21st Century Fox is on a mission to secure its industry-leading content that delights 1.8 billion subscribers on six continents. Providing creatives with the tools they love, while ensuring they have the right level of access at the right time, is key to producing and protecting that content.
A zero-trust approach
21st Century Fox collaborates with a large network of users across multiple touch points. The Global CISO realized that its perimeter-based security was no longer the best way to secure and authenticate access for the company’s 30,000 employees and thousands of partners. It needed a zero-trust environment that would keep users—and their credentials—protected and secure, no matter where they’re working.
21st Century Fox believes strongly in choosing the best possible tools for its creative employees and partners rather than taking a monolithic approach. To reduce its identity sprawl and gain better visibility, 21st Century Fox adopted a number of Okta products, including Single Sign-On, Universal Directory, Lifecycle Management, and Adaptive Multi-Factor Authentication.
Now, 21st Century Fox has a clear view into user activity, and is able to consider each user access request based on the context of the user, app, device, location, and network. The company is able to easily onboard and offboard employees and contractors, which ensures there are no security gaps. And for users, the experience is so seamless it’s practically automatic.
Okta was key to accelerating our evolution to a zero trust model. This was the identity plane where we could introduce so much of the control that we needed to have in order to assess who a person is. So it was actually a way to accelerate our thinking around zero trust.Melody Hildebrandt, Global CISO, 21st Century Fox
Securing an intricate environment
The technology landscape is constantly evolving, forcing businesses to perform a three-ball juggling act that involves providing customers with the best possible products, delivering delightful customer experiences, and ensuring all data is accessible, yet secured. No business is immune, and with more than 1.8 billion subscribers across six continents, 21st Century Fox is no exception. Yet, the company continues to react to all of these changes with speed and precision, landing it the first “Media Company of the Year” Webby, and winning them 1.8 billion subscribers across all assets.
Keeping customers in 141 different countries happy with the quality and convenience of their content has been key to this achievement. But the work is complicated by the highly intricate nature of 21st Century Fox’s technology infrastructure.
“There are a variety of channels we need to protect,” explains Melody Hildebrandt, Global CISO at 21st Century Fox. “How do we get the film to the theater securely for the initial release? How do we deliver content to a variety of streaming platforms? How do we broadcast live to consumers? All of these channels could be disrupted. And I think what we've seen in the past few years is that media is increasingly a target for those that would seek to disrupt it, particularly as content becomes more valuable and media companies are seen as a target worth exploiting.”
Of course, security has always been a major consideration at 21st Century Fox, but a couple of years ago, when another major studio was attacked, the company’s drive to strengthen security took on a new sense of urgency.
The company had all the usual perimeter-based security pieces in place, from firewalls to antivirus software. But when the other studio was breached, Hildebrandt had just joined 21st Century Fox as CISO, and she knew that to truly protect against and mitigate the effects of a possible breach, its security infrastructure needed to modernize.
“The way that people work is changing, and the way that we can best deliver technology to users is changing,” she says. "Mobile and digital collaboration began to break the perimeter model, and then the cloud transformation had the same effect. Those two forces really forced us to come to a reckoning, which is that our whole security model needs to shift to recognize that our previous planes for security are no longer effective.”
Never trust, always verify
Modernizing IT infrastructure is no small endeavor for a company with broadcast networks, web properties, production facilities, film studios, and offices around the world, all supported by up to 30,000 full-time employees as well as up to 50,000 contracted partners.
But Hildebrandt worked carefully and thoughtfully, and one the first moves she made involved tasking the IT team with the big job of getting all internal Fox users into the same environment. This change would serve multiple purposes, including:
- strengthening authentication
- making it easier to see which users are requesting access to which apps
- streamlining identity management processes
Next, she looked to design a new, zero trust architecture, to counter the credential theft attempts and phishing attacks Hildebrandt was concerned about.
“By design, our users are collaborating with third parties all the time,” says Hildebrandt. “They're collaborating with third-party technology providers, they're collaborating in the cloud. So we can't look at the transfer of data in and out of the network—that actually provides no insight into security. Instead, we have to look within the application itself, and how data is moving between applications. That actually provides us a lot of insight into what’s normal behavior and what's not normal behavior. Then we can use that to identify potential malicious activity that we need to remediate.”
Since effective zero trust environments are rooted in strong, adaptive, identity solutions, finding a selection of best-of-breed products that could protect its employees, contractors, and content was one of the IT team’s first initiatives. Part of that process involved finding solutions that people would actually want to use, especially given the emphasis that 21st Century Fox places on creating a frictionless, delightful user experience for employees and partners.
“Our users deserve the best technologies available to them,” says Hildebrandt. “If we’re going to thrive as a creative digital business, we need to attract talent that wants to use modern tools that allow them to be the most efficient and do their job the best way possible. We realized that we had to think about a model that was going to secure a diverse set of technologies.”
Hildebrandt quickly realized that the Okta Identity Cloud not only provides employees and partners with seamless access to the tools they need to do their jobs easily and effectively, but that it also provides the exact identity foundation she was looking for. While employees could be set up with Okta’s standard IT products, the company could also offer these same solutions to their partners, using Okta API products. The company was already using Okta Single Sign-On (SSO), Universal Directory, and Lifecycle Management, and it decided to add Adaptive Multi-Factor Authentication (MFA) and API Access Management.
