How the IP Media Trust Boundary Brings Security Back to the Center of IP Media Technology
The shift to IP workflows is changing the face of the broadcasting industry. Media companies can leverage remote, distributed, and hybrid production models to produce more content, more efficiently.
However, when moving from SDI to IP, security becomes a key consideration. This transition entails connecting internal studio networks to open IP networks and communicating large-scale media flows between different IP networks. The "IP Media Trust Boundary" is a new mission-critical security capability that resolves the fundamental security challenge in IP. With security no longer being a drawback, more media organizations will be turning to IP media technology and benefiting from cutting-edge production workflows.
SDI 'Security' Is No Longer Fit for Purpose
SDI has revolutionized the broadcasting industry, driving the transition from analog to digital video infrastructure and supporting the transmission of uncompressed, unencrypted digital video signals. SDI has been delivering secure connections over IP networks by adding an adaptation layer to and from IP when handing over SDI signals to the studio LAN. This was possible by creating a very clear demarcation point between the IP WAN and the studio. However, a fast-moving industry like broadcasting never stands still. Today's consumers demand content anytime, anywhere, and they are after compelling viewing experiences. Media companies and production houses are pivoting to IP technology to benefit from its flexibility and scalability when it comes to producing and delivering immersive content including new high bandwidth UHD-4K and UHD-8K video formats.
New Security Challenges Require New Solutions
IP media technology involves switching between local and public IP networks and different IP domains. Data, audio, and video streams enter the different domains over the same network links and ports, posing security challenges. Therefore, it is critical to control the type of IP media traffic that can pass through these networks and the type of streams that can go in and out of each network domain. We often think that "harmful" IP media traffic causes damage and needs to be eliminated. However, the truth is that the security risks are much broader than that. Even what we would typically consider as "secure" IP media traffic can create serious security problems. This often happens when the content isn’t configured properly. Incorrectly configured content can flood the network and cause packet loss, jitter, and delay. To avoid this problem, media organizations should ensure they have complete visibility and control of all content filtering in their IP media networks and services.
The media and broadcasting industry has been leveraging a combination of existing security capabilities to tackle security problems in IP. These capabilities included general purpose, media-unaware firewalls and to a certain degree Network Address Translation (NAT). While, they have definitely helped secure IP media workflows to a certain extent, existing security "fixes" don’t have all of the functions and performance required to handle the large amount of streams and data in large IP media networks. As more media companies turn to IP-based production models, new and more efficient ways to address the security challenge are needed. With 4K and new formats, the IP studio handoff is quickly turning to 100Gbps IP ports, putting high demands on performance to ensure low-latency and high-efficiency.
Introducing the New IP Media Trust Boundary
Controlling the stream traffic that is allowed to pass through different domains is fundamental in IP-based workflows and an IP Media Trust Boundary supporting both ST 2022 and ST 2110 workflows can deliver this mission-critical capability. The IP Media Trust Boundary is very different from all existing IP security "fixes" as it automates the traffic filtering of incoming and outgoing IP addresses and ports per stream and per core application. Users gain back control as they can define the metrics that allow for the fine-grained control of which data and streams will be allowed or blocked. This capability can be applied when transferring content in mixed IP environments and between trusted and untrusted IP domains.
The IP Media Trust Boundary doesn't only resolve the IP security challenge — it delivers the flexibility and scalability that new workflows require. The NAT functionality enables the removal and reapplication of the full IP layer, creating a tamper-proof seal. In addition, the NAT functionality allows for the full reuse of IP addresses while making the move between multicast and unicast networks and IP media devices much simpler.
An ultra-low latency 100GBE IP media trust boundary has already been successfully deployed to deliver trusted IP media between operation centers on the 100GE wide area network. While traditional firewalls typically slow down zero-latency uncompressed IP media traffic and the enabling power of 100GbE based content production, the trust boundary removes delays typically introduced by the non-media aware firewall. These delays would seriously harm live media workflows. In addition, the trust boundary brings cost efficiencies as scaling a non-media aware firewall would be prohibitively expensive, raising IP-based content production costs.
Securing the Future of IP
Security is a key consideration for media companies deploying or thinking to deploy IP media workflows. So far, existing security solutions only partially resolved the problem sometimes causing further issues such as media traffic delays along the way. The IP Media Trust Boundary offers a different solution to the security challenge by delivering a cost-effective, reliable and scalable capability. It provides the high-bandwidth, low-latency mechanism that protects IP media networks from untrusted, unapproved media traffic.
The broadcasting industry can finally benefit from IP media workflows without compromises. The IP Media Trust Boundary removes complexity and renders security a competitive advantage rather than a vulnerability. Media companies are finally able to secure individual streams in hybrid media and mixed IP domain environments. Welcome to the age of secure IP media technology.
[Editor's note: This is a contributed article from Net Insight. Streaming Media accepts vendor bylines based solely on their value to our readers.]
Chris Harris, EMEA Technical Director of Thales, discusses the best approaches for enabling DRM to protect intellectual property, such as controlling playback, region locking, and paywall screening.
That's just one of the findings from a joint survey conducted by Streaming Media, Help Me Stream Research Foundation, and EZDRM into the state of content and revenue protection in the streaming video marketplace. The report is available for free download.
LiveSports LLC describes the impact of gambling and large-purse gaming in the big-league sports/esports scene on streaming workflows and secure delivery in this clip from the sports panel at Streaming Media Connect 2021.
Online screeners are now more secure with forensic watermarking technology enabled by cloud services providers
Data breaches aren't just a concern for financial platforms. Hackers also target OTT platforms. Here are three best practices for keeping subscriber data safe.