How the National Theatre protects its scripts and stars from cyber attacks

The arts venue uses Forcepoint Cloud Security to protect millions of customers and 1,200 staff members around the world


The National Theatre has turned to Forcepoint Cloud Security to keep its scripts, set designs and the personal information of its stars safe from hackers.

Forcepoint specialises in providing centrally-managed security, which provides protection wherever data is, regardless of where increasingly-mobile users are located.

Image: Philip Vile
Image: Philip Vile

The performing arts venue on London's South Bank presents more than 3,000 live performances each year. It relies on extensive collaboration between people on highly sensitive information. In IT terms this means a variety of users sharing documents across a variety of devices and software platforms, all around the world.

"The reason we chose Forcepoint is because it's a platform-as-a-service and a cloud technology, so it's on all of our devices all of the time," George Tunnicliffe, the head of IT operations at the National Theatre told Computerworld UK.

"The combination of seeing where your data is going, assisting the users in using the internet, and keeping them safe without them having to really think about it is really crucial and useful for us. We didn't want anything to interfere with their work, and we don't want to set up lots of onerous policies."

Tunnicliffe is responsible for keeping up to 1,200 members of staff, the theatre's intellectual property (IP) including scripts and stage designs, and the private information and correspondence of actors, directors and designers safe from cyber attackers.

The recent hacking scandal at American TV network HBO showed that no production company is too big to be breached. Attackers stole an unreleased Game of Thrones screenplay and unaired episodes of hit shows such as Ballers and Room 104. According to the Hollywood Reporter, the 1.5 terabytes of data stolen was seven times that of the infamous 2014 Sony hack linked to The Interview, a comedy about North Korea.

The National Theatre wants to ensure that the plays it produces don't join the growing list of leaks. Its information is stored and shared across various services, such as Google Drive and with cloud-based document storage vendor Box. The theatre recently migrated from its on-premise Microsoft Exchange system to Office 365 to improve collaboration in the cloud.

Read next: 13 must-watch TED Talks on cyber security

The workforce regularly changes across productions and is highly mobile. They may be working in the South Bank theatre, at home, or with a producer at an international location, which makes access controls and onboarding extremely important.

"There's a lot more collaboration in the theatre across different mediums that I've not seen at this level anywhere that I've worked before," says Tunnicliffe. "A lot of adjustments of plans, things going back and forwards, and lots of people looking at one document."

Why Forcepoint?

Tunnicliffe opted for Forcepoint after deeming the legacy cybersecurity product he inherited as inadequate. It could only be deployed on-premise, which created a single point of failure on the network, and was complicated to maintain and update.

"Forcepoint [won] hands down because its platform-as-a-service offering really stood out to us," says Tunnicliffe.

Forcepoint is installed on the National Theatre servers and on every device, laptop, and work station it hands out. It gives every user the same level of security as they would get inside the office and allows Tunicliffe's IT team of 12 the ability to understand and track when and where staff are moving information on the internet.

The Forcepoint Web Security dashboard provides comprehensive information on threatsThe Forcepoint Web Security dashboard provides comprehensive information on security threats. Image credit: Forcepoint

"One of the crucial things is that it's invisible to them," he says. "It's always on, so they don't need to worry about logging into a VPN and putting it on to make sure they're safe. They can just get on with their work and know that the information on their laptop is going to the right place."

Forcepoint automatically stops dangerous activities on compromised websites such as uploading information, and provides notification that it's happening, flagging any unusual activity or high-risk behaviour.

Read next: Ransomware explained - What is ransomware and how can it be stopped?

Preparing for GDPR

The impending GDPR deadline of May 2018 has provided the National Theatre with the opportunity to restructure their information usage and review their data practices.

Read next: GDPR explained: How to prepare for the approaching General Data Protection Regulation (GDPR)

Forcepoint prevents advanced threats that use sophisticated detection evasion techniques from stealing sensitive data. Information is tracked as it moves and early visibility of data incidents and advanced warnings of possible compromises are displayed on a screen in the office.

The IT team can then contact the individual and department involved to find out the implications on data protection and GDPR compliance.

"What Forcepoint allows us to do is understand where our information is flowing to and what kind of information is on there," says Tunnicliffe.

"Recommended For You"

How to ensure GDPR compliance in the cloud How Salesforce has prepared for GDPR