational goals and roadmaps.

3. Increasing technology adoption and solution satisfaction

The IT department is ultimately responsible for the company’s employee and stakeholder efficiency and productivity. This means ensuring that implemented solutions are adopted to their full potential and any issues are resolved within the SLAs (service level agreements) established for the end users. It’s crucial for solution support, onboarding, and training options to align with IT’s expectations.

The VP of IT analyzes platforms based on their likelihood of achieving high adoption and meeting established SLAs, often prioritizing systems that offer their own comprehensive training and adoption programs.

VP of IT Impact on a DAM Project

While digital asset management projects typically originate in the marketing department, they still need to align with the organization’s overall infrastructure.

The VP of IT needs to evaluate how a DAM initiative will affect IT support SLAs, align with the overall technology roadmap, and impact departmental efficiency and collaboration.

Here are questions for the VP of IT to consider when making decisions about a DAM initiative:

1. Are marketing-related storage costs (media, content, photography, digital archive) growing faster than the IT budget, as large volumes of video and media content are consistently added?

2. Are IT and support team SLAs being stretched as marketing demands increase for new media format support, management, and sharing?

3. Do users have an optimal experience when previewing, sharing, and collaborating on business-critical content? Are there technology-related bottlenecks preventing users from being productive?

4. Is the total cost of governance increasing as new content and digital assets are being stored across personal storage and unverified cloud systems? What’s the impact of asset loss?

5. If the company’s digital assets contain sensitive information, are they managed and governed in a compliant manner? Are existing content storage systems compliant?

6. Do you have redundant digital files (videos, media, images, content, PPTs, PDFs) across multiple hard drives and storage? How does this affect storage costs?

7. Is there anything preventing the organization from using cloud-based solutions? Is there a preference for the type of cloud platform?

8. Which cloud platforms, AI vendors, and integrations best align with the overall IT strategy?

Benefits of a DAM to the VP of IT

When approaching a VP of IT with the benefits of digital asset management, it’s important to think high level. Here are some benefits to consider highlighting:

VP of IT 2

Enterprise-Level Security: A DAM offers various security measures, such as triple redundancy, geo-replication, single sign-on, and more to ensure that the company’s assets are safe from loss due to human error or natural disaster.

Comprehensive Compliance: DAM cloud providers, like Microsoft Azure, deliver a large set of compliance certifications and attestations, such as FIPS, HIPPA, FERPA, and ISO 27018, and offers data residency in over 40 regions across the world.

Scalability: A DAM is able to scale endlessly and adapt to internal changes easily, as the organization grows and changes.

Support and Training: A DAM vendor typically offers support and training as part of their solution, allowing the IT department to focus on other initiatives.

Reduced TCO for Storage: A DAM reduces costs for storage hardware and removes the costs for upgrades, maintenance, and disaster recovery.

This is the second of a three-part series highlighting common stakeholders you need to get on board with digital asset management. Don’t forget to also look at the priorities of the CMO and Creative Operations.

Here’s some other helpful content, to help you build the business case for DAM project across your organization:


Related Articles

Ready to see what the DAM hype's about?

Meet with one of our product experts

Book a demo

Product

CRYPTOMEDIA: Blockchain in the Digital Asset Management Space

See our CTO, Jean Lozano’s, thoughts on blockchain and how it will impact the digital asset management industry in the future.

Jean Lozano

December 18, 2017

Jean Lozano

Chief Technology Officer

5 min read

d2a325ff72c3e721466629296afea4367e23e47f 1400x1280 2

As a CTO, I evaluate emerging technologies that have the potential to massively transform or disrupt the industry that we are in. So, I try to gain a comprehensive understanding of the technology, look at how various industries are adopting it, and determine if it can provide a significant competitive advantage for our company. If the likelihood of transforming or disrupting the industry is high, then a strategy needs to be formulated to leverage the technology in a manner that quickly brings value to our customers and the market overall.

Let’s take the advent of cloud computing as an example. Eight years ago, we determined that cloud computing would change the Digital Asset Management (DAM) space by radically reducing the cost structure while materially increasing security, redundancy, and accessibility. We explored our options in cloud infrastructure and figured we could develop a cloud-based SaaS offering that had unmatched scalability, reliability, and resiliency. We asked ourselves – “What is our cloud strategy?” After looking at the DAM market and our options for delivering a cloud-based DAM system, we decided to adopt the Platform-as-a-Service (PaaS) cloud offering, Microsoft Azure, as it was being developed to cater to the enterprise market. This decision was a landmark point in our history as it not only allowed us to focus on building and operating the best software we could – and not waste resources on maintaining and supporting IT infrastructure, but it also gave us a major competitive advantage that continues to this day. We have executed our cloud strategy as planned and we are continuing to build on it each quarter.

Blockchain and the Future of DAM

Blockchain is perhaps the next technological marvel after cloud computing that has reached significant levels of adoption and has raised substantial interest not only in consumer-based applications but for the enterprise as well. Enterprise-class blockchain technologies such as Ethereum, Corda, and Hyperledger have grown rapidly in support and adoption over the past 12 months. The Ethereum Enterprise Alliance was formed earlier this year with members such as Microsoft, Banco Santander, National Bank of Canada, ING, and Cornell University’s research group; Corda was developed by R3 and 80 of the world’s largest financial institutions; And, Hyperledger was spearheaded by IBM and is supported by well-known technology companies such as Intel and Oracle and financial services firms such as JP Morgan, ABN AMRO and Wells Fargo.

