Seven Tips for Securing Sensitive Company Video Content
July 5, 2018
Deadpool, Hulk, Super 8 and The Hurt Locker are just four of a growing number of movies that have been leaked or stolen before release, costing studios millions. But it’s not just media companies whose content is at risk of being hacked though: every organisation nowadays has a growing mass of video-based content that needs to be kept safe too. Audiovisual content such as sensitive training materials and executive communications is now easier than ever to create and share – and as a result, often harder to protect.
As per text-based content, leaving a hacker-shaped hole in your video security strategy leaves your organisation open to blackmail, data privacy nightmares, large fines from regulators for breaching regulations such as the GDPR, and a corporate reputation in tatters.
Here are seven tips to help your organization avoid this fate and protect its valuable video content.
Know your needs: There’s no one-size-fits-all. Each company requires a different security approach and more is sometimes less. If files are kept behind too many protective layers, they become inaccessible; too few, and they’re insecure. To find the right balance, you might want to consult with an external expert or your online video provider.
Consider entitlement carefully: A CEO, an entry-level employee and an IT person all require different access rights to different content. For instance, a CEO might have permission to access sensitive videos that a regular employee might not have, while an IT person needs back-end access for administrative purposes. The ability to segment users based on responsibilities is arguably more important than any other security measure. It puts content in the hands of the right people and greatly reduces hackers’ targeting options.
Encryption: Whether used for encryption-at-rest (i.e. encrypting videos on the data server) or encryption in transit (via secured protocols, such as encrypted HTTPS), an encryption key makes sure that content can only be accessed or seen by authorised individuals. For many, it’s an essential basic measure, but it has its limits: once content is streamed to an authorised viewer, it leaves your realm of control. To negate this, there is the highest and most secure form of encryption – Digital Rights Management (DRM). Like encrypted HTTP, DRM has an encryption key. However, DRM’s key continually communicates with the video playback to ensure proper usage; it also has terms attached relating to things like policy and output quality. Plus, content cannot be saved in unencrypted form because it’s opened in a protected-memory environment. In other words, DRM is the only way content can be viewed at rest (offline) on devices without losing control of usage rights.
On-premise vs. SaaS (Software as a Service): If you work for an organisation that is required to comply with stringent legal regulations – such as certain government entities, healthcare providers and the like you might opt for an on-premises solution, or a hybrid solution (combining SaaS and OnPrem). In these use cases, video content never leaves an internal server.
Forensic watermarking: One simple way of tracking content is through watermarking. A visible or invisible mark is added to the video, making it easier to track its origin. With watermarking, viewers can be advised before viewing that they are handling restricted content and that any leak could be tracked back to them. And if somehow content has leaked, watermarking can help track the source of the leak.
Ask partners about their security practices: Sometimes content is leaked indirectly through a partner. In fact, some of the worst online data thefts have used backdoor entrances through third parties. Limit access to, and thereby exposure by, your partners.
Physical security: It might seem obvious, but offices and servers need to be kept secure. Tech providers must make sure locations are covered by an array of measures including guards, alarms, biometric access, cameras and controlled-employee access so that cyber defenses cannot be circumvented. This includes ensuring cloud vendors adhere to the strictest ISO compliances.
In conclusion, the key is to stay vigilant. When you’re looking for an online video solution, do your homework and try to find the right balance between security and accessibility. Perhaps most importantly, once you’ve picked your preferred security measures, try to make their execution as flawless as possible.
With the right security approach in place, video will boost productivity and communication, while ensuring that your organisation does not suffer the same fate as those hacked Hollywood movies.
Kaltura's mission is to power any video experience. Our wide array of video solutions are deployed globally across thousands of enterprises, media companies, service providers, and educational institutions, leveraging video to teach, learn, communicate, collaborate, and entertain.