What Every CIO Needs to Know About Video Security

About a month ago, a leaked video of an all-hands meeting at Google revealed that the tech giant was struggling to deal with controversial topics that have been plaguing its internal company culture. Of course, this is not the first time an organization’s sensitive information has been made public–it almost feels like we hear about a new instance every single day. From business secrets to company culture, and beyond, the non-verbal cues able to be seen in video often go beyond what is spoken. 

As a CIO, you’re likely responsible for the overall information technology at your business. Whether you’re looking to protect company relations and trade secrets, or just looking to make the information at your meetings more secure (or something else!), content made available should always only be accessible by the intended audience. This is why enterprise-level video security protocols and encryption need to be a part of every piece of tech that touches your company. 

And, when it comes to video content, here’s a guide to what you need to know to improve the privacy of internal content so you can better protect videos from prying eyes.

How (and Why) Videos Are Created


We all know what a video is, but do you know the key components of these complex files? All videos contain a series of pictures (or frames), glued together to create motion (Fun fact: that’s why they were originally referred to as “motion pictures”). Audio track(s) are then synced with these continuous optical tracks to give them life. Depending on how the audio is packaged, and its containers, these tracks may stay bundled in one single file or made available as a separate file.

Almost 5 billion videos are watched on YouTube every single day. Further, though, video is arguably the most engaging medium for everything from learning a new skill, to sales training and overall business communication and beyond. Giving your employees the chance to make their own video content is also a great opportunity for your business. Not only is it convenient, saving time and money for your organization, but it also gives you a library of materials to use as needed. 

Once upon a time, you couldn’t create videos without fancy equipment and a sophisticated setup. But those days are long gone. Thanks to the advancements in mobile technologies and modern browsers, capturing screens and webcams has never been easier. Now, videos are being used everywhere in business, from marketing to training, onboarding to sales enablement–the list goes on. 

This widespread adoption is why making content available to the right audience remains an important job. While some videos are appropriate for the general public, oftentimes, you’ll need to secure them internally or for prospects.

Protecting Internal Videos


Any CIO knows that a combination of technologies is ideal when it comes to protecting trade secrets and content. Any of the single options listed below can be ineffective for video security when deployed alone. For best results, it’s recommended you implement more than one mechanism to secure content as dictated by its business classification.

Firewall

This mechanism is widely deployed in enterprises with any kind of content security. Firewalls restrict content availability within a boundary: It may be a physical device such as a network or a logical perimeter as we see with IP restriction. While it’s effective, it prevents employees from accessing content on the go. Since an increasing amount of employees are working remotely these days, firewalls can create barriers when accessing important videos like all-hands meetings unless deployed in conjunction with secure remote access technologies such as VPN.

Cloud technologies/software as a service (SaaS) is typically accessible from everywhere. This creates opportunities for remote employees to get connected and consume company resources in the same manner as in-house employees while bringing them together virtually.

Authentication

Limiting access to employees or partners via authentication should be the first defense mechanism implemented, as authentication plays an important factor in restricting content only to those you trust. Username/password combinations may be an easy way to start, but that becomes another password management overhead for personnel and makes the overall user experience less than desirable.

Almost all enterprises use some sort of a directory management service which stores users in a database:

  • Single sign-on provides a bridge between user experience and security while helping you achieve compliance.
  • Cloud applications need an extra bit of security, so a single factor authentication may not be enough and in this case, implementing a second-factor authentication such as smart card or TOPT devices is a good idea.

Cloud Identity management services like Okta, OneLogin or Ping improve the user experience while providing the security for cloud applications enterprises need.

Authorization

Authorization refers to limiting access to a defined user set like a department or a group but it does not work without authentication. Cloud video platforms like CircleHD enable you to restrict your videos to specific audiences with very little effort. You can even utilize segments your company already uses, such as cost center or department.

Encryption

Encryption has been utilized since 600 BC when the ancient Spartans used it to send messages during a battle, but it’s more modern form has been in use since World War I. The technology works by altering bits of content with a secret key. Then letting someone access that original content again with a complimenting key. 

There are four types of commonly used algorithms:

  • Symmetric encryption – algorithms use the same key to encrypt and decrypt the content. Its usage is considered less secure when used alone over the internet since the sender and receiver share the same key. Symmetric encryption is faster and often used to encrypt large blocks of data such as video.

