securing cloud-based workflows for premium content · securing cloud-based workflows for premium...
TRANSCRIPT
AKAMAI WHITE PAPER
Securing Cloud-Based Workflows for Premium Content:
Introducing Akamai’s secure, MPAA-
assessed workflow for transcoding, storing
and delivering protected content in the cloud
Securing Cloud-Based Workflows for Premium Content 2
INTRODUCTION 3
THE LIMITATIONS OF IN-HOUSE WORKFLOWS 3
CAN CLOUD-BASED WORKFLOWS BE SECURE? 5
AKAMAI’S SECURE END-TO-END WORKFLOW FOR PREMIUM CONTENT 5
HOW IT WORKS 6
CLOUD-BASED WORKFLOWS: THE FUTURE OF ONLINE VIDEO 7
TABLE OF CONTENTS
Securing Cloud-Based Workflows for Premium Content 3
Introduction
In an era of rising audience expectations and rapidly proliferating devices, delivering a compelling online viewing experience has become an increasingly difficult and expensive proposition. Faced with scalability challenges and burdened by complex processes, content service providers need workflow solutions that can help them adapt quickly to continually changing marketplace demands while minimizing capital and operational expenses.
Cloud-based solutions are ideal for these situations, letting content providers outsource complexity and scale infrastructure on demand. Offering pay-as-you-go access to massive computing, storage and delivery resources, cloud-based workflows also minimize upfront capital expenditures as well as ongoing operating costs.
For these very reasons, most content service providers already use cloud services to deliver their videos to audiences around the world. More and more content service providers are now migrating other phases of their content workflows – such as storage and transcoding – to the cloud as well. Doing so not only allows them to leverage instantaneously scalable, high-performance transcoding resources on demand, it also greatly reduces the cost and complexity of keeping up with device proliferation and technological advances. With cloud-based transcoding, for example, supporting additional codecs, higher screen resolutions or the latest device platform can be achieved with just a few simple mouse clicks. In addition, cloud storage offloads the headache of storing, moving and managing the rapidly increasing number of files – and file sizes – needed to accommodate the ever-advancing device marketplace.
However, media companies with premium content must tackle significant security concerns when considering a move to the cloud. High among these is their ability to safeguard content when it is unencrypted – and therefore susceptible to theft – during the transcoding process. Concerns like these can prevent content service providers from truly considering cloud-based workflows, despite the great potential scalability and cost-savings benefits.
Fortunately, companies no longer need to make this tradeoff. With Akamai, content service providers can now take advantage of the industry’s first secure, end-to-end cloud-based workflow that has been fully assessed by the Motion Picture Association of America (MPAA). Enabling the cloud-based transcoding, storage and delivery of premium video content, this innovative, secure workflow allows content providers to fully leverage the benefits of the cloud while protecting their digital assets all the way from source file to consumer.
The Limitations of In-House Workflows
Traditional, in-house video workflows typically mitigate content security risks by handling most pre-delivery processing within a centralized, secure facility. Here, the video source or mezzanine file is transcoded into many separate renditions in order to support different devices, formats, networks and DRM platforms. Since the transcoding process requires the source file to be unencrypted at some point – and thus vulnerable to theft — the content is safeguarded during this part of the workflow by processing it within a digitally, physically and operationally secure facility. Content providers who require the highest levels of safety typically use an MPAA-assessed facility.
After the renditions are created, digital rights management (DRM) technology, such as Adobe Flash Access or Microsoft PlayReady, is applied to each file while still within the secure facility. Once this is done, the files can be safely uploaded to a content delivery network for storage and delivery. DRM protects the files from theft and unauthorized playback during storage, transit and delivery through the cloud.
Securing Cloud-Based Workflows for Premium Content 4
Traditional Content Workflow
Unfortunately, in-house workflows have a number of downsides. First, there is the high capital cost and operational complexity involved. Because transcoding is so processing-intensive, an in-house solution requires significant upfront expenditures for hardware and software. This problem is further exacerbated as screen resolutions continue their upward march toward 4K and beyond, requiring enormous source files that are increasingly unwieldy to access, move around and back up.
In addition, it is costly to maintain and manage a complex workflow that can keep up to date with the continually expanding matrix of technologies, formats, codecs, screen sizes and so on that comprise today’s fragmented device marketplace. Accommodating a new device or format – including retrofitting the existing content library – involves acquiring new expertise and significant processing power, consuming substantial time and resources.
Content service providers with an in-house workflow also face capacity planning challenges. Because their infrastructure is inelastic, they must accurately estimate the amount of hardware and software they will need well in advance – they cannot scale on demand. Typically, this means companies are forced spend extra and overprovision – or suffer the consequences of potentially falling behind schedule or being unable to meet demands.
