Video is one of the most brilliant tools that have been brought forth by technological advancement in recent times.
A video is used by businesses to drive growth, create user engagement and increase conversions. However, some videos aren’t always meant to be released for all the world to see. A lot of content is usually produced only for internal consumption by company workers, for instance.
On the other hand, there’s always the matter of security. Sure, your video should reach as large a market as is feasible, but as a responsible business person, it’s upon you to ensure nobody can intercept the delivery of the videos without any authorization.
Additionally, live video streams between members of the firm should be entirely private – you must be sure nobody is eavesdropping on your conversations.
All these and more are some of the more severe scenarios where you need secure video content. Whether you use free tools like YouTube, enterprise video hosting innovations like Cincopa or do the video hosting on your own, there are a few simple and other not-so-simple measures that can be taken to keep your videos safe.
HTTPS
We’ll start off with this relatively simple concept that is fundamental to everything on the internet. HTTPS is the secure version of the regular web. Without all the complex technicalities in-between, it exists to make sure nobody can interfere with the delivery of your video content.
When implemented, the server has issued a certificate from an organization that specializes in the same (or can be self-signed, but this isn’t as prevalent). The certificate is then used as proof that the connection is secure, and as such, any data that is passed to the client side is encrypted. It can’t be interfered with, and even if it were, the data would be useless to the attacker.
This tool is needed to ensure nobody can eavesdrop on you while on the internet – whether internet video calls or when delivering videos to the viewer, they are untouchable while in transmission. There is a lot of consumer awareness around it. As per a survey, only 3% online shoppers say they would enter their credit card details on a site that is not secured with the green padlock.
Password Authentication
A much simpler way of having your videos secured is the good old-fashioned way of requiring a username/email and password when a video is requested from your server.
This is basic, and only involves the use of personally identifiable information like employee number and, possibly, a randomly generated password. However, it would be useless if the connection wasn’t encrypted, to begin with. It should always be used together with HTTPS.
IP Address Restriction
IP restriction is an interesting way of preventing access because it’s the only way that can be used to geofence your videos. When a device connects to a router, so it can ultimately be able to connect to the internet, the router issues it a unique IP address. For that reason, devices connected to a company network will always have similar IP addresses within a specific range.
For that reason, access to the video can be tailored such that only devices that have authorized addresses can view your videos. Since IP addresses are a lot harder to spoof, your internal training videos will always be safe.
The only downside of this method is that nobody, not even execs, can view the videos when not connected to the company network. For instance, not even at home, unless this is specifically built into the system.
Having a list of IPs that can access the system is referred to as a whitelist. At the same time, your system can include a list of IP addresses that are not allowed to access the system – a blacklist. This will allow you to restrict who can visit your site based on location, also known as geofencing.
Geofencing is an effective marketing technique as well. A survey conducted by Search Engine Watch shows only 22% of marketers using techniques like geofencing (hyperlocal advertising) to their full potential. This means you are well ahead of 78% of your competitors by using geofencing.
Domain Restriction
Pretty like IP restriction is domain restriction. This essentially either only allows your video to be embedded on individual websites or only played on specific sites, each identifiable by their domain names. This is perfect for videos that you want to be played on your website or a narrow range of per-authorized websites.
Obfuscation
Everything on the web is identifiable using URIs (unique resource identifiers). Your video will be located at a URI like “https://blog.mycompany.com/secret-training-video.mp4”. Note that this URI ends with the ‘.mp4′ extension, so it can be scraped, bookmarked or downloaded at will.
On the other hand, a technique often employed by private video hosting companies is to obfuscate the URI, so it points at ‘nothing.’ For instance, the video above will instead be hosted at “https://blog.mycompany.com/secret-training-video/”. Once that endpoint is called, server-side scripts do their thing and deliver the video from an entirely different URI, unbeknownst to the oblivious video-ripping user.
Tokenization
If you pay Wikipedia a visit in search of a meaning for the word ‘tokenization,’ you’ll probably get something along the lines of: ‘substituting sensitive data with a non-sensitive one which has no immediate value to a third-party.’ If that sounds complex, think of it as having a user id to represent a person rather than their real name, so you don’t have to reveal their private details.
The perfect example of tokenization would be YouTube URLs. For example, a video like “https://www.youtube.com/watch?v=dQw4w9WgXcQ” – the ‘v=dQw4w9WgXcQ, is a tokenized version of a video that exists on YouTube’s servers. Besides, a tokenized video can hold a lot more information than just the identifier. It could include an IP range, access token and any other pieces of data you need to restrict access to or otherwise deliver secure video content.
Watermarking
Restricting access to your videos is all well and good, but if your problem is people distributing your videos all over the internet without giving you credit, a video watermark is the simplest way to approach it. It’s most commonly used by stock video hosting sites like Getty or Stockphoto. However, the process can either be automated by being built into the system or using a video content management system that has the feature built-in.
The most advanced way of approaching it, however, isn’t necessarily a watermark that can be seen – those superposed on top of videos. They can also be invisible and dynamically generated using unique information such as the email or name of the person who bought the video. If a copy of the video is found anywhere on the internet, you can use the same software or video content management system used to place the watermark to find out who originally bought it. Necessary legal action can then be taken at that point.