5 Basics of Cloud Security

The basic objective of a cloud security strategy is to provide a method to monitor and protect the flow of information to and from cloud hosted services. There has been and will continue to be a shift towards public and private cloud services as the age of digitisation is increasingly being embraced by organisations. 


According to Cisco’s Annual Cyber Security report, one of the principle reasons why organisations are deciding to host corporate applications in the cloud is increased security. 

 data security

On the other hand many small and medium organisations are adopting cloud technology without a clear strategy resulting in the blurring of edges of responsibility between the cloud provider and the organisation. In the eyes of cloud security providers, there are clear responsibilities and boundaries as illustrated in the graphic below. 


Security in the cloud is a shared responsibility: Cloud Security, DNS, IaaS PaaS Saas 

Cyber attackers are increasingly taking advantage of this blurring of the boundaries to exploit systems. It is important to undertake a proper risk assessment before cloud services are adopted. This will enable a clear understanding of the risks and a consequent strategy to mitigate the risks.  


The basic approach to cloud security will be based on the risk profile, it essentially needs to address the different phases of the cyber security threat, namely before, during and after an attack. It should be an extension of the organisations security approach to the on-premise information systems and data which generally address the question, who is allowed access to what information. 


Some of the key features that need to be addressed with a cloud cyber security approach include; 

  • Visibility and Control
  • Securing Cloud Applications
  • Extended Protection
  • Virtualise the Security Architecture
  • Threat intelligence


Visibility and Control 

Users will try to use whatever they can to get the job done. Organisations need visibility and control of what applications are being used in the cloud and remotely, especially with the growth of new SaaS applications. Visibility enables an understanding of what is being used in line with policy, what is out of policy and what is a threat. Visibility is the first step to controlling and securing the organisations environment based on what services should be provided. 


Securing Cloud applications 

As SaaS applications are increasingly being deployed in public clouds such as Amazon Web Services and Azure, it is vital to ensure that the cloud platform is secure. Even though the cloud providers will deploy their own security solutions, organisations also need to implement independent security systems to secure the user and the data as this is not the responsibility of the cloud provider. In it’s recent cyber security report, Cisco identified that a major growth area for cyber attacks was the misuse of legitimate cloud services to host malware. Hence the need to secure services in public clouds cannot be understated. 


Extended Protection

As remote connectivity and branch networking trends increase in popularity, the security solution should be adaptable to extend the necessary features such as firewalling, threat management and anti-malware capabilities to the edge of the network as opposed to the current centralised deployment model. This functionality should be provided on endpoints, remote connections and remote offices and vitally to devices working off site such as Internet Cafes. 


Virtualise the Security Architecture 

The need for security is now pervasive at the client, the branch, the HQ as well as public and private clouds where SaaS applications are located. This necessitates the capability for a virtualised security architecture where the panoply of security functionality can be deployed easily at any location. This approach also enables the organisation to scale security at speed which will meet business demands for rapid deployment of new services while avoiding security being an afterthought. 


Threat intelligence 

Most organisations deploy security components from multiple vendors. An intelligent approach to securing information and systems in the emerging environment must make use of threat intelligence to overcome any cross vendor incompatibilities. This is the ability to take intelligence feeds from other sources such as other security vendors feeds and make context based threat assessments relating to your organisation and what it means for you. This assessment can naturally feed into automated protection mechanisms. 


In our next blogs in this series, we will cover off some best practices approaches to cloud security and discuss some of the technologies being used. 


Cyber Risk Assessment– get good at it

Today’s reliance on IT technology is unparalleled and will only increase. While some businesses are pondering the benefits of IoT deployment or bespoke business applications, others are ploughing ahead and pioneering their initiatives.

Some of these initiatives are stuttering and some are big winners that have transformed their business. Digitisation and it’s attendant benefits is the new game in town and it is not going away soon.  

The constant question that new initiatives will always raise is, what about cyber security? These new initiatives also need to be balanced against new compliance regimes such as GDPR which can levy punitive fines for breaches involving sensitive personal data. IoT means a greater footprint or attack surface; a new cloud application means potential exposure of data or the possibility of unauthorised access.

While these risks and others exist, this should not hinder businesses taking advantage of the potentially major opportunities from digitization. What is therefore of paramount importance is a way to effectively assess and mitigate the risk from these initiatives and other IT activities that will enable the businesses to safely adopt new technology. 


