Secure Video Hosting and Viewer Tracking

Secure Video Hosting and Viewer Tracking

83% of executives see securing video content as important. As a result, organizations need a cost effective way to deliver content through secure video hosting. This encompasses both the ability to limit access to authorized individuals and also accountability, the ability to verify that employees viewed critical content.

This article explains the need for video security within organizations and then details the multitude of content restrictive features available. It then discusses utilizing viewer tracking functionality to track who is watching, going over what type of data can be extracted. The piece concludes by reviewing the Q&A module, which adds additional opportunities for employee engagement and valuable organization facing feedback.

The need for secure video hosting

Data breaches have become a hotbed issue for organizations. Now while the leak of an internal training video will not have the same magnitude of a data breach of client information, all the same organizations need to feel confident in their video security measures without compromising delivery methods. The latter is especially true given the effectiveness of video for internal use cases. In fact, from surveys Forrester Research concluded that employees are 75% more likely to watch work related video content as opposed to read documents, emails or articles. Beyond engagement, video is also a more cost effective approach for multi-office organizations. Before the major shift to video learning, IBM estimated that 40% of training costs were tied to travel, which include both transportation and lodging.

So as organizations are realizing both the need and cost efficiency of video, they are also realizing the need to control access to those video assets.

Thankfully, organizations have a lot of tools at their disposal to secure video content. In fact, using IBM’s enterprise video platform they have access to features ranging from:

  1. email verification
  2. SAML based approaches
  3. OpenID Connect
  4. Google SSO (Single Sign-On)

These three features can not be used in parallel, so content can’t have both email verification and Google SSO enabled. Additional security measures, that can be added on top of content restriction, include domain, IP and geographic based restrictions. This offers an opportunity for companies to upload and store their video assets while making them accessible to certain parties.

The fact that there are choices, though, also presents organizations with a challenge of selecting the best one for their needs. In this case, let’s examine each before making a recommendation.

1. Email Verification

Content can be restricted via email verification. This can involve mandating that an approved email domain be given, for example “@myorganization.com”. This will allow any viewer entering an email address from that domain to get access to the stream. Organizations can also list individual approved email addresses, satisfying a need to add shareholders who might be outside of the company.

The actual verification process is two step from an end user trying to access video assets. It involves:

    • Entering an approved email address
  • Entering an access code into the video player which is delivered over email

For improved client relations, the access code sent to the end user will also appear on the portal dashboard as well. So in the event that an end user has trouble receiving the access code, caused by strict email filters or other issues, they can be manually sent the code by an administrator with access to the dashboard.

Note that, when using email verification, authorization will expire after 7 days. After this period, the user will have to request a new access code and redo the two-step verification process. This will help prevent scenarios where, for example, an employee is no longer with an organization and is trying to gain access to proprietary assets. Using the dashboard, authorization can be extended on email accounts if desired.

2. SAML

SAML (Security Assertion Markup Language) 2.0 based SSO options are available to help protect content. This can offer not just sign-on capabilities, but also identity management from third party sources. These can be configured as well with additional options such as the ability to logout just from IBM Watson Media’s login process or logout from both IBM Watson Media and the SSO of choice.

In addition, turnkey integrations are available from major identity providers that include OneLogin, Okta, Ping, Active Directory and LDAP. For example, OneLogin has an app called Ustream while Okta has an app called Ustream Align. These Ustream branded options work with IBM Watson Media.

SAML based logins are older than OAuth 2.0 approaches. They were designed with desktop browsing in mind while OAuth 2.0 was designed with the idea of supporting mobiles as well. The particular point of friction here is limitations in the HTTP POST binding, although even this has workarounds for mobile solutions through using embedded web views. Defenders of both solutions are abundant and those who previously used a SAML based SSO can easily integrate it with IBM’s enterprise video streaming offering rather than having to find another solution.

3. OpenID Connect

OpenID Connect offers more ways to leverage single sign-on approaches to access. Sometimes abbreviated as OIDC, this is an identity layer on top of the OAuth 2.0 protocol framework. It uses JSON web tokens (JWT) to verify the identity of the user and obtains basic user profile information.

In contrast to the more mature SAML based technology, whose last update was 2005, OIDC is a relatively newer technology. There are numerous identity providers that offer their services with OpenID Connect, including OKTA, Ping, SalesForce and SiteMinder just to name a few.

4. Google SSO

Organizations can also utilize Google’s single sign-on method. This involves using the OAuth 2.0 protocol for both the authentication and authorization steps.