Closing the gaps
Adopting the Okta Identity Cloud was the perfect way to support the company’s new zero trust environment, but there was still work to be done. For Hildebrandt, creating a dynamic access model was mandatory. “We needed an access model that recognizes that our partner ecosystem is going to shift all the time,” says Hildebrandt. “We need to be able to provision access and revoke access rapidly, and we need to have a constantly shifting and dynamic model for how we think about that. So that's the plane where we can potentially affect access to a range of downstream applications, and we can ensure that we actually have full coverage from a deep provisioning standpoint when a given partner or user needs to be deactivated from the system.”
Okta Lifecycle Management and Universal Directory fit right into that plan. As soon as a user’s status changes in Workday, Fox’s HR system, Universal Directory (UD) looks at their attributes, and sorts the user into the appropriate group. Then Lifecycle Management provisions the tools and level of access the user needs to do their jobs—and nothing more.
Ultimately, that means users have everything they need on Day One, and there’s no risk that someone will accidentally access information they aren’t supposed to have. Further, if their credentials are ever compromised, there’s less of a risk that someone else will access sensitive data or content.
It also means that when a 21st Century Fox employee leaves the company, or a partner finishes their contract, those loose ends are tied up almost immediately. Access is revoked as soon as their account is deprovisioned in UD, with no zombie accounts remaining.
Applying robust authentication
It was also important to support the wide variety of on-prem and SaaS apps used by the company. When choosing security solutions, 21st Century Fox looks at each use case individually, and chooses the best product for the job, instead of picking a single provider that does a lot of jobs with varying levels of success. As 21st Century Fox rolled out Okta’s Adaptive MFA, the product did exactly what Hildebrandt hoped it would do: it added consistency to 21st Century Fox’s authentication process without causing unnecessary friction for users.
With Adaptive MFA, the company is able to make smart authentication decisions based on factors like who the user is, what kind of device they’re using, where they’re working, and which app they’re requesting access to. That means the company can maintain high levels of security, without forcing employees to take unnecessary steps during the authentication process.
As 21st Century Fox rolled out Adaptive MFA, it listened very carefully to its employees and partners, and provided as many factor options as it could—including Okta Verify, YubiKey, Okta Verify with Push, Voice, SMS, and U2F USB tokens.
Since Adaptive MFA is able to perform many of the same functions as Duo, including securing RDP access to servers and directing interactive login, the company was able to phase out Duo completely. With Okta, the company benefits from a more comprehensive identity experience across its entire infrastructure.
“We have a user acceptance testing group so we can understand their workflows inside and out. We're seeing where it breaks, and we're designing around it before we roll out further,” says Hildebrandt. “That builds trust with users and makes them much more likely to adopt the security changes without screaming, because they know we have their backs.”
Okta MFA accomplished a security goal, which was to make sure that the policy was enforced in the way that we had designed it.
Now, Adaptive MFA is enforced every time a user seeks to gain access to a suite of applications. “Okta MFA accomplished a security goal, which was to make sure that the policy was enforced in the way that we had designed it,” says Hildebrandt. “It also accomplished an enterprise technology goal, which was to give our users technology that delights them.”
Guarding the entrances
21st Century Fox put the finishing touches on its new zero trust infrastructure by investing heavily in both identity and logging. “Those two lenses together give us a pretty good picture of who is doing what with our resources and whether there's anything suspicious that we need to look at,” says Hildebrandt. “We’re pushing authentication to the application layer because that is, essentially, the plane through which we can affect the greatest visibility and control.”
High security, zero trust
The Okta Identity Cloud provides 21st Century Fox with a holistic, fine-grain security infrastructure, and the entire identity rehaul has been a resounding success. Hildebrandt says that for her, it’s an indicator of success when executives start asking her to help them set up MFA on their own personal apps because they’re so impressed with the protections it’s provided them at work.
21st Century Fox’s ability to easily and securely provide consumers with content is the ultimate measure of success. One example involves Hot Star, a mobile app that the company offers to Indian consumers, which just surpassed over seven million concurrent live viewers. “That’s a pretty amazing achievement for an app that has been around for less than two years, to deliver cricket to mobile users in India for the first time, in a way that’s protected against DDoS or against potential credential stuffing attacks, which were significant threats,” says Hildebrandt.
With Okta, 21st Century Fox employees and partners are able to focus on what they do best—delivering delightful content to the company’s customers—without worrying about external threats. Essentially, they’re able to close a large security gap while reducing complexity for users and IT. That means Fox viewers have a lot to be excited about, because the content’s only going to get better from here.
About 21st Century Fox
21st Century Fox is the world's premier portfolio of cable, broadcast, film, pay TV, and satellite assets spanning six continents across the globe. Reaching more than 1.8 billion subscribers in approximately 50 local languages every day, 21st Century Fox is home to a global portfolio of cable and broadcasting networks and properties, including films and television production studios.