Only
Certain Types Of Info Need Be Disseminated
Secure Extranets Could Help
Control Partners’ Data Access
by Michael Karagosian
NATO Digital Cinema Consultant
Electronic cinema
promises the electronic delivery of advertising content, movie content,
and trailers. Little, however, has been said about the other promise
of electronic cinema: the ability to conduct electronic commerce.
To some, the very idea of electronic commerce means baring your
systems and your company’s business data to your business partners.
But a knowledgeable approach to developing system infrastructure
can place the exhibitor in control of its networks and its business
data.
Electronic commerce requires two-way electronic communication with
the equipment in your theatres. Consider electronic advertisement
placement, the cost efficiency of which relies heavily upon electronic
commerce. Advertise-ments are sent electronically to the theatre
(most likely over the Internet), providing a low-cost method of
ad placement. In return, the advertisement broker, which is your
business partner, will likely pay considerably more than conventional
onscreen advertisers if it knows when its ads were played, and how
many people saw them. The theatre owner collects payment for presenting
the ads based on this feedback. To retrieve this data efficiently,
the ad broker needs access to the data network in your theatre complex.
But does this mean giving your business partner access to your entire
network, or to only the data that is necessary to conduct business?
There is other data that the exhibitor should consider protecting.
As electronic projection systems evolve, networked control and monitoring
systems will become popular, allowing the health of your projection
equipment to be viewed from off-site locations by your maintenance
staff. To your business partners, this data has a value attached
to it. Giving it away for free may not be the smartest business
decision. For most companies, both control and monitoring data,
as well as the data for electronic commerce, will be on the same
network. Giving access to your entire network to a business partner
could mean giving away valuable and possibly sensitive information
that is not openly available to your business partners today.
Many
theatre chains are familiar with the use of “virtual private
networks,” or VPNs. The VPN is a low-cost tool that securely
connects remote locations in an enterprise network. In a larger
theatre chain, the central business office desires electronic access
to ticketing data from their theatre sites. The secure way to do
this is by establishing a VPN between the central office and each
of the theatre complexes within the chain. Figure 1 demonstrates
how the VPN is applied.
In Figure 1, a firewall is shown in the theatre complex, which blocks
general access to the theatre data network. The firewall allows
data traffic on its VPN port to pass to the VPN server. The VPN
server will check that the user desiring access is authorized before
allowing a data connection to be made. Once the data connection
is established, all data traffic passing beyond the VPN and out
onto the public network is encrypted. Not only does the user have
to be authorized to gain access to the theatre data network, but
the data that flows outside of the theatre is unreadable by unauthorized
parties, making this a very secure connection.
The VPN is a very appropriate tool for use within an enterprise,
allowing secure communication over public networks among remote
locations, without having to go through the significant expense
of purchasing a private network. However, the VPN is not an appropriate
tool for governing network access to business partners. While it
will only allow authorized business partners to have access to the
network, it cannot limit access to only that data which the business
partner was meant to see. In other words, even with a VPN, your
business partner will have the same access as that of your central
business office to your theatre data network. Through the VPN, you
will be giving open access to your valuable and possibly sensitive
business data.
To
solve this problem, a new class of product called “secure extranet”
has been introduced. The word “extranet” refers to the
external network that connects your enterprise with your business
partner. (The ancillary term is “intranet,” which refers
to the enterprise network itself.) The secure extranet provides
the features of a VPN, but with the added benefit of allowing you
to target the authorized user to a limited set of applications or
data. This technology is in its infancy today, and is expected to
flourish as an enabling tool for electronic commerce among small
to medium-sized businesses. A possible implementation of a secure
extranet within a theatre is pictured in Figure 2. Note that the
firewall and VPN server remain in the system for corporate use,
and that the secure extranet router establishes a connection only
to the server containing the application and/or the data to be shared.
As electronic projection systems for advertising, alternative content,
and feature movies come into use, the push for electronic commerce
will grow. Those exhibitors who take control and implement secure
networks will have the opportunity to retain control of their business
data. Of course, your business partner has to participate in your
secure extranet, and this can become part of your negotiation when
establishing your business relationship. Regardless, without the
right tools in place to secure business data, exhibitors can easily
lose control of their valuable data assets. 
