Depending on the type of content (live or on-demand) and the encoding/packaging approach used by the operator (centralized or network edge), the DRM packaging can occur either at the operator head-end (on-premise) or be done entirely in the cloud. Yet in both cases, a cloud DRM solution helps simplify the operations by centralising all the interactions. One cloud service then abstracts the complexity of managing multiple DRM head-end systems.

To what extent are DRMs moving into the cloud?
Several consumer DRM products (PlayReady, Adobe or Widevine for instance) are already offered as a cloud service. Cloud DRM is also an emerging trend for implementing operator DRM products, and, in particular for smaller operators, as cloud services are an efficient way to optimize their own operations while getting a robust level of service.

Looking further, we see large operators starting to run their own cloud infrastructure, implementing a generic IT infrastructure server virtualization approach that brings cost benefits as well as added elasticity. Such an approach usually relies on a combination of a private cloud environment with some highly scalable online services put on a public cloud or using third party cloud services, for functions such as multi-DRM management.

What are the opportunities and drawbacks today of cloud DRM?
The main opportunity for operators considering cloud DRM services is to leverage this option to simplify their own diverse IT infrastructure as well as to optimize their operational costs. It also allows them to move to pay-as-you-grow type of business model, allowing them to start quickly to reach multiple multiscreen TV devices and then scale fast as needed thereafter. This minimizes the risk of upfront investments, in particular when launching new multiscreen services.

A potential loss of control on the DRM key servers is often raised as an issue but this is not the case in reality, as DRM server systems are designed to be securely operated in such an environment.

Do wider privacy and security issues associated with the cloud translate into this space?
In our DRM systems, we don’t directly manage the customer identity or other confidential information that can lead to privacy issues. For this reason there are also no major geographic limitations as to where our cloud DRM offer can be hosted.

On the security side, we enforce the same network protection mechanism that operators use, securing and monitoring the data and key exchanges between our cloud platform and the operator platform.

Recommendations for operators ahead of investment this area
Operators first need to define their multiscreen device reach requirements and identify the most appropriate DRM solution for each device type. NAGRA anyCAST PRM, offered both as a set-top box and multiscreen secure player solution for a wide variety of multiscreen devices, can address a broad range of needs for both hybrid and pure OTT networks. Operators should thus consider how they see their multiscreen and multi-DRM needs evolve over time, including anticipating their future use of other third party DRMs to reach more proprietary devices. This then will likely drive their requirement to use a multi-DRM platform that can be deployed on-site or operated from the cloud.

Turning to a specialized partner that can provide an operator-controlled DRM product, manage the complexity of interfacing with multiple DRM systems and deliver a cloud-based solution clearly brings value.

NAGRA's approach
NAGRA already offers full-service multiscreen managed cloud TV services to pay-TV operators. This offering includes CAS and multi-DRM components that can also be provided as a cloud service, reducing operational complexity and increasing scalability for our customers.

We offer our Cloud TV Services either as a full turn-key managed service (from multiscreen apps and STBs to the CRM and CDN components) or as a modular hybrid private/cloud solution, providing a highly secure multi-DRM managed cloud service. Such modularity, along with our capability to address the full end-to-end multiscreen application and security needs of pay-TV operators, clearly sets us apart in the market.

NAGRA is also a contributing DASH-IF member and drives the DRM head-end interface standardization workgroup. With DASH supporting common encryption (CENC), it greatly simplifies multi-DRM deployments from an encoding farm and workflow perspective, an attractive proposition for new multiscreen service deployments.

Also as announced recently, NAGRA has started working with leading online video service provider Netflix, one of the industry’s largest streaming services / cloud platform operators that will support NAGRA anyCAST PRM as a Netflix-approved DRM on their platform as well.

Christopher Schouten and Simon Trudelle are senior product marketing directors at NAGRA.