A new wave of blockchain technologies has introduced the concept of Smart Contracts and is now being referred to as Blockchain 2.0. Just like we saw the future of the DAM space changing with the emergence of PaaS cloud computing, I believe that Blockchain 2.0 will herald a new era for DAM.

The Internet of Value

At its core, blockchain is a secure, decentralized, and distributed ledger system that records transactions across many computers. The validity of a transaction is determined by the consensus of the various computers or nodes in the network instead of having a central trusted or official record. These transactions represent value being transferred from one entity to another. Because of this, several thought leaders have coined the term “Internet of Value”.

Digital assets possess value and they are used as a medium of exchange. Cryptography is used to facilitate and secure these transactions. Hence, cryptocurrency, one form of digital assets, has become a buzzword in the financial services industry. When people talk about blockchain, it often gets associated with FinTech because of cryptocurrencies like Bitcoin. However, FinTech is not the only industry that blockchain will affect in the future.

For example, the creative services industry also deals with digital assets that carry value, media assets (i.e. photos, graphics, videos, audio, etc.). Intellectual property ownership and attribution establish value for media assets and Blockchain technologies can be used to verify the transfer of ownership of media assets or even just the right to access and use such assets. With the introduction of SmartContracts in BlockChain 2.0, I believe various types of supply chains in almost every conceivable vertical, not only in FinTech or MarTech, will be massively disrupted in the very near future. Imagine the possibility of having computer protocols facilitate, verify and enforce the execution of contracts in all buyer-supplier relationships.

Blockchain in the Media Asset Lifecycle

As I have come to realize over the last few years in serving our customers, digital asset management systems (DAMs) go well beyond ingesting, cataloging, securing, storing, transforming, sharing, and retrieving media assets. DAMs have evolved significantly and now, in many cases, facilitate the management of the entire lifecycle of digital media assets – from womb to tomb, from media asset creation to archival. In every stage of the lifecycle, the ownership and attribution of the media assets may change. This is where Blockchain technologies come in.

To illustrate this point, here’s a simple example: When a company commissions a photo shoot, the photographer may submit 100 photos of which the company has paid to only select and purchase the rights to 10 images. Until the images are selected and purchased, the ownership of all 100 images belongs to the photographer. Stored in the photographer’s cloud-based media library, the buyer will log in and selects the photos from the shoot that they want to purchase. Upon completion and approval of the selection by the photographer, the selected photos will be transferred to the company’s media library and SmartContracts record and facilitate the transfer of ownership and the agreed-to rights.

During the content creation process, it’s not unusual for multiple parties to be contracted by a company to deliver a single piece of content and SmartContracts will allocate the shared ownership rights amongst the various creators of the content. For example, in a video production for an ad, the company can hire a director, videographer, crew, modeling agency, etc. SmartContracts can be used to allocate and enforce the stake of each content creator in the production of the content.

In the case of companies that own content, they can easily transfer ownership of their content to other parties using SmartContracts in the same way. For example, a digital agency or a video production outfit can decide to sell content that they own to another company. They can also decide to license content to another company that publishes or distributes the content. These transactions, the transfer or sharing of rights between parties, are all recorded and executed using SmartContracts on a Blockchain network.

What’s Next?

There are three types of Blockchain networks – Public, Private, and Consortium. Public networks are completely open and anyone can join and participate. Private networks are typically used by companies for internal purposes within business units with known participants. A Consortium is a partially decentralized network where participants are known to the members of the consortium and the consensus process is controlled by a pre-selected set of nodes in the network.

The massively transformative vision for Blockchain in the DAM industry is for content distribution to be decentralized and democratized in a public blockchain network where creators of media assets can publish, broadcast, and distribute their work and get compensated for the value they generate. This, however, at this point in time, is more of a moonshot than a bankable strategy. I think, what we need right now, is a federation of digital asset media libraries that can serve as a distributed and decentralized ‘system of record’ for digital media in an enterprise Blockchain ecosystem. This will establish concrete media asset ownership rights and attribution for media assets as a first step before we tackle the much larger and more complicated content licensing and distribution space.

blockchain

Our first step towards this future is anchoring MediaValet’s Blockchain strategy on Ethereum. Using SmartContracts and cryptlets on an Azure-based, enterprise-class, blockchain consortium network, we will allow tenants within the MediaValet digital asset management platform to participate. Once achieved, we’ll open up membership to other platforms that are considered “systems of record”.

With the pending release of Microsoft’s new Coco Framework for enterprise blockchain networks in early 2018, my team and I will be among the first to evaluate its promise of more performant throughput, more flexible confidentiality models, and more distributed governance. If these prove true, our timeline of how quickly blockchain will affect the DAM space will shorten dramatically.

We believe blockchain will have a major impact on the future of the DAM space, and we plan, as we are doing with many other new technologies, to be amongst the vanguard to commercialize the technology.

To learn more, check out our brochure “How to Leverage Blockchain in DAM


Related Articles

Ready to see what the DAM hype's about?

Meet with one of our product experts

Book a demo