Cincopa Security

Like every content on the internet, even videos need to be secured so that it is not misused by users intending to do plagiarism.

In applications where videos play a critical role inside the organization or holds sensitive data, it is paramount that the video data is transmitted, stored and delivered securely.

Cincopa’s media platform provides a series of security mechanisms that enable users to maintain full end-to-end security and integrity of video data.

With Cincopa, the uploaded videos and related metadata is ingested and stored securely in the Cincopa Server databases & backups. And then it is delivered for secure viewing.

How does Cincopa ensure high security for user’s media?

In combination with proper network and IT security policies and procedures, Cincopa enables users to enjoy cloud video hosting with full end-to-end security. With the various security features offered, Cincopa makes it possible to control and protect access to videos delivered outside of the organization.

We will now see how the media items uploaded in Cincopa platform, are securely transmitted from the source (computer, FTP, Mobile device, Third-Party sources) and delivered to the video player via global CDN network or eCDN as well as how to implement and use the extended security in the most optimal way.

Cincopa’s Video Data Flow (Cloud Edition):

In a video hosting application, the typical flow of data can be broken down into these steps:

Video is captured by a user or uploaded to the platform. >> Video is stored & transcoded on the media server.  >> Video is streamed/delivered over the web to the video client via a global CDN (content delivery network) >> Video is viewed by the end-user >> View Analytics Data as per GDPR compliance

Let’s view each of these steps in detail:

1. Video Uploaded or captured by the user

A user may capture\create video using Cincopa’s UGC (user-generated content) recorder or may upload video & media files directly to the platform using the media CMS, Externally embedded uploader API or RESTful APIs.

Additional means of secure uploading include FTP and Amazon S3 bucket sync. Multiply layers of security may be applied to range from SSO & 2FA to access the Cincopa CMS management platform, password protection, and IP\Domain protection to restrict access to external uploading component (which may be further enhanced by allowing access only via an internet site)

2. Storage and Transcoding

Video is stored & transcoded on the media server & Database A “public cloud” media server hosted on AWS web services, backed up on an IBM Soft Layer handles the encoding of the video to create multiply versions\flavors of the RAW file to deliver optimal version according to device and bandwidth and to conserve on bandwidth usage for optimal user experience. (buffer-less viewing)

Metadata and additional content such as closed captions, thumbnails, and additional text information are stored on a secure database with no identification to the customer account. Users may access the Cincopa CMS media platform to edit, modify metadata and delete content. The platform is secured by SSL and provides login information with email verification. SSO login and 2FA are additional options offered to tightly control access to the platform and video data.

3. Delivered

The Video is then delivered over the web to the CDN (Content Delivery Network) which makes the delivery very fast and secure. The use of a CDN enables caching and temporary storage of video “near” the customer to create the shortest time to deliver request and provide a bufferless viewing experience.

4. Viewed

In this stage, the video is now viewed by the end-user. The video player may be embedded in a secured intranet, embedded on a public website behind a login wall or viewed using the Cincopa Portals or Cincopa Share pages which are secured via HTTPS/SSL and offer additional layers of security to access the video such as SSO\LDAP integration, Viewer login access (Email & Password) or Google Plus login.

5. Analytics

If Google Analytics is enabled, the video creator can track and analyze in-depth detail about the visitors on their videos. Google Analytics also helps in providing accurate tracking of their video playtime. According to GDPR compliance, sensitive customer information and employee information can be masked or not collected at all by configuring the company’s account.

Additional Security

Additional security measures include IP, Domain & Geo whitelisting for embeds which the player and associated videos will not render to deliver the video if restricted.

Let’s look into the security mechanisms used by Cincopa to protect its user’s data:

AES Encryption:

• The Advanced Encryption Standard, or AES, is a specification for the encryption of electronic data chosen by the U.S. government to protect classified information.
• It is widely used throughout the world in software and hardware to encrypt sensitive data.
• In Cincopa, all communication between Viewers and the Recording Server is secured using 128-bit AES encryption.

Domain Whitelisting:

• Cincopa allows the users to embed the media player to a specific domain.
• This helps in restricting the audiences who is trying to watch the Cincopa video from outside authorized domain locations.

IP Whitelisting:

• With Cincopa users can also whitelist a range of IP addresses which adds another layer of security to your media files.
• With IP whitelisting, you can restrict access to users outside a specified ip range who are trying to watch a your Cincopa videos.

Proprietary Video Streaming:

• Cincopa also utilizes a proprietary video streaming protocol that cannot be accessed using commonly available media players.
• Only the Cincopa Player is able to decode the video stream from the server.
• This will secure your videos from not allowing users to access your videos from videos players other than Cincopa Player.

GDPR Complaint:

• Cincopa cares about its user’s privacy. Hence, Cincopa and its utilized vendors fully comply with GDPR regulations.
• For more information on Cincopa GDPR Compliance & Data Privacy please check our article: https://www.cincopa.com/help/cincopa-gdpr-compliance-data-privacy-faq/

Allow/Restrict Downloads:

• In Cincopa, users have an option to Allow Downloads of the media files that they upload.
• This means if you enable Allow Downloads, then the users accessing your media files will see an option called Download.
• If you wish to disable download for some important media files, then you can disable it with a click of a button.
• To make it more convenient for the users, you also have an option to enable Allow download on Right Click.

Data Center Security: 

• All videos hosted in Cincopa is hosted on Amazon Web Services (AWS) and all our hosting vendors have up-to-date SSAE 16 certification.
• Amazon Web Services (AWS) is highly secured and you can know more about it from here https://aws.amazon.com/security

SSO (Single Sign-On):

• SSO also known as Single Sign-On is an authentication process, that allows a user to enter the username and password for one application and automatically logs them into multiple applications regardless of the platform, technology, or domain the user is using.
• Cincopa offers a single sign-on (SSO) solution for large businesses and organizations
• Remembering multiple usernames and passwords becomes difficult to manage and hence with Cincopa’s SSO, users no longer have to deal with these issues and their users don’t have to remember a separate username/password for logging in.

SSL: 

• SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.
• User data in Cincopa is protected with SSL encryption for transmission to Cincopa.com.