Support: +1 (855) 894-5820
security_model

The Niche Video Media Security Model

Nithin Raj

The Threat

When it comes to multimedia content, there are three main “Threat Vectors”:

  1. An unauthorized person can view your content.
  2. An unauthorized person can download your content.
  3. An unauthorized person can alter or corrupt your content.

The Niche Video Media security system prevents all three vectors.

Security is best modeled as “Layers of an Onion”

security_model

Video Content Management and Delivery Security

When looking to select a provider of content hosting, specifically video, there are a variety of options.

Public Hosting

This is usually the first stop for someone seeking video hosting.  It’s simple, well documented, and widely known.  It is also almost completely insecure.  Any tech savvy person can acquire the content uploaded on these providers simply by knowing that it exists.  The only security provided is a minimal amount of content segregation by placing it in a “private” repository (Private Channel or Professional version) – something not publicly searchable.  It does not protect you from any of the three vectors, it simply makes it a little less likely that anyone would accidentally find it.  There is no log in, no validation of the rights the user should have, no protection of the content either at rest or in motion, and no way to ensure a viewer must pay before viewing content.

Private Hosting

Providers in this space begin to understand the value the customer has invested in their content and start to provide some layers of protection.  Some can push a viewer to pay before viewing content.  One or two limit who can modify (and therefore corrupt) content, but they do not segregate content allowing different people access to different content.  We have found none that offer protection of content in motion (during transmission) and only one that protects it from client-side harvesting tools.

Internal Hosting Providers

These providers place their software inside your network and rely on the security of your network to protect your content.  This is why they are targeted at only large enterprises.  Several of them are still  vulnerable to both content in motion interception and client side harvesting tools – in addition to requiring the customer to build and learn the infrastructure components necessary to host and deliver the content themselves.

Secured Private Hosting – Private Media Channel by Niche Video Media

We provide protection for every threat vector.

  1. An unauthorized person cannot view your content.
    • Only authenticated users that you have defined, or you have approved to access the system, can get the content on their screen.  There is no access to the content that does not go through our ID management and Role Based Authorization layers.  It is not possible to access the content except through our software.
    • If the content is monetized, it can only be viewed by users who have paid, or to whom you have awarded free access.
    • Access can be granted to the entire library of content, a group of content, or a single video, at your discretion.
    • If one of your users shares their logon with another person, their fraudulent access can be immediately detected and alerted.
  2. An unauthorized person cannot download your content.
    • The content is streamed, never downloaded.
    • The transmission of the content is encrypted.
    • The transmission channel is digitally signed with an expiration date.
    • The video link on the page is “obfuscated” so that harvesting tools cannot recognize that a video is on the page.
  3. An unauthorized person cannot alter or corrupt your content.
    • If they cannot download it, they have no copy to alter.
    • The content repository on our servers is isolated and only accessible by our application servers.
    • Even if someone bypasses Amazon Web Services’ security model which is ISO 27001 security management standard, locating the desired content on our servers is made near impossible with randomized naming and locations, along with data at rest encryption.
    • The only action they can take if all the other layers are compromised would be to replace the video with another one.  This does not physically replace the file, but create a new pointer to a new file, so the original content is protected and retrievable (only by us).

Disclaimers

It is not possible to protect against every eventuality that can be encountered by a motivated expert hacker.  Security Best Practices aim at making it economically unfeasible to achieve the hacker’s goal and making it clear that there are easier targets elsewhere to pursue.  While we cannot guarantee your content cannot be acquired by someone who should not have it, we certainly make it far more attractive to attack someone else.

Security also has negative side effects.  Since more advanced security features require stronger and newer clients (i.e. browsers), employing all security measures limits the reach of your content.  Finding the right balance between security and reach is always a challenge.  Our security experts will gladly discuss the tradeoffs with you so that you can make an informed decision.