In addition, companies must provision for peak usage, adding hardware and personnel any time they need to increase capacity, even if only for a one-off event. Unfortunately, these resources then sit underutilized much of the time, going to waste.
For most companies, it is also difficult to cost-effectively build true reliability into in-house server farms. With only one or two server locations, in-house infrastructure cannot provide the same level of fault tolerance as a truly distributed cloud infrastructure can.
For these reasons, growing numbers of media companies are looking to leverage the cloud — not just for video delivery, but also earlier in their workflows. But while intelligent cloud infrastructures can deliver tremendous benefits and enable companies to overcome the limitations of in-house workflows, they also introduce potential security concerns, particularly for premium content providers.
SourceFile
Transcoding & DRM Wrapping
Secure Facility DRM Proctected
Renditions
Cloud Storage & Delivery
Securing Cloud-Based Workflows for Premium Content 5
Can Cloud-Based Workflows Be Secure?
Premium content requires a workflow that protects it from theft and unauthorized access at every step, from the original source file all the way to the consumer. Of particular importance is the transcoding process, as it requires access to unencrypted source files that are at risk of theft. Doing this process off-site, in the cloud, raises potential security questions.
Indeed, the very aspects of the cloud that make it so massively scalable and high performing are the same characteristics that make security challenging. The cloud is a decentralized, distributed model relying on heterogeneous third-party networks – much different from a single, secure, centralized facility where content can be processed. Because of this, cloud-based content workflows require a completely new security paradigm. In order to be viable for premium content, cloud-based workflows must:
1. Protect the source content as it is being ingested to the cloud.
2. Protect the content during transcoding and DRM implementation.
3. Protect source content and created files during archive and storage.
4. Ensure redundancy of all files in a geographically distributed manner.
5. Protect content files as they are delivered to end users.
6. Secure content at all times in a way that does not hamper the unique benefits of the cloud-based workflow,
including scalability, performance and reliability.
Akamai’s Secure End-to-End Workflow for Premium Content
In order to provide true end-to-end protection for premium content, Akamai is pleased to introduce the industry’s first and only MPAA-assessed, secure workflow for the transcoding, storage and delivery of video through the cloud.
Combining industry-leading expertise in securing the cloud with more than a decade of experience delivering compelling media experiences, Akamai is uniquely able to offer this solution — enabling media companies to vastly simplify their post-production workflows and infrastructure by fully leveraging the tremendous scalability and performance of the distributed cloud for the first time. Content owners need only upload their source files, and Akamai’s massively distributed, high-performance cloud platform takes care of the rest – all while keeping the premium content safe from theft.
To provide the highest levels of protection and assurance, Akamai has voluntarily undertaken the intensive process of having its cloud-based workflow assessed under the MPAA’s Site Security Program, the media industry’s gold standard for securing content. This broad-based content security model looks not just at digital security practices, but considers 49 security-related topics across an organization’s management systems, physical security and digital security. It includes areas as wide-ranging as personnel background checks, incident response procedures and third-party vendor screening, as well as physical and digital infrastructure and asset security, access, monitoring and logging.
Akamai’s innovative solution intelligently applies the most relevant best practices in hardware, software, facilities and operations security throughout the content workflow, using situationally optimized security mechanisms for every step of the process in order to deliver robust protection without sacrificing the unmatched scalability, performance or reliability of the cloud. Indeed, the MPAA site security survey found that Akamai’s end-to-end workflow meets or exceeds best practice recommendations in all applicable security areas. By demonstrating compliance with these stringent and comprehensive security best practices, Akamai offers true peace of mind.
Securing Cloud-Based Workflows for Premium Content 6
How It Works
Akamai’s workflow is designed to protect content at every step from the original source file to the end consumer. While in the cloud at large, all content files remain fully encrypted, either through the Advanced Encryption Standard (AES) or DRM technology. The files are only ever decrypted (in order to be transcoded) within the confines of a secure, MPAA-assessed facility. We detail the workflow in the diagram below.
Akamai Cloud-Based Secure Workflow
In the first step, the source or mezzanine files are uploaded from the content provider to Akamai NetStorage, either via the Akamai Secure Upload Tool or other industry-leading solutions such as Aspera and Signiant. Far superior to the clunky, error-prone FTP and secure FTP methods, these tools accelerate and simplify the secure ingestion of source files, making it easy to transfer even large libraries of high-quality files, each potentially hundreds of gigabytes in size. During ingestion to the Akamai network, files are protected through financial-grade, 128-bit AES encryption, as well as with end point authentication and data integrity checks.