Cyber security is everyone’s concern 

Cyber security is no longer just an IT issue, now it is definitely everyone’s concern. Responsibility is now being devolved as applications move to the cloud. More departments are involved in selecting and implementing their apps, therefore they also need to have security at the forefront in both the selection and operational processes. 


Comply with regulation or become extinct 

Regulation is now gaining real teeth and therefore compliance is no longer an optional nuisance. Consider the Carphone Warehouse breaches recently. If the recent 6m records breach occurred under the watch of GDPR, the fine could be a whopping £428m, compared with the max £500k fine which could have been levied under the previous Data Protection Act. Compliance is now an imperative and failure could mean business extinction due to the punitive fines.  Compliance should be seen as an opportunity to get your business in shape in which case everyone benefits. 


Cyber risk assessment is a specialism 

Change is another constant in IT, therefore risk assessment should be constant and continuous. Oftentimes risk assessments are left till the end of an initiative when in fact it should feature right at the beginning and be a part of the “go/no go” decision. If risk assessment is built into project implementation, the end result will definitely look a lot better than if it were an after thought. The struggle is to find the skills where there is a good understanding of IT risk management. It is an area where businesses need to invest in training staff at all levels of the organisation. 


Risk assessment and mitigation needs to be a continuous process where all departments in a business are engaged in continuing assessment, monitoring and improvement of the risk exposure.  


An interesting development in this light is a joint solution offered by Aon, Apple, Cisco and Allianz. The components of the solution include the following; 

  • Risk Assessment with a target output of an analysis of the businesses level of insurability, its security posture with recommendations on how to correct any gaps.  
  • Those wishing to improve their security posture receive a plan that includes an enterprise ransomware solution incorporating, advanced email security, endpoint protection and DNS layer security.  
  • The business will also deploy Apple MacOS and iOS endpoints.  
  • Businesses choosing this solution will receive favourable terms from Allianz who consider this combination to be a more secure solution.  


While it may not be practical for all businesses to adopt this solution, the method/approach is a useful indication of a what can be done. The importance things is the assessment needs to be continuous and reflect the status of the business and it’s use of IT at any point in time which of course is a moving goal post.

5 Takeaways from the Cisco 2018 Annual Cyber Security Report

Cisco Annual Cybersecurity Report 2018

Cloud abuse on the rise according to Cisco Security Report

Cisco’s Annual Cyber Security Report 2018 provides an insightful account into the changing cyber security landscape. This article summarises some findings of the report pertaining to cloud security.
Some main take aways from the report that will be discussed in this blog include:
  • Legitimate cloud services such as Twitter and Amazon being used by attackers to scale their activities
  • Machine-Learning is being used to capture download behaviour
  • Cloud Security is a shared responsibility between organisations and its provider
  • There is an increase of belief in the benefits of cloud security
  • Cloud abuse is on the rise
According to the report, increased security was the principle reason security professionals gave for organisations deciding to host corporate applications in the cloud.
Fifty seven percent believe the cloud offers better data security
Organisations who have a security operations team are likely to have a well defined cloud security approach that may include the adoption of Cloud Access Security Broker (CASB) as they deploy to the cloud.
Many smaller organisations however are adopting cloud services without a clear security strategy, there is therefore a blurring of the security boundaries where many organisations are not certain about where their responsibilities end and where the responsibility of the cloud provider starts.
Security in the cloud is a shared responsibility: Cloud Security, DNS, IaaS PaaS Saas
Security in the cloud is a shared responsibility
Cyber attackers are increasingly taking advantage of this blurring of the boundaries to exploit systems.
An increasing trend amongst cyber attackers is to use legitimate cloud services to host malware and command and control infrastructure. Public clouds that have been used for malware activity include Amazon, Google, DropBox and Microsoft.
This makes it doubly difficult for security teams to identify bad domains and take protective measures without risking significant commercial impact caused by denying user access to legitimate business services.
Examples of legitimate services abused by malware for C2
The misuse of legitimate services is attractive to cyber attackers for a number of reasons;
  • Easy to register a new account and set up a web page
  • Adopt use of legitimate SSL certificate
  • Services can be adapted and transformed on the fly
  • Reuse of domain and resources for multiple malware campaigns
  • Less likely that infrastructure will be ‘burned’ (service can just be taken down) with little evidence of its purpose
  • Reduce overhead for attacker and better return on investment
Cyber attackers are effectively using legitimate and well known cloud infrastructure with their attendant benefits; ease of scale, trusted brand and secure features such as SSL. This enables them to scale their activity with less likelihood of detection if current protection methods are retained.
The challenges posed for the security teams defending organisations from these new threats call for a more sophisticated approach because in effect you need to block services that users are trying to access for legitimate work such as Amazon or Dropbox. Furthermore, the legitimate services are encrypted and so malware will be encrypted and evade most forms of threat inspection techniques– the threat will only become apparent after it has been activated on a host.
Intelligent cloud security tools will need to be deployed to help identify malware domains and sub-domains using legitimate cloud services. Such tools can also be used to further analyse related malware characteristics such as associated IP addresses, related domains and the registrant’s details.
An emerging and valuable approach to detect anomalous behaviour is machine learning.
Machine learning algorithms can be used to characterise normal user activity, unusual activity can be identified, and action taken automatically.
Machine-learning algorithms capture user download behaviour 2017
To meet the range of challenges presented by cloud adoption,
organisations need to apply a combination of best practices, advanced security technologies, and some experimental methodologies especially where they need to overcome the use of legitimate services by cyber attackers.

