Why ‘zero trust’ means something different in live production

Zero trust has become one of the most widely cited concepts in cybersecurity, shorthand for an approach that assumes no user, device or system should ever be trusted by default. In enterprise IT, the idea is now well established. In broadcast production, however, the model does not translate cleanly.

Broadcasters adopt zero trust architecture for remote security

Live production environments are built around timing-sensitive workflows, proprietary hardware and operational constraints that leave little room for disruptive security controls. Applying zero trust in these settings requires a fundamentally different interpretation, one that prioritizes continuous verification and operational awareness over traditional identity-based enforcement.

“Zero trust plays a role in production and playout systems, but it must be adapted to environments where many devices can’t support modern authentication or endpoint controls,” said Jamie Horner, senior vice president of corporate strategy at Providius. “Instead of user identity, the focus becomes continuous verification of device behavior, configuration and traffic patterns.”

That distinction matters because broadcast systems rarely resemble modern enterprise networks.

Encoders, gateways, timing systems and control devices often run proprietary or stripped-down operating systems that cannot accommodate agents, certificates or frequent credential challenges. Yet these same devices increasingly sit on IP networks that are exposed to enterprise and cloud threats.

From trusted interiors to hostile networks

For decades, broadcast infrastructure operated on implicit trust. SDI plants were physically isolated, access was limited and risk was managed through separation rather than inspection. IP-based production and cloud connectivity dissolved that perimeter.

“The move to IP and cloud workflows has expanded the attack surface from isolated baseband systems to interconnected, software-driven environments,” Horner said. “Broadcasters now face the same exposure as enterprise IT, but with real-time systems that can’t tolerate disruption.”

In that context, zero trust cannot simply mean forcing every device to authenticate using modern IT controls. It must instead recognize that some equipment cannot prove identity in conventional ways, even as it represents a significant point of risk.

Advertisement

Sergio Ammirata, founder and chief scientist at SipRadius, said the danger lies in assuming internal safety simply because a system sits inside the production chain.

“Zero trust finally reflects the reality that a media workflow is only as strong as the single device nobody checked,” Ammirata said. “Assuming internal safety is a fast path to disaster when even a misplaced encoder can expose an entire network map.”

Verifying behavior, not just identity

In live production, zero trust often manifests less as user authentication and more as continuous validation of behavior. Instead of asking who a device claims to be, security teams monitor how it behaves on the network and whether that behavior aligns with expected patterns.

This approach is particularly important in timing-sensitive environments where intrusive security tools can introduce latency or jitter that disrupts live signals.

“The real gap is the absence of continuous, non-intrusive verification of device integrity and network behavior across operational domains,” Horner said. “Relying on IT-centric tools or ignoring the gaps leaves broadcasters exposed to avoidable risks.”

Some vendors extend zero trust concepts deeper into the media chain.

Max Eisendrath, CEO and founder of Redflag AI, said identity must be enforced at the content level, not just the network edge.

“A zero trust model ensures that every encoder, user and process must authenticate before content leaves the origin,” Eisendrath said. “We enforce identity verification at the packet and pixel level, not just at login.”

Others emphasize the importance of explicit authorization in routed IP environments.

Jan Helgesen, head of product and solutions at Nevion, said software-defined networking enables a stricter interpretation of zero trust than traditional broadcast routing.

“Most networks operate on deny lists, which try to block bad access after the fact,” Helgesen said. “SDN uses allow lists, meaning any access that has not explicitly been granted is denied by default.”

Zero trust without breaking the show

One of the central challenges in applying zero trust to live production is avoiding security friction that slows down operations. Broadcasters must grant access to remote operators, freelancers and vendors without introducing complexity that leads to workarounds.

Advertisement

Crystal Pham, vice president of operations and program management at the Trusted Partner Network, said zero trust only works when it aligns with how teams actually collaborate.

“Balancing access and security starts with designing workflows that reflect how remote teams actually work,” Pham said. “Strong identity controls, multi-factor authentication and well-defined permissions support secure access without blocking productivity.”

But identity alone is not enough. Simon Parkinson, managing director at Dot Group, said real-time monitoring is essential to maintaining that balance.

“The balance lies in granular access controls combined with real-time monitoring rather than blanket restrictions,” Parkinson said. “Security policies should be applied dynamically based on behavior, data sensitivity and context.”

In practice, this means zero trust in broadcast environments often looks less like repeated authentication prompts and more like constant oversight, automated alerts and rapid isolation when anomalies appear.

A mindset shift, not a checklist

Perhaps the most important distinction is that zero trust in live production is not a product or architecture that can be implemented once and forgotten. It is an operational mindset that treats every device, flow and control path as potentially hostile.

“Zero trust forces the discipline of validating every node, every time,” Ammirata said. “That is the only sensible approach in distributed environments where creation, control and contribution happen in different places.”

Michael Benda, chief security officer at Big Blue Marble, said the industry still struggles with viewing cybersecurity as an operational risk rather than an IT concern.

“Cyber incidents can disrupt live programming, compromise content integrity and damage audience trust,” Benda said. “Zero trust helps reframe security as a broadcast continuity issue, not just a data protection problem.”

As broadcasters continue to adopt IP, cloud and remote production models, zero trust will remain a useful concept. But its success will depend on how well it is adapted to the realities of live media.

Advertisement

In broadcast, zero trust is not about trusting nothing. It is about verifying everything — quietly, continuously and without taking the show off the air.