How to Keep Enterprise Video Safe and Secure…Most of the Time
You’re the tech guy or gal for a medium-sized company, and the CEO just told you she wants to start using an online video platform to distribute video around the enterprise. Live all-hands-on-deck meetings, converted to VOD for those who can’t make it live, plus product demos, some training, a few marketing videos—you know the drill. She finishes by saying, “And I want it secure.” You nod your head in agreement as she walks off, and then you wonder, “What the heck does that mean?” Well, let’s talk about that.
First, the unfortunate reality is that by using screen capture software, employees can capture any video they can play. But let’s put this aside for a moment, and return to it.
Second, many OVPs deliver encoded MP4 files via progressive download, which any browser-based video capture tool—Firefox’s Video Download Helper, for instance—can capture with a click or two. Some OVPs allow you to restrict viewing to authorized personnel, which is useful, but doesn’t prevent a disgruntled employee with access from grabbing the file and uploading it to an anonymous YouTube account. Access-related security is only as good as your least-secure employee.
Most OVPs now deliver video using adaptive bitrate technologies such as HTTP Live Streaming (HLS) or DASH (Dynamic Adaptive Streaming over HTTP). These technologies work by dividing a single source file into separate files with different configurations, and then dividing these files into short chunks delivered sequentially to the viewer.
Adaptive streaming technologies often vary the file sent to a viewer, sending a higher quality file when bandwidth is good, and a lower quality file if it gets restricted. So the chunks delivered to a single viewer could have different resolutions, with some at 640x360 resolution and others at 720p or 1080p. This schema makes it tougher to capture these files; while I’m sure there are tools that do it, I’ve never tested one that works. So if your OVP delivers adaptively, you gain an additional level of technological security over those that deliver via progressive download.
The next level is provided by actual DRM technologies, starting with encryption. Encryption scrambles the video data in the file so that it can’t be viewed without decryption, which is delivered to the viewer via a decryption key. Encryption is available as a feature of most adaptive streaming technologies, such as the AES 128-bit encryption available with HLS. For the vast majority of corporate types, encryption should be sufficient, and it will prevent all but the most technologically sophisticated potential pirates.
How can technically sophisticated users break simple encryption techniques? Because decryption is often handled by the browser, in some instances the decryption key might sit unprotected in the browser’s buffer, where it can be captured to allow others to decode the video.
What’s the next level? If you’re fanatical about security, you’ll want to integrate a third-party DRM technology, such as PlayReady, Adobe Primetime DRM, or Google Widevine. These technologies separate the content from the decryption key, so the playback client has to communicate with a license server to get the decryption key. That decryption key is securely stored in the browser or player so that it can never be captured. In truth, this level of security is almost exclusively the province of Hollywood and other content producers, and it’s very seldom used for internal corporate communications.
The bottom line is that when your boss asks if the content is “secure,” you should advise her that there are multiple levels of security, but that ultimately, they all might fail due to the availability of screen capture software. Of course, just because some burglars know how to pick locks doesn’t mean that we don’t lock our doors at night. There is value to making video harder to steal. Be sure to understand the pros and cons of the various techniques described above, and that the only truly secure video is one that is never shared at all.
This article appears in the September 2015 issue of Streaming Media magazine as “Deconstructing DRM.”
Irdeto's Lawrence Low discusses the state of the art for digital watermarking, and how it can help address illegal distribution and consumption of live online content.
Enterprises struggle to deliver high-quality video on their internal networks. Hive Streaming offers a cost-efficient and easy-to-implement solution.
Digital rights management is more important than ever. Here's a look at the options available and how they can help you protect and monetize your content.
The video industry has learned from the music industry's disastrous example, and created fair rights management systems.