Would you like to learn more? Claim your Free copy of our latest eBook “A View of the Cyber Threat Landscape”. Click here.

What Will You Pay? Costs of a Cyber Attack

What will you pay?

With a 750% increase in ransomware attacks in 2016, a first layer of defense is needed.

View the infographic for new proactive strategies with Cisco Umbrella and keep your business protected.

Click here to view the infographic

Take Control with CASB and DNS

Its been a cloudy blog of a fortnight (pardon the pun but I couldn’t help it). To summarise we have been looking at the changing IT landscape and the consequent change in the threat landscape. We then looked at how organisations need to change their approach to cloud security to address this new reality.


The age of digitisation is bringing about a dramatic change to the IT landscape. Digitisation is about new efficient ways of doing things at scale. It’s about automation and new ways of engagement with customers in a way that suits them and at a time that suits them.


Digitisation is turning century old industries on its head as new players emerge that are agile, visionary and creative at a rate it’s outpacing their peers.


The new IT landscape is about DevOps “scoring an end goal” around or despite IT. Being applied to conceive and deploy apps in a fraction of the time it used to take using a conventional approach. Its about using the cloud to take advantage of Infrastructure, Platform or Software as a Service and being able to globally scale an application.


The new IT landscape is also about anytime anywhere access for users/employees. Power is being devolved to branch offices because they need better connectivity to access their new apps in the cloud. Analysts are saying that approximately 50% of users now access their applications remotely and 25% actually work remotely.


We also need to factor the explosive growth of IoT and the pervasive use of mobile devices to access the web.


Digitisation is a bright new horizon but it also brings major security headaches. Some of these include;

  • A massive increase in cyber attack landscape, more devices, more apps, more points of access
  • Increase in the number of alerts security teams need to process and understand
  • More applications to monitor and manageLack of visibility in what users are doing and how they are using apps
  • The growth of shadow IT exposing corporate information and services to attacks
  • Outdated non-cloud savvy security relative to the emerging landscape


Cyber attackers have evolved in sophistication to keep apace of the changes in IT. They constantly evolve their exploits, they are offering attacks as a service, they are using cloud scale computing power as well. Cisco’s annual cyber security report identifies that the scale and sophistication of attacks have increased over the past 12 months.


Security teams need to evolve their approach to security making it cloud centric with the ability to protect users and data anywhere anytime. Remember cloud services still require organisations to take responsibility for the security of their data. Gartner has identified that 95% of data breaches will be the fault of the end user.


Some of the essential tools that security need to include in their new armoury include secure DNS services as well as CASB services. DNS will block access to malware sites before they happen, or if a machine has been infected, it will block the command and control call back. CASB has the ability to monitor user activity in the cloud, profile applications in use and prevent data leakage. Both tools can also provide invaluable visibility into the normal behaviour of users and trigger protective actions and alerts as and when behaviour varies from the norm.

14 Day Free Trial of Cisco Umbrella

Get started in 30 seconds

No credit card or phone call required



  • Threat protection like no other — block malware, C2 callbacks, and phishing.
  • Predictive intelligence — automates threat protection by uncovering attacks before they launch.
  • Worldwide coverage in minutes — no hardware to install or software to maintain.
  • Weekly security report — get a personalized summary of malicious requests & more, directly to your inbox.
  • 1,000+ users? — You’re eligible for the Umbrella Security Report, a detailed post-trial analysis.

