- Category: June 2018 - Mobile & Video Marketing
Organizations are increasingly adopting video and live streaming: from how-to guides for customer service, corporate portraits for marketing purposes or employer branding, to live streaming for internal communications and investor relations.
Certainly, data protection and security challenges have grown with the wider use, too: protection against unauthorized access, secure authentication, prevention of unauthorized processing, compliance with internal regulations and the new General Data Protection Regulation (GDPR). A professional Enterprise Video Platform (EVP) could present a good solution to all these challenges. Of course, comprehensive security features must be in place, addressing both legal and specific security needs, and reliable worldwide delivery be given.
Anyway, the following tips before selecting an EVP could be useful:
- Authentication: How secure is the access? Keep in mind that it all starts with the authentication of the user. In addition to the common password-based login, large companies often use single-sign-on systems or multifactor authentication that combines several procedures. In that case, an EVP has to master authentication methods such as Security Assertion Markup Language (SAML), one-time passwords (OTP), smart cards or biometric recognition.
- Authorization: Who has which rights? If a user has been identified, it does not automatically mean that the person can use all features: maybe the person can watch videos or participate in webinars but can’t edit or share the content. Therefore, it is important that user rights are granted cautiously. But since in large organizations the overhead of configuring rights on a per-user basis is huge, it is possible to model rights by user group and role. With a few building blocks, a complex rights configuration can be carried out easily and comprehensibly - even for a large number of users.
- Auditing acceptability: Who did what when? In industries such as finance, there are legal requirements for traceability. Here, companies have a duty to document legally secure methods, for example, to monitor when which video was published where and by whom. For this, a data protection compliant, forgery-proof logging must be available. Likewise, videos must also be archived after deletion, with a lower-quality space-saving video version that can be used to fulfill proof requirements.
- Video playback security guidelines: Where can the video be delivered? Consider that some videos may only be given to certain departments, customers or partners, or selected locations in certain countries. It is important to have video delivery under control with IP address filtering, geo-blocking or token authentication, and to encrypt with Secure Sockets Layer (SSL).
- Infrastructure: Is data protection compliance ensured consistently? Answer the question to make sure that videos are kept in accordance with the General Data Protection Regulations GDPR), since companies must be able to prove this at any time.
To prevent sensitive content from falling into the wrong hands, end users only need to select the correct security policy when uploading, at the same time comprehensively configuring the protection mechanisms. Here it is useful to name the security policies as well as the content classification levels of your organization, e.g. ‘public, internal, confidential and secret’. The underlying security measures are then directly configured correctly and managed centrally by an administrator.