  • Asymmetric encryption – This uses a public key to encrypt and a private key to decrypt the video. It can also be used to verify the authenticity of a video if a MITM attack is a risk. This algorithm is slower and requires a higher computation power, making it an unsuitable option for video security, as videos are often played on low-powered devices such as mobile phones and tablets.

  • Encryption at rest – Essentially, this can be described as converting your sensitive data into another form, which generally happens through an algorithm that cannot be understood by a user who doesn’t have the encryption key to decode it It’s particularly useful in rendering data useless to hackers, should your information be compromised.

    This is the recommended approach if you’re on a public data center or public-facing object store like AWS S3. We do that CircleHD. All your content is encrypted by KMS (key management service) where the content can only be decrypted by a key that is periodically rotated to reduce the surface of an attack vector.

  • Encryption on transit – This describes how data is transmitted. TLS (or SSL) is a secure transport channel. When used, it reduces the man in the middle (MITM) attack. The content is encrypted using a negotiated symmetric key algorithm.

AES ( Advanced Encryption Standard) is a symmetric encryption algorithm widely used for video encryption for the above-mentioned reasons. This algorithm supports various lengths of key bits, such as 128, 256, 512 or a higher multitude of 128. The downside of AES is that, once the video encryption key is shared, the keyholder can continue to decrypt the video as long as it is available. 

Intranet videos are often played on web browsers, but HTML5 player is not capable of playing an encrypted video by itself. That means you can’t just encrypt an mp4 video file and have the browser stream to play it.

Thankfully, most modern browsers (89%) support Media Source Extension (MSE). Therefore, it allows javascript to download encrypted videos, decrypt them and feed them to the media player programmatically. This process is complicated, and implementation was left up to various video vendors, however, they like to support it.

Over the years, the advancement of internet video streaming has led to 2 popular protocols for standardization: HLS (HTTP Live Streaming) by Apple & DASH (Dynamic Adaptive Streaming over HTTP) by MPEG. If your users are on the Apple ecosystem, you are out of luck and have to stick with HLS.

Why do we need HLS or DASH but not just encrypt the mp4 file?


The old mp4 file format (or container) wasn’t designed to support encryption. Your HTML5 player needs the meta-data, which is often at the end of the file. To play an encrypted video, such as a regular mp4, your browser has to download a large file before playing it. This gives your end-users a large buffering period, high CPU usage, and bad user experience. 

Solution: 

Chunking – A file splitting mechanism that allows your large video file to split into smaller blocks and encrypt each block individually. Your device or browser can then download only the necessary parts to start playing. And then download other parts as needed. Another advantage is that each block can be encrypted with a different encryption key. 

Sticking with a standard protocol such as HLS or DASH has the following benefits:

  • Portability across browsers and devices
  • Standardization of encoders and encoding algorithms
  • Adaptive bitrate streaming 
  • Standardization of encryption algorithms
  • Support for content delivery networks

While encryption of video improves the security of the content, it’s not bulletproof. Once the key is stolen, attackers can decrypt the video.

DRM – Digital Rights Management


DRM is a stronger encryption protection mechanism. It can work on an existing protocol such as HLS or DASH. It’s widely used by Hollywood and streaming services, such as Netflix and Amazon, for compliance requirements. This method, however, depends on cryptographic module support from hardware and operating system vendors. 

Most DRM solutions are fragmented and available today are proprietary and may require licensing and royalty payment. Google’s Widevine DRM is a popular solution currently made popular due to out of the box support in Chrome and Firefox browsers. Other technologies include: 

  • PlayReady from Microsoft
  • FairPlay by Apple
  • ClearKey by MPEG

(Note: CircleHD has plans to support DRM in Q2 2020 for our enterprise plans and enterprises that require higher grade video security. Please contact our sales team if you are looking for a DRM solution for your enterprise video.)

At CircleHD, we believe the ease of access to videos should be every employee’s right. It’s worth noting that over-guarding content can create a barrier to consumption across your organization. Be sure to strike a balance between your enterprise video security needs and user experience to encourage adoption across your teams. 