See how easy Umbrella is to instal

In the Cloud you need CASB: How to Secure the Cloud

We introduce another acronym yesterday, CASB (Cloud Access Security Broker) and we now expand on the features and benefits of deploying a CASB solution as we continue in our approach to cloud security. We noted in our previous blog that cloud security was a shared responsibility between service user and service provider. Gartner analysis indicates that by 2021, 27% of corporate data will bypass perimeter security. In addition by 2020, 95% of cloud security failures will be the customer’s fault.


Cloud Umbrella, DNS, Firewall, Cloud Security, Data Breach


Securing the cloud will need a robust security approach which includes features such as the ones outlined below;


Cloud User Security

Attackers are defeating today’s security controls that rely on the network perimeter, firewalls, or a specific platform. Activities across platforms are not correlated, making it difficult to identify suspicious behavioural patterns. At the same time, security teams are inundated with alerts that lack priority, useful information, or context. Faced with a flood of unhelpful notifications, the legitimate security breaches get overlooked. This problem is magnified with the use of cloud applications and platforms, as organisations often have little visibility into the activities of their users in their cloud environments.
A CASB can analyse user and entity behaviour, using the analytics to profile behaviour and detect and respond to anomalies in real time, while alerting security teams.


Cloud Data Security

The number one cloud security concern for organisations is storing sensitive data in the cloud. 53% of organisations rated this top of their list. A CASB is an effective solution to address this by enabling tuneable policies to be deployed to monitor and provide data loss prevention. In the event of a policy violation, a CASB can initiate an automated response mechanism that can notify users, encrypt connections and quarantine data as necessary.


Cloud Applications Security

Unauthorised cloud applications is now a major security hole being exploited by cyber attacks. Discovery and security rating of cloud applications are therefore another essential feature that is needed to determine compliance with the organisations security policy. The ability to also block or whitelist applications may also be a necessary measure for compliance.


Correctly configured the CASB solution should provide the following benefits;

  • Detect and respond to compromised accounts
  • Detect and respond to malicious insiders
  • Monitor and secure privileged accounts
  • Protect sensitive data in the cloud
  • Enable compliance with cloud data
  • Gain full visibility into cloud app usage
  • Block cloud malware
  • Secure cloud marketplace apps

Win Big by Securing DNS: How to Secure the Cloud


Adoption of cloud based technology and the proliferation of remote working is driving a new approach to security that needs to be omnipresent providing the highest practical levels of cyber security for the user, the network and the data.


We reviewed some of the features that were needed for this new security approach and the risks/challenges that needed to be addressed. Security analysts such as Gartner and IDC have a new security term that is relevant to this emerging security environment and have coined it the Security Internet Gateway. The principle function of the Secure Internet Gateway is to secure the cloud environment in the same way that we secure the on-premises environment.


Implementing a security platform in the cloud will break the limitations and constraints of centralised solutions. The security must be flexible in line with user access, virtualised to deliver security wherever it is needed and extend beyond just securing web protocols such as http and https. Most security vendors now offer cloud based security solutions and in many instances what they have done is taken a conventional security component such as Anti-Virus or Web Proxy services and deployed it in the cloud. While this may be a good start, a range of other technologies need also to be included in the security stack deployed to protect users and data.


When users connect to the web they must immediately undergo inspection and policy enforcement to ensure their connection is being done in a secure manner. These may include but not limited to;


  • Visibility and enforcement of policy on or off VPN
  • Security against threats from all ports and protocols
  • Inspection of web traffic and file inspection including behavioural sandboxing
  • Live threat intelligence from global internet activity with near real time updates
  • Visibility and control of SaaS applications


Clearly no single solution can provide all of these components, but a Secure Internet Gateway correctly specified could go a long way to providing many of these security measures. Secure DNS must be a major component of the functionality of Secure gateway because of its ability to stop a large swathe of attacks before they reach the user or the data.


We have outlined in previous blogs the pivotal role that DNS plays in almost all web based communications, yet DNS is not understood by most users. DNS is involved but not necessarily exploited in 92% of cyber attacks and therefore it can be used in a secured manner to block most attacks. Some examples are that 100% of organisations interact with known malware sites. If these are known to the DNS servers, they could block access with no impact on the user or performance.


Once a device is infected with ransomware it will need to make a command and control call to get the key needed to encrypt data. Again secure DNS could prevent this connection and thus block the attack in its track until the key is downloaded, the data cannot be encrypted. Deploying a cloud security solution that includes secure DNS is a quick way of effectively managing the risk of ransomware and stopping the execution of malware once a device is infected.


