Several years before making today’s headlines as the Trump-Russia Investigation’s special counsel, former FBI chief Robert Mueller made waves with his wry comment that “there are only two types of companies: those that have been hacked, and those that will be”. Today, it may be more accurate to say there are two types of companies: those that know they have been hacked and those that don’t. This uncomfortable truth, whilst unsettling, is in fact the first step to working out a strategy for storing and delivering video and content over the Internet. Why? Because once a company has recognised that they are not immune from cyber attacks, they can get down to the nitty gritty of working out what lengths, costs and trade-offs they are willing to accept in order to meet the industry and legal obligations around the protection of video data and content.
Data protection and how this pertains to both video data and content is understandably a hot topic. This is driven by numerous factors including the increasing amount of media coverage of breaches, such as the infamous iCloud hack, and the surge in the number of new, mission-critical, cloud applications on the market. The EU General Data Protection Regulation (GDPR) – which defines the rights of EU citizens around the privacy and protection of their personal data – is another crucial consideration. As are questions about how both Brexit and the EU-US Privacy Shield Framework agreements (including the executive order signed by the new US administration) will affect EU data stored in the US (and vice versa?).
So when moving your video data into the Cloud, here are the top 5 tips on what to look for in an online video platform and how you can best protect your data.
Tip 1: Differentiate between video data and video content
In the world of online video, video data refers to the metadata – or data about data – such as categories, descriptions and tags as well as attached documents, viewer comments, likes and so on. Video content refers to the actual video frames, i.e. what you watch. This is an important distinction to make because while it may be acceptable for your video data to live in the Cloud, it may not be acceptable to have your video content in the Cloud.
Tip 2: Break down your data and content into different classifications of privacy
Classification is generally one of the following: publicly available, internal only, internal and confidential or regulatory. Each classification requires a greater level of protection, with the risks ranging from embarrassing to highly damaging to breaking the law (where legal regulations apply).
Tip 3: Understand the legal obligations for specific office locations
The legal obligations regarding data and content are complex, constantly changing, and highly idiosyncratic based on the classification and the context in which they will be used. When combined with the different approaches required for different countries, you begin to understand what might keep CIOs awake at night.
For example, in the UK there is the Data Protection Act 1998 (DPA), whereas in the EU it is the 1995 EU Data Protection Directive, which is soon to be superseded by the GDPR. And between the EU and the US there is the EU-US Privacy Shield, which supersedes the The Safe Harbor framework. It’s a compliance minefield. Plus you also need to be mindful that regulations do overlap in certain ways.
Tip 4: Investigate the different Online Video Platform (OVP) deployment options
There are a number of cloud-based choices available today:
- Cloud Software-as-a-Service – all of your data and content will be stored on the provider’s datacentres (wherever they may be) and delivered over the public internet via Content Delivery Network partners (such as Akamai, Amazon Cloudfront, Limelight etc).
- On-Premise – the provider’s platform is deployed on your servers (most likely inside your headquarters) and data never leaves your internal network.
- Hybrid – a mix of cloud and on-premise. In a nutshell this means some data can be stored in the Cloud and some data on-premise, depending on the confidentiality restrictions of each type of data.
- Private Cloud Software-as-a-Service – this is essentially an on-premise installation, but instead of being deployed on in- house servers, the deployment is powered by a trusted provider, such as Rackspace or Amazon Web Services or Microsoft Azure.
Tip 5: Question which secure protocols and encryption types are being used
How data is stored and via which protocols it is delivered is crucial to determine how secure your video is while at rest and during transit. Ensure your online video platform provider encrypts video data and content at rest – or, in other words, the servers on which the video data and content is stored. In transit, ensure secure protocols (such as HTTPS) are used. And for the highest level of security, you should adopt on-the-fly DRM packaged content.
Whether you are an enterprising entrepreneur or a global enterprise, the move to the cloud is transforming businesses. Findings from 451 Research’s most recent Voice of the Enterprise (VotE): Cloud Transformation study highlight the sunny outlook, with 22% of organisations polled adopting a ‘cloud first’ approach, with infrastructure as a service (IaaS) or the public cloud the fastest-growing model. By chasing away doubts about cyber breaches, businesses can tap into an increasingly wide range of services provided over the Internet instead of on premise, with all the advantages that offers. These tips will help you to navigate the data protection maze and help achieve a secure, cost-effective solution to storing and delivering your video content in the cloud.
Raphael joined Kaltura in 2014 as a Solutions Architect before becoming Managing Director and Global Head of PreSales Engineering in 2017. Having started his career in investment banking as a software developer, he switched industries to pursue his passion for online video and has worked for a variety of online video software companies including Kulu Valley (now Qumu). Raphael studied Philosophy and Computer Science at Liverpool University.