An increasing number of companies are interested in cloud environments in order to improve their computing, storage and networking efficiency, adaptability, and to reduce their capital expenditures. By leveraging the cloud properties of elastic and on-demand access to computing resources (eg networks, servers, storage, applications and services), companies do not need to own and maintain any more dedicated servers. Cloud service providers can provide management of various tasks like mailing and other collaborative tools.
This trend towards cloud computing is certainly not limited to “traditional” types of applications and the use of data centers from cloud providers is now also observable for other application fields such as OTT video content services. Indeed, several aspects of OTT services, like content preparation and delivery through various rapidly-developing cloud-based online video and digital rights management platforms, are fast developing.
However, cloud computing is not free from real and concrete security risks. Companies such as Evernote and Feedly suffered severe service outages last year, and software hosting provider Code Spaces even went out of business following targeted Distributed Denial of Service (DDoS) attacks on their cloud infrastructures.
So, what security challenges should content services providers consider when it comes to developing or outsourcing content protection and rights management applications that are known to be security-critical from a business perspective for paid-for content services? Outsourcing or “cloudifying” content protection and rights management applications involves strong security needs and requirements that cloud service providers should be in conformance with, i.e.,:
Specific hardware resource with Hardware Security Module (HSM)
Content services applications may require a dedicated use of HSM for cryptographic operations and data protection. Some cloud service providers are aware of, and already use, HSM in their cloud architecture.
Flexibility concerning data location
In content services applications, data location should be treated with special attention. Indeed, cloud computing elasticity is based on virtual machine migration (applications and platform) between data centers that can be located all around the world. Specific rules shall apply to personal and application data location.
Permanent data confidentiality and integrity
Content services applications’ data (e.g., video content at various stages of the content preparation and transcoding workflow, identifiers for session-based watermarking, digital usage rights, authentication credentials, usage data of content services for content recommendation and service personalization, end-user’s billing information…) are really sensitive information. Confidentiality and integrity should be considered during the complete data lifecycle. Cloud infrastructure can provide VPN-based authentication, white-list access or data encryption on servers’ files system. Software can be deployed in the cloud to ensure data integrity.
High service availability
Content services applications require high availability of service even in the face of service outages including denial-of-service potential threats. Providers have to support this requirement with application replication and migration. Availability can be improved by using distant or foreign data centers and by using active-active servers principle (data/service/database are mirrored and synchronized between data centers).
Providing a comprehensive and global security management analysis is of paramount importance for content service application development or migration: a global security approach addressing technical, operational and legal frameworks over time is required. Moreover, security monitoring is critical for the service reliability: new attacks methods or vulnerabilities in the system must be addressed with a clear visibility into the services operations or data that could be potentially affected. Content services providers should be able to examine the capabilities of each vendor in the chain with regard to security awareness and renewability.
Adding a pinch of security here and there, on top of cloud computing, will not stop cloud “thunder” and “storms”. Content services in the cloud deserve a comprehensive 360° approach for security management.