In our next episode, we will provide more details about how secure DNS works and how some of the other Secure Internet Gateway features can be implemented and employed.

Trial Cisco Umbrella for 14 Days, completely free and no obligations!

If you have read the last few updates you should now have a deeper understanding of Cloud Security, that’s great! But what can YOU do about it?

We are offering a 14 day trial of Cisco Umbrella, the industry’s first Secure Internet Gateway in the cloud.

Cisco Umbrella provides the first line of defence against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.

It takes no time to install and you don’t have to provide any payment details (or even have a phone call).

So what have you got to lose?

Click here to start your trial! 

See how easy Umbrella is to instal: watch this video 

Covering the Cloud: How to Secure the Cloud

We have discussed the changing IT landscape as the age of digitisation gains traction and growth in connectivity continue apace. The cyber attack surface is increasing and so is the scale and sophistication of attacks as identified by Cisco in it’s latest annual cyber security report.

Security breaches will continue to happen because there is too much going on in the organisations’ systems to provide complete protection especially with the growing sophistication of threats. The approach to security needs to embrace an approach that provides not only for known but also unknown threats. The approach needs to address cyber security before, during and after a cyber attack.

Some of the key features that need to be addressed with this new cyber security approach include;

Visibility Control

Users will try to use whatever they can to get the job done. Organisations need visibility and control of what applications are being used in the cloud and remotely, especially with the growth of new SaaS applications. Visibility enables an understanding of what is being used in line with policy, what is out of policy and what is a threat. Visibility is the first step to controlling and securing the organisations environment based on what services should be provided.

Securing Cloud applications

As SaaS applications are increasingly being deployed in public clouds such as Amazon Web Services and Azure, it is vital to ensure that the cloud platform is secure. Even though the cloud providers will deploy their own security solutions, organisations also need to implement independent security systems to secure the user and the data as this is not the responsibility of the cloud provider.

Extend protection to the edge

As remote connectivity and branch networking trends increase in popularity, the security solution should be adaptable to extend the necessary features such as firewalling, threat management and anti-malware capabilities to the edge of the network as opposed to the current centralised deployment.

Virtualise the security architecture

The need for security is now pervasive at the client, the branch, the HQ as well as public and private clouds where SaaS applications are located. This necessitates the capability for a virtualised security architecture where the panoply of security functionality can be deployed easily at any location.

Threat intelligence

Most organisations deploy security components from multiple vendors. An intelligent approach to securing information and systems in the emerging environment must make use of threat intelligence. This is the ability to take intelligence feeds from other sources such as other security vendors feed and make context based threat assessments relating to your organisation and what it means for you. This assessment can naturally feed into automated protection mechanisms.

This roundup of security requirements and features is a summary of what we need to look for in our security approach as we hurtle towards digitisation and a predominantly cloud based environment. In our next installment, we will discuss some practical solutions and explain what is now being termed the Secure Internet Gateway.


Want a Quick Win? Secure your DNS


Ransomware is currently the number one form of cyber attack due to its profitability and simplicity in execution. It is now evolving as a business model where any ‘Joe Bloggs’ can buy ransomware code for a monthly fee – ransomware as a service. Ransomware thrives partly because of bitcoin and the associated anonymity of attackers who get paid via an untraceable cryptocurrency transaction. The stages of a typical ransomware attack include;


  • Stage 1 – Infection

Ransomware always starts with some host infection of malware via phishing attacks, or a website hosting malware


  • Stage 2 – Command and control setup stage

This handles the key exchange process to encrypt the files on the infected host


  • Stage 3 – Extortion stage

Payment of the ransom and then ‘hopefully’ getting the key to decrypt the encrypted files.


Ransomware is constantly evolving and not being breached yet is no guarantee that it won’t happen in the future.


Many organisations are using hope and anonymity as a risk mitigation strategy against ransomware – assuming they are small and have not been attacked yet. The fact is that the supply chain is now an increasing focus of malware attacks as a means of accessing valuable data through the back door of larger enterprises.



Anti-Ransomware Best Practices


As with every effective security approach you need a policy and a risk assessment of the threats so this is a given before we get into the type of approach and solutions that need to be in place. Please see some of our previous blogs or check out the NCSC website for some invaluable resource.


Phishing can be very sophisticated making it hard to tell if a link is bad or not. Effective protection cannot rely solely on end users, it must be engineered into the system with the right protection mechanisms correctly configured.