This is a several step process that first involves sending a request for an access token to the Google Authorization Server, which then is followed by the user logging in or the system confirming they are logged in. The server then sends back an authorization code, which in turn is used to extract a token from the response and delivers it to allow access. IBM will also store a refresh token for future use, that will be used to obtain a new token.

Secure Video Hosting and Viewer Tracking

Picking a video security option

While companies have a lot of directions they can go in, there is some guidance that can be given based on what other organizations are looking for. In that respect, 46% of executives say that the ability to integrate streaming platforms with LDAP/corporate directories is a priority influence on the streaming technology purchase decision. A large reason for this is ease of use by the viewer while still keeping strong security.

The reason for ease of use is that this should be a set of credentials they are already well versed in. The same login an employee might use to access their email or confidential documents from a company could also double as their login details for internal video assets as well. The benefit here is it’s one less password to remember, preventing risky and embarrassing practices of employees storing tons of different logins on Excel sheets to try and keep track of them.

Furthermore, it’s much more user friendly than email verification, which will ask them to periodically validate their email address. So for companies that can manage it, going with a SSO approach using their corporate directory is a best practice.

Accountability: viewer tracking

While content restriction is an important part of internal communications, there are other aspects to consider. Another issue is validating the use of video assets and being able to provide definitive, intimate proof of that use as required. This is particularly true for video content that is training in nature.

One challenge of moving training and employee seminars to a video structure, though, is confirming that a viewer has watched the material. This is an area where viewer tracking comes into play, offering a comprehensive way to learn about employees viewing the content and also validate that video assets are being observed as required.

Viewer tracking use case

The use cases for tracking viewers are numerous. Uses can include validating frequently used resources, citing which are of importance, but also tracking when content was last accessed. For example, this data could be used to help build planning around intervals to retrain employees if a certain duration, like 2 years, has transpired since training material was last accessed by an employee.

Viewer TrackingOne obvious use case, though, is for compliance reasons. For example, if doing a seminar on sexual harassment in the workplace, sometimes more confirmation is needed that the content was actually watched completely. Companies understand the importance of compliance training as well. A study from the Brandon Hall Group, which surveyed over 200 companies, saw compliance training rank as more important than learning technical, job specific skills. In fact, compliance training ranked second among important learning programs an organization can provide. This result was the case not just in highly regulated industries but also across all the companies surveyed.

The surprising statistic from another survey from the Brandon Hall Group, though, is not the importance of compliance training, but rather the lack of video being deployed toward this goal. Even though 45% of the respondents in a 404 company wide survey found video as a highly effective tool in compliance training, only 5% were actually using it. This represented the largest discrepancy between effectiveness and deployment of the categories surveyed.

Viewer tracking can narrow this gap. It can allow organizations to offer video based training while providing the company piece of mind, having a referenceable source to validate that they watched it and the dates that this took place.

Details available from viewer tracking

IBM Enterprise Video Streaming is built around comprehensive viewer tracking tools. This feature allows the broadcaster to see a detailed list of metrics related to a viewer’s activity. While one important metric is simply did they watch the content, a lot more information is provided such as when and where they watched. Use cases for this can be varied, like it might be worth tracking if employees are utilizing the video assets while on business trips.

These details are found under “Tracking” inside an IBM Enterprise Video Streaming account.  The dashboard makes it easy to see a summation of all viewers who watched a particular stream or what video assets a particular viewer watched. The dashboard view presents this data as a percentage watched, for example a viewer watched 65% of a particular video.

Information can also be downloaded as a CSV, expanding the available details that can be gathered. The CSV also changes the metric for watching content from a percentage to seconds, for greater precision. In total, the platform tracks the following metrics for each viewer who accesses:

  • Content and channel titles
  • Type of content: live or [previously] recorded
  • View type: onsite or offsite (offsite notes viewing outside the Align portal)
  • When the viewer started watching (military time)
  • When the viewer finished watching (military time)
  • Country location of the viewer
  • Region location of the viewer (will list a state if inside the United States)
  • City location of the viewer (examples: San Francisco, Paris, Tokyo)
  • User Agent: browser and operating system
  • Mobile (verifies if the viewer is watching from a mobile device)
  • Seconds (amount of time the viewer watched for in seconds)
  • Email address

Summary

Video is an engaging medium for internal use. Enterprises can tap into this to reduce costs while keeping employees both informed and participating. Using secure video hosting on those assets is also possible, while best practices through linking it to a corporate directory keeps up the ease of use aspect for end users.

Once you have selected your security strategy, feel free to watch this Getting Started with Enterprise Video Management archived webinar. It covers security along with more details on use cases and making delivery scalable as well.