The source files remain encrypted within Akamai NetStorage, allowing them to be safely and automatically backed up through NetStorage’s geographically distributed facilities for highly reliable storage and archival purposes, if desired. Alternatively, the source files may simply be archived within the content owner’s own secure facility.
The still-encrypted files are then electronically delivered to Akamai’s transcoding servers. For content requiring the highest levels of protection, transcoding will take place within a MPAA-assessed secure facility operating under strict physical and digital security procedures. These safeguards protect the content at a potentially vulnerable time, as it must be decrypted by the transcoding servers in order to be processed.
The transcoding process creates a matrix of renditions from each source file in order to support various devices, formats, network conditions and DRM platforms. To deliver optimal quality streams using technologies such as adaptive streaming, multiple bitrates may be encoded for each version as well.
One of the benefits of Akamai’s cloud-based transcoding is the ability to quickly and easily support multiple formats and devices, even as demands change. Content providers simply identify the desired target playback devices for their content, and Akamai handles the rest. Transcoding settings are easily configured and managed through Akamai’s secure Luna Control Center, so new devices can be supported with a few simple mouse clicks.
While still within the MPAA-assessed secure facility, each transcoding-created rendition is packaged with DRM protections. Content can be registered and keys obtained through secure APIs with third-party DRM service providers. These are used to create encrypted, DRM-protected files. The protected files can then be safely transferred out of the secure facility, first to NetStorage and ultimately to the edge of the cloud for high-performance delivery that is intelligently optimized for every request – on any device, any network, anywhere in the world.
Secureupload
Transcoding &
DRM Wrapping
MPAA Audited SecureFacility
SourceFile
CustomerFacility
DRM Proctected
Cloud Storage & Delivery
126-bit AES Encrypted
NetStorage
MPAA Assessed for end-to-end security
Securing Cloud-Based Workflows for Premium Content 7
Cloud-Based Workflows: The Future of Online Video
With Akamai’s MPAA-assessed secure workflow, premium content providers now have the ability to fully enjoy the benefits of a cloud-based workflow to securely deliver optimized, high-quality viewing experiences to their audiences worldwide. Key advantages include:
• Security. Enjoy peace of mind with the industry’s first MPAA-assessed cloud-based workflow – one that adheres to a stringent and comprehensive set of security best practices to protect premium assets all the way from source to end user.
• Simplicity. Eliminate headaches and operational complexity with the ability to deliver high-quality streams in any format, to any device – all from a single source content file – instead of dealing with an exploding matrix of renditions to handle different codecs, formats, screen sizes and bit rates. With the ability to support new devices and platforms with just a few clicks, content providers enjoy an accelerated time-to-market and greatly simplified content management – without sacrificing the quality of the end user experience.
• Scalability. Benefit from the tremendous scalability that comes with on-demand access to Akamai’s massive global network. Whether for transcoding, storage or delivery of content, businesses that use Akamai have the power of the network at their fingertips, giving them the agility to seize every opportunity that comes their way.
• Savings. Enjoy substantial cost savings with a cloud-based workflow from reduced capital expenditures, decreased technical and support resources, and reduced space, power and maintenance costs. Moreover, with usage-based pricing, cloud workflow costs are more closely aligned with revenue metrics, reducing risk while helping companies fully capitalize on their successes.
With a global platform that is trusted by the world’s leading brands, media companies, financial institutions – and now the Motion Picture Association of America – Akamai delivers over 2 trillion Internet interactions each day, including secure transactions totaling more than $250 billion in e-commerce annually. Now, premium content providers can take advantage of this security expertise to more fully leverage the performance, scalability and reliability that only the cloud can deliver to propel their businesses ever faster forward.
©2015 Akamai Technologies, Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited. Akamai and the Akamai wave logo are registered
trademarks. Other trademarks contained herein are the property of their respective owners. Akamai believes that the information in this publication is accurate as of its publication date; such information is subject
to change without notice. Published 05/15.
Akamai is headquartered in Cambridge, Massachusetts in the United States with operations in more than 40 offices around the world. Our services and renowned customer care enable businesses to provide an unparalleled Internet experience for their customers worldwide. Addresses, phone numbers and contact information for all locations are listed on www.akamai.com/locations.
As the global leader in Content Delivery Network (CDN) services, Akamai makes the Internet fast, reliable and secure for its customers. The company’s advanced web performance, mobile performance, cloud security and media delivery solutions are revolutionizing how businesses optimize consumer, enterprise and entertainment experiences for any device, anywhere. To learn how Akamai solutions and its team of Internet experts are helping businesses move faster forward, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.