—–

We’d love to speak further with you about how to effectively implement a secure content management platform at your company. Please contact us to learn more about how CircleHD can meet your video security needs while encouraging employee engagement and collaboration at your enterprise. 


How to Accurately Calculate Video File Size (Plus: Bonus Glossary)

Video file size can be a tricky thing. How large is the one you just recorded? This complex storage format holds a lot of information and there are many reasons why you may want to check the size of it. In order to get the most accurate calculation, we need to start by dispelling a common myth:

Video file size depends on the bitrate but not the video resolution. 

Bitrate is the most important factor in determining a video file size. Technically-speaking, you can have a 4K video with a lower bitrate than a 720p video. However, in this instance, the 4k video quality would appear poor but take less space on the disk when compared to a 720p video. And if your video contains audio? That track has its own bitrate as well.

File Size = Bitrate x duration x compression ratio

Here is a reference chart taken from sample videos found on Youtube/internet

ResolutionBitrate1 minuteRecording Duration per GB
4K (UHD)20 Mbps84MB12 minutes
1080p (FHD)5 Mbps20MB50 minutes
720p (HD)1 Mbps5MB3.5 hours
480p (SD)500 Kbps2MB8 Hours

The above table is for heuristic estimation and reference only. There are a lot of other factors influence the actual video file size such as compression ratio, variable bitrate, color depth.

Bitrate = Frame size x Frames Rate

Although the original intent to write about video file size, read along if you would like to learn more about videos, overall. This guide purposefully hides complex details to simplify the understanding of most common terms and their usage. If you have any questions or suggestions, please reach out to our team.

——-

A Glossary of Terms

Frame: Any static picture you see on your screen while playing or pausing a video is called a frame. They are consecutively presented in such a manner as things appear moving on the screen. That’s why video is also called moving pictures.

A frame behaves just like a photo, and all the attributes such as color depth and dimension. A 1080p or full HD video will have frames of size 1080×1920 pixels with each pixel storing RGB (Red, Green, Blue) 8-bit color data and maybe some more. The frames are presented usually at a constant rate called frame rate.

Frame Rate: The number of frames (frame rate) presented on screen per second is represented as with FPS or frames per second. A typical video can have 15 to 120 frames per second. 24 is used in movies and 30 FPS on common on TV.

The frame rate should not be used interchangeably with shutter speed. Shutter speed is an in-camera setting used to determine the amount of motion blur in film production.

More FPS means smoother playback but a bigger file.

The approximate size of each uncompressed frame is 5MB. At 30 frames per second, a raw HD video will need 5MBx30 = 150MB storage space per second. We are going to need around 540GB per hour for the raw footage. that’s a lot of disk space even today. Many of our storage drives can’t even write to a disk that fast. However, you usually won’t need that much space, thanks to compression and lossy encoding (quality compromise to save disk space) techniques.

Compression reduces the space required to store similar frames that have fewer moving parts. Such as a landscape scene with little or no motion between frames. Since motion in scenes can drastically change in most videos, some encoders allow encoding at a variable bit rate by consuming more than average when needed and less when the scene is mostly static.

Encoding: Encoding is the process of digitization of analog video streams. Just like getting an electric wire feed from the camera and storing the content in a .mov file. The process may happen in hardware or software. Many digital cameras encode video natively, without needing to have any additional software post-processing and requiring less storage space.

The conversion between different file formats is called transcoding. These terms have different meanings but are used interchangeably since digital cameras have greatly eliminated the need for encoding these days.

Codec: Codec is the program that is responsible for the encoding and compression of the video and audio tracks. A lossless raw encoder may not compress the data hence need a lot of storage space to store every bit of the video feed. A lossy codec such as H.264 could store the same video on a fraction of filesize. Different codecs are used to achieve a balance between quality and storage space.

H.264 aka AVC (Advanced Video Coding) by the MPEG group is internets current popular codec. This codec is widely supported by most mobile devices, web browsers, and operating system vendors thankfully requiring many different formats for playback like the old days.

Mp3 by MPEG group and AAC (Advanced Audio Coding) by Apple are the most popular audio codec on the internet. Since the mp3 patents have expired AAC is being recommended. 

A newer video codec H.265 aka High-Efficiency Video Coding or HEVC is now available as the successor of the H.264 codec. H.256 provides better compression and faster decompression. This codec is being promoted for use by video pioneers such as Netflix and Youtube to improve the streaming video quality and experience, especially on slower connections.

