Eurofins exploits certification to dominate media cybersecurity

Quality assurance firm Eurofins Digital Testing continues to be one of the most underappreciated vendors in the media landscape, with one of the most active R&D departments on the planet. The latest product hot off the Eurofins innovation press is a dedicated media cybersecurity framework – which threatens to shut out competing cybersecurity players at the gestation stage.

Eurofins’ Cybersecurity Framework: Media Edition technology is being offered as a suite of supplemental cybersecurity services to the Committed to Security program operated by the DPP – an organization creating technical specifications and recommendations for meeting business needs of the media industry.

Stay with us, it gets better. The DPP’s technology strategy is built on four pillars – versioning, automation, delivery and security. The latter birthed the Committed to Security program in 2017, which allows all production and broadcast suppliers – including vendors, service providers, facilities and more – to demonstrate cybersecurity best practices through a self-assessment questionnaire which is then reviewed by Eurofins. The newly launched cybersecurity framework is an evolution of this project, where Eurofins not only assesses and validates checklists, but directly offers cybersecurity services to companies in the process of DPP certification.

However, as an organization built on promoting and encouraging interoperability, it comes over as hypocritical then to push a proprietary cybersecurity framework to companies striving for certification. “Common specifications are vital, but alone they are not enough to deliver true business benefit,” states one of DPP’s mottos. After contacting Eurofins for comment, the company confirmed what we already assumed, stating “media companies and DPP members can certainly choose to work with other cybersecurity companies if they choose.”

It gives Eurofins first pick from the pool of 400 potential customers in the existing DPP membership list (although we’re sure many are already customers), as well as access to companies in the process of receiving DPP Committed to Security certification. A few standout names include BT Media and Broadcast, CenturyLink, DAZN, Microsoft and Telstra.

That’s isn’t to say offering the media flavor of Eurofins’ cybersecurity framework via the DPP is a negative for the industry. It boasts a range of services including threat analysis, OTT platform penetration testing (infrastructure, apps and device-based), compliance audits, security monitoring, security testing for TV software, and finally, e-learning courses to keep staff up to scratch.

Another advantage for Eurofins is that its media cybersecurity services were developed based on learning from appraisals and results gathered from DPP members, enabling it to develop a customizable set of tools for testing cybersecurity effectiveness. Where necessary, Eurofins says it can take remedial action to reinforce existing cybersecurity structures.

Eurofins’ pincer effect on a specific area of broadcast security reflects the convergence between general cybersecurity and the more specific revenue protection that has long been employed by pay TV operators. As underscored in last week’s issue, this has risen up the agenda over the last two years and featured prominently at the recent IBC.

As a result, the traditional CAS players have recognized this convergence. Inside Secure for example bought Verimatrix and we have also observed more synergy between the respective departments at Kudelski’s Nagra. It has led to broadcasters’ organizations such as the EBU (European Broadcasting Union) developing recommendations, raising consciousness and conducting tests – and now one of the industry’s best-known QA testing companies has entered the scene. Eurofins has long been active in the cybersecurity space, in the realms of managed IT services, compliance and awareness training, not in the business of providing cybersecurity frameworks directly to media companies.

Even with its impressive R&D engine, Faultline in the past has experienced some truly uninspiring visits to Eurofins at trade events. Unfortunately, Eurofins suffers from a level of marketing-phobia that is high even for a company with roots deep in the fields of QA testing and cybersecurity, technologies often swept aside at major events by sexier innovations. And you can bet Eurofins doesn’t care one bit.