movingimage Releases Essential Checklist for Enterprise Video Security
An Enterprise Video Platform (EVP) Must Fulfill Five Critical Security Requirements
Berlin, Germany(10 Jan 2018)
movingimage today released a checklist to help companies understand the latest criteria for security and data protection when selecting an enterprise video platform (EVP).
More and more companies are using video and live streaming in increasingly varied ways: from how-to instructions for customer service to company profiles for marketing, branding and recruiting to live streaming for internal communication and investor relations. This widespread use of streaming has given rise to increasing challenges for data protection and security, including protection from unauthorized access, secure authentication, the prevention of illegal processing, compliance with internal regulations and compliance with the EU General Data Protection Regulation (GDPR).
These challenges can be overcome with the help of a professional enterprise video platform (EVP), but not all EVPs provide these extensive security features.
“When selecting a suitable EVP, companies need to ensure that the platform addresses legal requirements as well as specific security needs,” said Natalia Kermode, managing director of sales at movingimage. “The EVP must be capable of keeping internal and external videos available in a secure way, complying with regulations such as the EU General Data Protection Regulation (GDPR) and guaranteeing reliable distribution globally.”
movingimage, which specializes in cloud-based solutions for enterprise video management, has developed a decisive set of security questions that companies should ask when selecting an EVP:
1. Infrastructure: Is thorough data protection compliance guaranteed?
Video content containing personal information needs to be kept in compliance with the highest data protection regulations, and companies must be able to provide proof of this at any time. For this reason, movingimage recommends using European data centers for hosting the platform. Companies should also ensure that the entire infrastructure fulfills the strict European standards. The operator of the connected content delivery network (CDN) must also be able to prove that their infrastructure fulfills the EU data protection regulations outside of Europe as well.
2. Authentication: How secure is the access?
If not all employees are permitted to view, edit, share, or perform any kind of action on each saved video, companies must be able to clearly identify approved users of the platform or video. This starts with user authentication. For user login, large companies often use a classic password-based login supplemented by single-sign-on systems or multifactor authentication that combines several processes with one another.
“This level of authentication can only be supported by an EVP that is capable of authentication methods such as SAML, one-time passwords (OTP), smart cards, or biometric recognition,” said Kermode.
3. Authorization: Who has which rights?
Once a user has been identified, this does not automatically mean that said person can use all functions. For example, they might be able to view videos or participate in webinars, but not to edit or share the content. For this reason, it is important to be able to issue user rights in a granular way.
Since there is a great deal of administrative effort required to configure rights on an individual user basis within large companies, a rights model based on user groups and roles presents a good alternative. This allows complex rights configuration that involves just a few components to be carried out in a simple, transparent way for a large number of users.
Automatic user management using information saved in a company directory such as ActiveDirectory or LDAP is recommended for large organizations that, for example, live-stream town hall meetings for thousands of users. This allows user accounts with the right role and group allocations to be automatically created, changed, or deleted in a role-based manner.
4. Audit compliance: Who did what, and when?
In industries such as finance, legal requirements call for transparency. Companies in this sector are obligated to document information such as when a given video was published, where and by whom, all in an audit-compliant manner. Data-protection-compliant, tamper-proof logging must be used to make this possible. Videos should also be archived even after they are deleted. To this end, a lower quality, storage-space-saving version of the video is maintained to fulfill the burden of proof.
5. Security guidelines for video playback: Where can the video be distributed?
movingimage also recommends taking another security aspect into account: playback. Some videos, for instance, are only suitable for certain divisions, customers, or partners, or selected locations in certain countries. It is important to maintain control of video distribution via IP address filters, geo-blocking, or token authentication, and to encrypt this via SSL.
In order to prevent confidential content from landing in the wrong hands, end users simply have to select the correct security guideline when uploading to extensively configure the protective mechanisms. To facilitate this, it is a good idea to name the security guidelines and content classification levels within your own company, such as “public,” “internal,” “confidential,” and “secret.” The security precautions underlying these are then immediately and correctly configured, and can be centrally managed by an administrator.
To learn more: A fact sheet on this topic, “Secure Video Platform: Better Safe than Sorry,” is available as a PDF under the following link: www.movingimage.com/security
As the leading global provider of secure enterprise video technology, with locations in Berlin, Tokyo, New York and San Francisco, movingimage’s mission is to revolutionize how enterprises and organizations use video. Their software-as-a-service enables companies to efficiently manage all their video assets centrally and stream them in the best quality on any device. movingimage boasts an extensive customer portfolio of over 500 companies, including blue-chip corporations such as the Volkswagen Group, Allianz and Bayer.
For more information visit www.movingimage.com