Containers: Often called file formats such as MP4, MOV, AVI, WMV, MKV, and WebM. There are a lot of different container formats. MP4 is very popular on the web and WebM is an open container format being actively promoted by Google for royalty-free internet use. 

The container is a file format that describes how the tracks (video/audio/subtitles) stored inside the file. The file format is just a matter of choice often used along with well-known codecs that work together. Some containers allow streaming video playback while others require the file to be downloaded entirely before playback. Since these container formats support different feature sets and require some agreement and royalty payment by the manufacturer, vendors tend to prefer one format over another.

If you like to learn more here is a detailed comparison on Wikipedia.

MP4: MP4 (MPEG-4 Part 14) is a well-known internet container/file format that is supported by a wide range of devices such as mobile phones and digital cameras. This container allows storage of multiple video, audio, subtitles, and other metadata, where containers such as mp3 container only allowed audio tracks and a limited set of metadata inside it. A variant of this format supports progressive streaming, this is the most preferred format for internet video playback. 

Above are the main factors used for determining the file size.

HDR: High dynamic range. Modern TVs and cameras are able to capture greater details of images and video in senses that contain brighter and dark objects. In traditional SDR (Standard dynamic range) images were either bright or dark depending on the contrast application. HDR format can, however, capture more information per pixel (32 bits) and let the display decide the actual contract at the time of presentation. This method requires double the amount of storage file size and some advanced compression technique that can impact the final file size when applied.

Audio: Some containers allow multiple audio tracks embedded in the video files. Hence the size of the video depends on no of tracks and bitrate of the audio as well. 192Kbps bitrate is considered good quality audio for stereo sound.

Encryption: Video security mechanisms such as DRM (Digital Rights Management) that use encryption to protect playback of the content on authorized devices. For example, Netflix only allows you to play their video only if you have an active membership. This is often done to implement licensing and prevent piracy. This protection usually increases the file size due to metadata inclusion.

Video streaming: Video streaming is a process of watching a video over a network without having to download the entire video file. This technique often begins by buffering  (downloading some metadata and the portion of video currently being watched) parts of the video and provides seeking and skipping parts that are not being watched. Streaming provides smoother watching experience and requires less network bandwidth and disk storage.
There are many methods available on the web to implement streaming.


Microsoft Stream and Best-of-Breed Video Management Platforms

According to a leading access and identity management provider with visibility into thousands of corporate software deployments:

“We dug into the data and found that organizations are increasingly deploying best-of-breed apps alongside suites, and that adoption of best-of-breed is growing much faster.”

At first glance, Microsoft’s Stream offering seems attractive, especially if offered at no cost as part of a bundle with Office 365. But when looking into the ability to store, organize and share video content, it makes sense to take a closer look at what specific functionality is available.

What’s Stream missing?

Playlists

This is a basic, YouTube-like functionality that is not available in Stream. Most organizations need the ability to order and sequence content for optimum training purposes, not just the ability to save it to a particular Channel.

Reports and Analytics

Sharing content is one thing, but getting data on who is actually engaging with it, and to what extent —what percentage of a training video are my users viewing? — is essential to most companies. Stream has access to likes, views and comments data, but not much else.

External Sharing

In Stream, there is no feature to securely share videos and other content with third parties like partners and customers.

Integration with Cloud Web Conferencing

Even if you use a Microsoft product for some of your webcasts, your recorded Zoom, Slack, Webex, and GoToMeeting sessions will not be auto-saved to your Stream repository.

Quiz and Test Functionality

Microsoft offers this, but not natively; you need to follow a link to their Forms product. The typical user who just wants to create a simple Quiz to pair with their training content may find this difficult.

Some of these functions may someday be added to the Microsoft Stream roadmap, and perhaps later released. Until then, it may make sense for your organization to go with a best-of-breed video management platform to complement your Office365 deployment.

Resources

https://techcommunity.microsoft.com/t5/Microsoft-Stream-Ideas/idb-p/StreamIdeas

https://techcommunity.microsoft.com/t5/Microsoft-Stream-Blog/Global-Admin-Pro-Tip-Learn-how-to-build-video-analytics/ba-p/365267