March 31, 2014
By Tim Siglin Contributing Editor
Featured Articles

The State of Enterprise Video 2014

However, sometimes these apps lack the basic in-app security necessary to limit unwanted viewership. And the trend is growing as more devices move between both sides of the corporate firewall. Once the sole domain of IT administrators, sandboxing has risen to top-of-mind because of BYOD. With enterprise IT budgets being curtailed, the idea of providing access to corporate networks via an employee’s own device is both appealing and frightening to IT managers.

To accommodate employee -- especially executive -- interest in tablets and smartphones, IT managers have begun using sandboxing techniques to cordon off access to various parts of the corporate network based on filtering techniques such as geo-location-based filtering. In this way, they mimic the manner in which digital rights management (DRM) solutions have been used in media and entertainment for many years.

Many companies, though, have an excessive number of employees who travel between countries. This means geo-location alone can’t be the sole criteria for blocking content in the simplistic way that media and entertainment companies implement regional streaming blockages.

While DRM schemes from Flash Access to PlayReady to Verimatrix can be used for content-level sandboxing, none of these have traditionally been used to secure the app. We’d hoped to see a concerted push for sandboxing of both apps and content in 2013, but as of early 2014, we’ve yet to see a solution that addresses more than just the delivery pipe and content. Here’s hoping that 2014 will yield a security solution addressing corporate video apps as well.

IT departments will often create a company-only application for one or several mobile device types and then attempt to limit this application’s release to employees only. This is often referred to as security through obscurity, but as we’ll see in the next section, the success of enterprise video often means that obscurity isn’t a recommended approach.

Hybrid Solutions

A final trend to consider in mobile and security is the need to deliver content outside the firewall, especially when it comes to key partners and road-warrior employees.

Some cloud-centric vendors will suggest ditching the internal media delivery system, solely opting to use a cloud-based solution. We disagree, based on the fact that cloud-only solutions do not have a long-range track record proving these cloud solutions are any more secure or any more robust than a well-built internal media delivery solution. They certainly are more expensive, however, so it’s in the best interest of an enterprise video team to understand the balance between in-house and external (cloud) solutions.

We concur with Frost & Sullivan, which noted that BYOD requires a hybrid approach. The hybrid approach takes on several forms, but one form that has traction in the enterprise is the use of a hybrid content delivery network (CDN) that uses a traditional CDN in conjunction with an enterprise CDN (ECDN).

A traditional CDN can also be used within the firewall to deliver data and media content, but the cost effectiveness of using an external CDN for internal delivery has always faced the same financial hurdle that today’s cloud-only solutions face.

An ECDN approach is essentially an appliance that receives streaming content from the origin server and then passes it on to “service engines” at branch offices. If the origin server is in the same corporate LAN, content need not traverse the corporate firewall to be delivered to branch offices across the corporate-wide area network.

According to an Ooyala report, consumer-facing, long-form content is increasingly being consumed on smartphones and tablets rather than desktops, and we can expect the trend to be mirrored in the enterprise.

On-demand content can also be cached at the branch office service engines so that WAN traffic is reserved for more mission-critical data delivery or for live streaming events. Then, if the event is to be viewed by telecommuting or in-the-field employees, a CDN or cloud-based delivery solution is implemented on an as-needed basis to handle these viewers beyond the corporate firewall.

This leads to another hybrid trend: securing cloudbased delivery to corporate mobile apps. This not only addresses some of the concerns noted previously, but also alleviates an issue that many companies use to deliver video to on-the-go employees: the virtual private network (VPN).

Denis Khoo, CTO at MediaPlatform, stated it well during the aforementioned session at Streaming Media West: “They [often] originate the mobile stream (generally HLS) from inside the firewall,” said Khoo, “and require external mobile devices to VPN in and pull the stream over the VPN. This can quickly overload the VPN concentrator.”

Once the VPN concentrator overloads, many IT departments shift to a model in which the mobile device pulls enterprise content directly from the internet via a CDN. Khoo says this external delivery means that the application itself needs to be addressed.

“We strongly advise securing the mobile stream above and beyond application-level authorization,” said Khoo. “Application-level authorization sometimes relies on security through obscurity. ... As a best practice, we advise a few additional security measures: CDN token authentication, CDN Player Verification, and HLS Stream Encryption.”

Conclusion

We’ve only scratched the surface of trends within the corporate and enterprise environment when it comes to video delivery. Other topics covered elsewhere in the Sourcebook touch on captioning, transcoding, and live encoding solutions.

If 2013 was the year that enterprise mourned (or celebrated) the loss of the BlackBerry and contemplated a future with diminished significance of desktop video playback, 2014 will be the year that mobile delivery is the front-and-center challenge to solve. For corporate video teams and their managers, the challenge is to move ahead with current protocols and delivery best practices, while at the same time placating internal customers who have come to rely on legacy solutions that “just worked” but have been declared end-of-life products by their manufacturers (Windows XP anyone?). It should be a fun year, full of challenges and opportunities for companies offering the right mix of enterprise solutions.

This article appears in the 2014 Streaming Media Sourcebook.