To start off with you need good anti-spam, anti-phishing and web controls to control the Internet traffic, this could be incorporated into a good endpoint protection solution. Use an email and malware analysis gateway to inspect executables for malware. The gateway should be configured to block files if there is any doubt about it’s authenticity. It is better to stop/delay web downloads so that they can be inspected and properly classified than to run the risk of infection.


78% of attacks exploit phishing so it is a good thing to correlate known exploits to the vulnerabilities in your organisation and prioritise patching based on known exploits.

Use network analysis and visibility tools to analyse traffic on the network so you can see what is changing and be alerted to abnormal behaviour.


If you do get infected, have effective Backup and DR policies and processes, and ensure that the recovery procedure has been tested and works.


DNS Security is the Quick Win


92% of cyber attacks make use of DNS at some stage or another through the execution of the attack. DNS is therefore the greatest opportunity to secure your network while having an immediate impact.


What if your systems know that a website url a client is trying to access via DNS resolution is a bad site, hosting malware. You could just block it and prevent any interaction with the malware in the first place. This form of protection can be immediate with no impact on client or application performance.


A web based infection is usually a 2 step process –  which redirects your web browser to another domain created using an exploit kit which finds a vulnerability in say Flash or Silverlight. The malware will then do a command and control (CnC) call back using DNS resolution to get an encryption key. Until the CnC connection happens there is no damage created.


Analysis has shown that most ransomware does a DNS call back, ransomware payment notification also uses DNS. The ability therefore to block a malware connection via DNS security at one or another step of the malware execution process can therefore prove to be the most effective way to implement malware protection.


An effective DNS security protection control can have the ability to identify the endpoints attempting the malware connection and therefore feed into the clean-up and mitigation plan.


An important service in addition to the above is the ability to query domains and file hashes from a central intelligence platform that has up to the  minute data on the bad domains so that your security incident response team has the ability to conduct intelligent investigations independently of any infections. For instance if you keep doing a DNS query for a site in Russia and you don’t have any business relationship in Russia, that’s something that you should query.


Another challenge is the decentralised nature of organisations due to remote working and the increasing importance of branch offices. Mobile devices such as laptops are the primary devices where user changes could compromise security. Around 80% of remote workers disable their VPNs when they browse the web. A DNS based security mechanism can help to maintain the security posture where these remote workers able to still make use of this form of protection even when they disable their VPNs. DNS security can protect any device including IoT, guest devices and roaming clients.


Correct implementation of DNS security could make it the first line of defence even before a connection is established by checking the DNS request and blocking bad sites. This will help the IT teams by freeing them up from a large number of alerts that would be generated if the malware had been downloaded.

Why Audiences Love Live-to-Digital and How to Approach the Space



Live-to-digital is a growing medium, primarily driven by three factors. Once producers understand such audience motivations, it will become easier to strategize within the space.

  • The experience is economical, costing less money and requiring less time than traditional theatre, as travel is largely taken out the equation and ticket price is either less or negated.
  • Digital offers a convenience that cannot be matched by traditional productions, as streaming can occur anywhere.
  • Digital offers a new means of exploring content – whether live or not – which is of great benefit to audiences who wish to discover innovative theatre.

Alongside these three considerations, elements such as advanced camera work help smooth the transition between live and digital, as audiences can enjoy the visual experience from a new perspective. However, many still refuse to give up on the actual live performance, or travel for Event Cinema.

While the digital medium presents clear benefits to the audience, producers are feeling the strain. Tackling new projects is intimidating, although widespread industry expertise can smooth the learning curve. Moreover, while the cost can be prohibitive, streaming is an economical means of growing an audience, and also a method many pursue in search of new fans. Given an infrastructure has been put in place in cinemas throughout the country, this can also help reduce the required investment.

What might spur momentum across the industry could be increased transparency, with viewer numbers and financial data shared between venues and producers. Until this happens, a reluctance to progress is likely to prevail.

In recent articles, you have witnessed first-hand the advent of live-to-digital in theatre. With audiences turning to the medium in droves, there is little question about whether suppliers should engage.

However, in light of widespread support for the transition, questions remain as to the factors that drive consumption, as much as why many suppliers are reluctant to enter the space. While some voice concerns over how to fund production, others surface different barriers to entry.

Perhaps the question could be better approached from a different perspective.

Once industry players better understand audience motivations, such hurdles won’t seem so daunting and new players – as much as existing participants – will be able to spur on the category, for its transformational potential is immense.


