How secure is your online video?
Imagen interface
If video is a big part of your business, the risks can be great when self-hosting your media. Providing access to your media can be difficult enough in terms of the technology required to store and deliver your video via a searchable website. But more critically, how can you make sure that only your intended audience can access your media?
While third party open hosting sites like YouTube provide wide open access for your public facing promos, there may come a time when you need more control over who can access your content and what they can do with it.
Ensuring that your content can only be accessed by registered users is paramount for any B2B media business, archive or company with sensitive or commercially valuable video.
An Enterprise Video Platform will enable you to host your content via a discrete, customisable cloud based service. Built-in security features mean you don’t have to worry about your videos, images and audio files being lost or seen by unauthorised visitors to your website.
Managing access efficiently
While your content can be made public and easily accessible, you may wish to restrict access to specific areas of your archive. Controlling access to your media usually requires a registration step for prospective users. This process can be automated and can be configured to include an email validation step to ensure that a real person is accessing your archive.
Alternatively, when higher levels of security are required, a manual check on the person submitting the registration form may be necessary before access is granted. In this case it's important to capture sufficient information during the registration process so that judgement can be made.
Once an individual is registered, users can be organised into a series of groups which will determine access levels for specific files and information. The permissions associated with the group will also affect a user’s ability to download high resolution originals, edit files, share and make comments.
Federated access – third party authentication system
While most individuals are content with setting up their own usernames and passwords to access online services, an organisation may wish to set up and control access for staff from a central location. A federated access model enables users to sign in to multiple web-sites, services or software services with a single set of credentials which have been issued by a central authority. Single Sign-on is particularly prevalent across higher education and academic institutions where users can access a wide range of online resources during their University Career. When they leave, revoking their access is a simple job for the administrator who only needs to remove one account.
Only having to recall a Single Sign-on offers advantages such as reducing user frustration; users aren’t required to remember many different combinations of username and password, saving time over multiple logins, and reducing IT costs of managing password problems at the helpdesk.
HTTPS and Media Asset Management
HTTPS, or Hypertext Transfer Protocol Secure, is an encryption protocol commonly used by online banks and e-commerce websites. HTTPS encrypts the data being transferred and establishes a secure channel over a non-secure network – normally between browsers and web servers. This ensures that data is protected from hackers who could intercept and access information while in transit.
Enterprise Video Platforms commonly use HTTPS to ensure that files being uploaded for ingest – either through a web browser or via an API, are transferred securely. Similarly, files can also be set up to download over HTTPS for secure delivery to the end user.
Web interfaces which provide end-users with access to content online should also pass log in data securely between servers and the client browser. This protocol ensures that credentials cannot be intercepted and used to steal content. This will protect your media but will also protect your users’ private information when registering to use the site.
Watermarked videos
The ability to add watermarks to your media adds another layer of protection to your digital media assets. By applying your logo onto your media, users downloading and sharing your public videos will not only advertise your brand, but it will also help protect your content against piracy. The option to add a pre-roll message to your content also means it is possible to display a message before a video begins playing, such as a rights notice, to caution viewers against misusing your digital assets.
Metadata (such as the title or unique ID) can also be burned into your video or image to ensure that it can be easily identified at a later date if it becomes orphaned.
HLS streaming vs Progressive Downloads
HTTP Live Streaming (also known as HLS) is an HTTP-based video streaming protocol that works by breaking down an overall file into a sequence of small HTTP-based files.
An accompanying index file is included, containing the information for playback of the segments as one continuous stream. Since its requests use only standard HTTP transactions, HTTP Live Streaming can traverse any firewall or proxy server that lets through standard HTTP traffic. It can also be played on all mobile devices, including those running iOS, unlike formats requiring a streaming server.
The advantage of HLS streaming over progressive download methods, which download a single file to the user’s web browser, is that it makes the process of capturing a single file virtually impossible. HLS delivery therefore greatly reduces the risk of file theft and piracy.
In conclusion
Hosting video with conditional access requires a range of security mechanisms designed to protect your media and protect your users' private data. It's important that the mechanisms are as transparent as possible to ensure a positive and enjoyable user experience where content is accessed as freely as possible. Enterprise Video Platforms such as Imagen provide content owners with all these features, plus the greatest peace of mind that their content is safe.
Ian Mottashed is marketing director at Cambridge Imaging Systems
You might also like...
HDR & WCG For Broadcast: Part 3 - Achieving Simultaneous HDR-SDR Workflows
Welcome to Part 3 of ‘HDR & WCG For Broadcast’ - a major 10 article exploration of the science and practical applications of all aspects of High Dynamic Range and Wide Color Gamut for broadcast production. Part 3 discusses the creative challenges of HDR…
IP Security For Broadcasters: Part 4 - MACsec Explained
IPsec and VPN provide much improved security over untrusted networks such as the internet. However, security may need to improve within a local area network, and to achieve this we have MACsec in our arsenal of security solutions.
Standards: Part 23 - Media Types Vs MIME Types
Media Types describe the container and content format when delivering media over a network. Historically they were described as MIME Types.
Building Software Defined Infrastructure: Part 1 - System Topologies
Welcome to Part 1 of Building Software Defined Infrastructure - a new multi-part content collection from Tony Orme. This series is for broadcast engineering & IT teams seeking to deepen their technical understanding of the microservices based IT technologies that are…
IP Security For Broadcasters: Part 3 - IPsec Explained
One of the great advantages of the internet is that it relies on open standards that promote routing of IP packets between multiple networks. But this provides many challenges when considering security. The good news is that we have solutions…