Page 24 - AeM_June_2018
P. 24
BEST PRACTICES & STRATEGIES
‘Must-have’-security requirements for
enterprise video platforms
Organizations are increasingly adopting video and live be carried out easily and comprehensibly - even for
streaming: from how-to guides for customer service, a large number of users.
corporate portraits for marketing purposes or employer
branding, to live streaming for internal communications Auditing acceptability: Who did what when? In
and investor relations. industries such as finance, there are legal
requirements for traceability. Here, companies
Certainly, data protection and security challenges have have a duty to document legally secure methods,
grown with the wider use, too: protection against for example, to monitor when which video was
unauthorized access, secure authentication, prevention published where and by whom. For this, a data
of unauthorized processing, compliance with internal protection compliant, forgery-proof logging must be
regulations and the new General Data Protection available. Likewise, videos must also be archived
Regulation (GDPR). A professional Enterprise Video after deletion, with a lower-quality space-saving
Platform (EVP) could present a good solution to all these video version that can be used to fulfill proof
challenges. Of course, comprehensive security features requirements.
must be in place, addressing both legal and specific
security needs, and reliable worldwide delivery be given. Video playback security guidelines: Where can
the video be delivered? Consider that some videos
Anyway, the following tips before selecting an EVP could may only be given to certain departments,
be useful: customers or partners, or selected locations in
certain countries. It is important to have video
Authentication: How secure is the access? Keep in delivery under control with IP address filtering, geo
mind that it all starts with the authentication of the -blocking or token authentication, and to encrypt
user. In addition to the common password-based with Secure Sockets Layer (SSL).
login, large companies often use single-sign-on
systems or multifactor authentication that combines Infrastructure: Is data protection compliance
several procedures. In that case, an EVP has to ensured consistently? Answer the question to
master authentication methods such as Security make sure that videos are kept in accordance with
Assertion Markup Language (SAML), one-time the General Data Protection Regulations GDPR),
passwords (OTP), smart cards or biometric since companies must be able to prove this at any
recognition. time.
Authorization: Who has which rights? If a user has To prevent sensitive content from falling into the wrong
been identified, it does not automatically mean that hands, end users only need to select the correct
the person can use all features: maybe the person security policy when uploading, at the same time
can watch videos or participate in webinars but can’t comprehensively configuring the protection
edit or share the content. Therefore, it is important mechanisms. Here it is useful to name the security
that user rights are granted cautiously. But since in policies as well as the content classification levels of
large organizations the overhead of configuring your organization, e.g. ‘public, internal, confidential and
rights on a per-user basis is huge, it is possible to secret’. The underlying security measures are then
model rights by user group and role. With a few directly configured correctly and managed centrally by
building blocks, a complex rights configuration can an administrator.◊
By MediaBUZZ
24 June 2018 - Mobile & Video Marketing