Why Theatrical Content is King

Let’s be clear; one truth remains: Those who want to see a live performance will, in no uncertain terms, do their best to see that live performance. The arrival of digital is not competing on those terms. Much in the same way Hollywood still draws an audience to the cinema, the intimacy of live theatre will always preserve its place.

That said, digital content is carving a niche, and the audience advantages are clear.

In short, for the audience, live-to-digital is:

  • Economical
  • Convenient
  • And, perhaps most poignantly, not necessarily ‘live’ (that is, consumers are not looking to replace the live experience)


Positive Economics

 The audience still very much appreciates the thrill of going to the theatre, which is why shows up and down the country continue to sell out with touring at stable levels. Digital is solely a means of increasing one’s consumption of ‘live’ performance, in a way that is both convenient and economical.

It is the audience’s way of supplementing their exposure to the arts while exploring lesser-known productions that they might otherwise not have seen. The economics, both in terms of time and money, allow experimentation. Something that was, in a previous era, unfathomable.

What the industry is witnessing is a new crowd mobilised through technology, or those who are too far from a theatre now able to enjoy the latest productions at a reasonable personal cost.

You see, it is this newfound ability to enjoy a performance without having to sacrifice a day or an entire paycheck that is most exciting. In fact, two-thirds of respondents stated that their greatest motivation for attending Event Cinema – particularly among older or rural respondents – was simplicity.

“Living in Sheffield, going to London is pricey. There are shows I couldn’t see live for financial reasons, or time constraints.” Audience Member, 25-44, Yorkshire & Humberside.

And yet, in its own confidence-boosting way, there is still a sizeable segment who travel at least one hour to attend live theatre, which reinforces the belief that ‘live’ is here to stay.


Ultimate Convenience

When focusing purely on financials, streaming evidently comes into its own. Yet, this is not a singular motivation.

Live performances have inherent limitations with strict schedules, while those who stream appreciate the opportunity of watching a performance outside of the traditional tour. In fact, almost half of those who streamed a production did so because no live version of the performance was available at the time.

Similarly, as shows continue to sell out, streaming may be the only option. Very few people suggest they prefer streaming to live, showing how they are not economising on the quality of their experience, rather doing what is necessary to preserve their enjoyment. To worry about cannibalisation of ticket sales is understandable, however, when producers realise that ‘going digital’ has previously had no adverse effect, they can put their fears to bed.

The reality is that more people are tuning in at their convenience, likely watching something they otherwise might not have chosen to see. Digital is a great means for broadening the mind and testing new waters.

If you had said to me, here’s a ticket to see Hip Hop Othello [the Q Brothers] live at the Globe [in 2012], I wouldn’t have gone. But watching it on the iPlayer [The Space], I thought it was fantastic – I wish I had seen it live.”—audience member, 45-64, West Midlands


Offering a Fresh Perspective

The proximity of the actors; their on-stage presence; the inherent risk of the live performance – these are all visceral reasons to attend the theatre. However, when it comes to Event Cinema or streaming, the primitive nature of the performance takes on new meaning.

What an audience loses in authenticity, they gain in perspective as, through this shift in medium, they can appreciate the performance in new ways.

When sat at the back of the National Theatre, it is difficult to appreciate the detail of an actor’s performance. When watching on screen, the depth of the actor’s expression is something that can be genuinely appreciated as the camera zooms in. This is a distinctively different experience, and one reason people enjoy productions in the digital form.

This is a message to production houses that the quality of their camera work is implicit in the success of any screening, underlining that – to bring a top-class production to the screen – they need to appreciate the different perspectives at play, and offer the audience the viewpoints they want.

Where the viewer has relinquished control of their focus, they get to appreciate the intensity of the emotion on display.


Barriers to Consumption

Not everything is simple in the digital world, and consumers do have their concerns. Much to the theatres’ delight, many simply choose not to participate in Event Cinema – or stream – for the reason they would rather be there in person.

Event Cinema does, in many ways, have similar issues as traditional theatre in its reliance on a physical venue, so audiences who struggle to attend the theatre may well lack access to Event Cinema as well. Similarly, viewing schedules deter those who live too far away, which could be an opportunity for exhibitors – more regular screenings could increase attendance.

Primarily, inadequate technology and lack of awareness are decisive factors for those who choose not to stream. More often than not, rather than not wanting to stream, it is more the crowd simply do not know that this is an option.

The all-too-common ‘build it and they will come’ mentality does not work. If you offer content via a streaming service, do not hide the fact. Market it well, and you will have a captive audience.

