Elevating cloud-based security

Forward-thinking video service providers are migrating at least some of their network infrastructures to the cloud to take advantage of its top-line benefits – namely predictability, flexibility, and scalability – which enable an OPEX-friendly “pay-for-success” model.

While leading cloud providers offer built-in security mechanisms, operators have understandable security and privacy concerns. This risk factor is increased when it comes to high-quality, premium live content. And this is where we’re seeing operators roll out new, experimental services: think streaming major sporting events with innovative viewing experiences and interactive features.

Supporting our customers throughout their individual cloud migration paths has been central to our product development strategy. We are doing this in several ways:

  • Building cloud-native solutions, like our Analytics solution
  • Offering flexible options via our Secure Cloud as an alternative to on-premises systems for all our product families
  • Integrating with leading cloud providers, like Amazon Web Services

Of course, with all the cost savings and new opportunities presented by cloud-based solutions also come challenges for video service providers, not least because of the radical changes in their workflows and in their apparent exposure to risk. To address these issues, Verimatrix has been at the forefront of integrating our security products with leading cloud solutions.

Here's an overview of our integrations with AWS Media Services to secure live and on-demand video delivery via the cloud.

Securing live video from point A to B: AWS Elemental MediaConnect + VCAS

Our API integration between VCAS and AWS Elemental MediaConnect helps secure live video transport. It provides a B2B connection between content providers and downstream affiliate stations, video services providers, and other distribution partners for final delivery of live content to consumers. We like to think of it as a cloud-based alternative to satellite or fiber for operators that are moving toward virtual operations.

The integration enables modern rights management to be applied between content ingest flow and distribution flow. It is designed to fulfill two main use cases: securing distribution workflows to downstream operators and enforcing the entitlements, distribution rights, and content security policies that ensure authorized content distributors have access to the right live streams. This enables content providers to better streamline deployment and monetization of premium content distribution workflows, as well as automate video analytics reporting between content providers and their partners.

Customers take advantage of operating VCAS as a SaaS on AWS, eliminating the need to install, configure and manage physical servers to operate VCAS services.

Streamlining cloud-based encoding and encryption: AWS Elemental MediaConvert and MediaPackage + Verimatrix Multi-DRM

We have a long-standing VCAS integration with the AWS Elemental MediaLive solution, and we most recently completed the API integration with AWS Elemental MediaPackage and AWS Elemental MediaConvert services. The integration of the Verimatrix Multi-DRM solution with these additional components ensures content is protected from the source to playback devices via cloud delivery.

Multi-DRM allows for the inclusion of third-party DRM schemes for complete end-to-end management of revenue security for video delivered over the top (OTT), with the goal of giving end-users transparent access to multi-network content regardless of DRM vendor. Multi-DRM provides both server and client-side support for secure content distribution that harmonizes management of DRM solutions like Microsoft PlayReady, Google Widevine, and Apple FairPlay Streaming, native to certain connected devices.

Video providers have the option to deploy Multi-DRM on premises, as a virtualized instance hosted in-house by the provider, or as SaaS in Verimatrix Secure Cloud with 24/7/365 support. These deployment options allow operators to tailor their cloud migrations to best match their network and business goals.

The result of the cooperation between AWS and Verimatrix is a highly flexible, low-risk cloud-based delivery solution. Video service providers have a single interface to manage unified authentication, key distribution, and user control for easier and more streamlined operations.

Connecting it all together

Secure Packager and Encoder Key Exchange (SPEKE) is an open API specification from AWS designed to streamline the way DRM systems integrate with encryptors, which includes encoders, transcoders, and origin servers. It builds on the Content Protection Information Exchange (CPIX) specification developed by the DASH Industry Forum (DASH-IF) by extending specification with methods for authenticating and protecting communication between key servers and encryptors.

Our Multi-DRM integration with the SPEKE API is an important step in the standardization of API between DRM, packagers, and encryptors. It significantly lowers the barriers in deploying a multi-DRM approach and helps simplify multi-DRM environments for operators and consumers.

In the case of MediaConvert and MediaPackage, we have several customers already taking advantage of the SPEKE API integration for better operational efficiencies. For example, a major Nordic operator has deployed the solution to help accelerate its multi-DRM deployment so its customers have access to a wider range of services with more exclusive content across all devices.

In the case of AWS Elemental MediaConnect, VCAS is currently the only security option for content providers to add a protection layer with sophisticated rights management when configuring their distribution.