5 Best Practices for Secure OTT Video Delivery
In the U.S. alone, piracy costs the national economy a whopping $29.2 billion annually. Relatedly, security firms are measuring an increase in piracy, hacking, and other digital attacks every year. To fight this problem, OTT video publishers need to implement a range of best practices for secure video delivery.
In this blog article, we’ll introduce and discuss five best practices for secure OTT video delivery to your viewers. These key security methods include:
- Run updated software
- Use encryption & restrictions
- Maintain content rights & bypass blocking
- Use HTTPS delivery
- Follow industry-standard monetization practices
Best Practices for Secure OTT Video
First, this review is not meant to be a definitive list of OTT video technology best practices. In addition, our discussion here includes a mixture of different security methods. Some are upstream/internal security measures. One application of this approach, for example, is to enforce strong passwords or 2FA use for employees.
Others are downstream/external practices, on the other hand. These security measures focus on protecting the video files in transit. This article centers mainly on external best practices. For more info on securing your website, you can check out Mozilla’s free Observatory tool.
1. Run updated software—and encourage your users to do the same
Yes, you’ve likely heard this advice before. However, how many broadcasters actually follow it? When running a business. and when handling payment information and private data in particular, it is essential to apply updates. Update your CRM, your plugins, and all the software that runs on your server regularly. In addition, make sure that all employees use updated software, especially for major tools like the web browser. And on that note, let’s talk about IE.
Internet Explorer 11 was released in 2013, more than 6 years ago. Today, that software is still used by between 2% and 6% of all internet users. That might not seem like much… until you realize that amounts to 100-300 million people! Put another way, IE users could make up the 4th largest country in the world.
However, IE is now out of date and highly insecure. In fact, Microsoft recommends that everyone stop using IE. Anyone who is still using this browser should switch to another option like Firefox, Edge, or Chrome. Likewise, encourage your customers to do the same. When they use an outdated, insecure browser, their payment information and other personal info are at risk.
2. Use encryption and other restrictions to deter piracy
As we stated in the introduction, piracy remains a huge global issue. Illegal streaming and downloads can have a significant impact on revenues from OTT video. Fortunately, there are several best practices you can implement to protect yourself from piracy. Let’s take a closer look.
One of the best ways to protect your valuable video content is with AES encryption. In essence, this technology encrypts your video while it is in transit. If a third party intercepts your content, all they can access is encrypted data—a jumble of binary nonsense. Without the decryption key, the data they capture is worthless. This method prevents people without proper authorization from watching your videos.
Geographic (IP) Restrictions
According to the Office of the United States Trade Representative, 36 countries are the biggest hot-spots for piracy issues. The full list can be found here. Highest on the list are:
- Saudi Arabia
Remember, certain countries are hot-spots for piracy. And most OTT video publishers are targeting users in a particular geographic region. Given these facts, it’s possible for a publisher to completely block certain IP address ranges that correspond to problem-countries, while white-listing countries that are essential to reach.
The tool for this is “geographic” [or IP] restrictions. Fortunately, some professional OTT video hosting solutions include this tool with their service.
Referrer (Domain) Restrictions
One of the biggest problems with piracy comes from copying video player embed codes onto pirate streaming sites. Luckily, a secure streaming solution makes it easy to bypass this issue. The tool to use is called referrer restrictions, or sometimes domain restrictions.
Regardless of the name, the feature works the same. Each embedded video player periodically pings the server with the URL of the website where it is located. If the website isn’t an approved domain, playback will be completely and instantly blocked. Only sites you’ve “whitelisted” will workstream your videos properly.
3. Maintain Content Rights and Bypass Blocking Using Professional Video Hosting
The third best practice on our list is to always maintain exclusive content rights and bypass site blocking. How? By using a professional video hosting manager. When you share your videos and stream live on platforms like Facebook and YouTube, these companies gain rights to your videos. As a result, they can use your content in their advertising, etc.
File sharing and video download tools also target these social platforms. That makes it surprisingly easy for people to copy your material illegally. Plus, these sites (Facebook, YouTube, etc.) are the most commonly blocked websites in the world.
With that in mind, the best practice for OTT video publishers is to use a professional video hosting solution. A pro service will guarantee you retain all content rights, grant you a white-label platform, and provide access to the other security tools we cover in this article.
4. Use End-To-End HTTPS Delivery
One of the most dangerous forms of hacking is the “man-in-the-middle” attack. This type of hack intercepts data in transit, and either copies it or modifies it. In some cases, these attacks can be used to impersonate a website or service and steal personal data or content. In the OTT video industry, MITM can result in piracy, stolen trade secrets, leaked medical info, and worse.
To mitigate these serious security risks, HTTPS delivery uses encryption and validation to protect against MITM attacks. Through digital certificates, signatures, and encryption keys, HTTPS ensures two things. First, it guarantees that you’re connecting to the right website. And second, it ensures that no one can steal content while it’s in transit.
A secure OTT video platform will use end-to-end HTTPS delivery to protect your content against most MITM attacks. You can upgrade your website to HTTPS by purchasing an SSL certificate. Or, if you wish to save some money, you can use the free SSL certificates issued by the non-profit project Let’s Encrypt.
5. Follow industry-standard practices for secure OTT video monetization
When you monetize your video, you’re responsible for protecting customer payment information. Without strong payment security measures, you may lose many customers due to mixed-content warnings—or worse.
To protect against this, use an in-player payment system with bank-grade SSL/TLS encryption. SSL/TLS is the current best practice for financial transactions online. It ensures that all credit card information is encrypted with bank-grade cryptography, protecting payment information again malicious actors.
When your business depends on income from video, security needs to be a central concern. There are a variety of ways to upgrade your security. We hope the 5 best practices that we outline here help you understand what you need to do to keep your OTT video safe.
If you’re in the market for a secure OTT video platform, we hope you will consider Dacast’s streaming solutions. We offer all the security features that we describe above, and much more. Dacast includes built-in monetization tools, analytics, and the feature list goes on. In addition, we use the top-tier Akamai CDN to deliver all your OTT video.
Need more information? Feel free to contact our support team directly to discuss your needs. We’re here to help! We also offer a 14-day free trial of Dacast, with no credit card required.
Thanks for reading, and let us know your questions and feedback in the comment section below. We love to hear from our readers, and we’ll get back to you as soon as we can.