Of the largest segment of streamers – those between 16 and 24 – these were the least likely to know where to find content. This is an opportunity lost and a possible reason for scepticism around the effectiveness of live-to-digital.


Incentivising Production

There seems to be an invisible barrier in many production houses – the hurdle of going from zero to one live-to-digital projects.

For those who have experience with at least one production, the likelihood of producing a second is vastly higher than amongst those who have yet to dip their toe. This suggests that if producers can understand what motivates those who do operate in the category, they can work to reduce their fears and take steps towards new horizons.


Do Not Fear the Cost

While the positive economics for digital consumers is self-evident, digital producers are more sceptical. Rather than embracing any potential gain in online audiences, the upfront investment is likelier to halt the project.

Society is risk averse, and the thought of losing money is an understandable deterrent; however, artistic directors should try to reframe the purpose of live-to-digital. In general terms, few approach it as a means of driving revenues – at least, not in the immediate. So, for those wondering ‘how will I my make my return?’ – well, stop wondering.

Put cost aside for one moment and focus on the other core motivations of those who produce.

The opportunity to build a new audience base is a clear winner, as this new audience will tune in to lesser-known productions. The prospect of growing your brand in a new segment is also very real, as are the benefits of innovative partnerships that could lead to further prospects down the line.


What’s Really Holding Productions Back?

A barrier for anyone, anywhere, doing just about anything, is not knowing how. Do not be afraid to admit this if it is the case; you are in great company. Moreover, a lack of internal expertise is to be expected – you are new to this, after all.

Suffice to say, with the ever-increasing volume of live-to-digital performances, industry expertise has grown and, among those who produce, they cite external expertise as the best way to overcome the knowledge-gap. They attest there is plenty of help around and this can be a great way to upskill your team.

Understandably, the cost will always be a consideration, and the investment required will reduce appetite for participation. Two-thirds state this as their primary concern, so this cannot be ignored.

However, thanks to projects such as the Digital Screen Network, which was established in 2005, 212 cinemas received funding to install digital projectors with priority given to smaller, independent houses who likely did not have the capital to support such an investment. In 2009, this was followed by an initiative of the UK Film Council who encouraged the transition from DVD to digital projection.

The infrastructure in place is robust which, in turn, should help reduce production costs if you find out who in your local area has such facilities.

Equally, while access to funding will always be top-of-mind, the reality is that obtaining financing for both live productions, or live-to-digital, is of the same difficulty. So, perhaps success lies in an appetite to take the risk. Positively, four-in-five senior leaders within the industry suggested they were ready to take a punt on live-to-digital, meaning it could be up to funders to open their eyes to the opportunity.


Sharing Positive Vibes

Arguably, the most integral element to garner support for digital transformation lies in sharing the data behind the growth. While many positive stories exist, there is, admittedly, still a dearth of publicly-available information.

The first two articles demonstrated the levels of participation; however, other issues lie in the fact that almost half of suppliers have little-to-no access to audience data from their own live-to-digital productions.

This needs to change.

To encourage productions, it is vital that exhibitors collaborate with suppliers to share audience or streaming data to disseminate the positive statistics gathered as part AEA’s report. Not only would real data provide a reason for those currently in the category to expand their offering, but they would also have a story to sell to those on the sidelines.


Step into Centre Stage

The motivations behind live-to-digital from a producer’s perspective are clear. As soon as you understand your live audience is under no threat, it becomes about three benefits:

  1. Building new audiences, including those who cannot attend
  2. Marketing and growing a brand through new partnerships
  3. Pushing boundaries in pursuit of artistic acclaim

In general, the overriding emotion around the current digital landscape is one of positivity. Growing audiences and encouraging larger viewing figures can only be healthy for an industry that is limited to venues that, by their very nature, can be cost-prohibitive.

Disseminating work in ways that promote access must be perceived as exciting – an artistic challenge as much as a threat – while appreciating the work done to reduce the barriers to entry may even help sceptics overcome their concerns.

Given that almost nine-in-ten exhibitors plan to maintain or increase both the current number of live performances as well as their current number of screenings suggests an industry in the ascent. The bigger risk appears to be others missing out, rather than producers succumbing to a valueless fad.

In the final scene, the article will cover the future of live-to-digital, reviewing where the category may go from here. As part of this, it helps to look at several productions that have leveraged digital, revealing their core learnings and helping readers establish a strategy for tackling the live-to-digital world.