Steve Oetegenn Issue: EMEA 2015
Article no.: 10
Topic: The power of connected security
Author: Steve Oetegenn
Title: President
Organisation: Verimatrix
PDF size: 213KB

About author

Steve Oetegenn joined Verimatrix in 2004 as the Senior Vice President of Global Operations. In this role, he was responsible for defining and implementing the company’s go to market strategy and operational success factors. In 2005 he was named Executive Vice President, global sales and in 2008, Chief Sales and Marketing Officer. Steve has a wide range of experience in international business, having launched numerous high tech products to the global marketplace. Steve has specialized in Digital Security and Anti-Piracy since 1998, working with Government agencies, Global Banks, Fortune 500 companies and Major Hollywood studios. Prior to joining Verimatrix, he was COO of MediaSec Technologies LLC, a pioneer and leader in the field of digital watermarking, COO of Argus Systems Group, a leading provider of Internet server security software. Mr. Oetegenn is a featured speaker at global digital security conferences.

Article abstract

Security and pay-TV infrastructure in general have been moving from hardware to software. This move has accompanied the rise of standards enabling “building-block” platforms. Security concerns have traditionally been handled at specific points in the delivery chain.

In the pay-TV market, operators themselves have focused on detecting security threats and reacting to alarms, device integrity or performance issues. Such proprietary implementations have in the past been hardware-centric, which limits flexibility in deployment and system growth. When several million subscribers require a smartcard to view live TV, it becomes financially challenging to upgrade the security to counter new threats or enable new usage paradigms.  

Full Article

Security is traditionally viewed as an ongoing race between attackers and defenders in the deployment of digital services—ranging from online banking to pay-TV, but including many more domains such as e-commerce, cloud storage or medical applications. As our lives get more connected, the challenge of security is becoming increasingly global with crossover from one domain to another.

Pay-TV security, which is an excellent example of this kind of crossover, is now being adapted to the meet the needs of the new, more globally connected architecture of service delivery. In this new environment, advanced security approaches are being developed to address the evolving threat or risk level presented by more open architectures.

Greater connectivity brings the promise of many more engaging services. But it also potentially paints a much larger target for would-be attackers for the community of devices and for the business as a whole. Operators that address this issue with the right mix of realism and reassurance will gain goodwill and trust from their customers. And the more progressive operators have the potential to glean some key advantages as the connected paradigm looks beyond video to other device-centric applications.
Offensive vs. defensive security

In the pay-TV environment, a wholly defensive security posture has traditionally been the norm. In this conventional approach, content files and broadcast feeds have had to be physically and logically secured against external access from the point of ingest—often in physically protected, locked-down premises—through proprietary distribution networks and protocols right to the client devices in the subscriber premises. In recent years, this wholly isolationist approach has become unrealistic and—to some extent—counterproductive.

Now it is common that devices, such as set-top boxes (STBs), are connected to the Internet inside the home. Subscribers also expect to have their TV services available on mobile devices, which are connected to more generic cellular and broadband distribution networks.

It is clear now that management of physical security alone is an insufficient approach, and even trying to architect a highly isolated network environment has its limitations. It is the nature of the environment that any defensive walls will always be under attack, and these attacks must be proactively addressed in order to eliminate the threats they pose. At the very least, this requires active management—an extension to this thought process is the field of offensive security measures.

Offensive security extends the proactive stance and has been gathering momentum as a model. It includes pre-emptively upgrading or changing security to make a pirate’s objectives harder to achieve, monitoring the market for pirated content, gathering information about would-be hackers, and anticipating trends.
The different domains of security

Security and pay-TV infrastructure in general have been moving from hardware to software. This move has accompanied the rise of standards enabling “building-block” platforms. Security concerns have traditionally been handled at specific points in the delivery chain.

In the pay-TV market, operators themselves have focused on detecting security threats and reacting to alarms, device integrity or performance issues. Such proprietary implementations have in the past been hardware-centric, which limits flexibility in deployment and system growth. When several million subscribers require a smartcard to view live TV, it becomes financially challenging to upgrade the security to counter new threats or enable new usage paradigms.

Costs rise and flexibility decreases as these security systems with “locked down” physical access must have restrictive data center management. This also makes maintenance expensive and difficult. Support is only available from specialist-trained operator staff. There are only a few top-level security specialists in any given market and it can prove unviable for smaller operators to have one onsite.

Infrastructure in the pay-TV world is moving to the cloud. Indeed virtualization is becoming a game changer for the TV industry. It offers the ability to execute functions from a specialized hardware within a generic low-cost server, enabling significant cost-efficiencies. Network-based personal video recorders (PVR) use scalable cloud storage as needed rather than relying on error-prone hard disks that remain mostly unused in millions of living room STBs.

Virtualization is a key enabler for a new generation of cloud TV services where multi-screen features could not otherwise be implemented. As key features of the services in both the head-end and the client devices migrate to the cloud, so too does security.
Deconstructing security into its components

Whatever their application domain, digital security systems can be deconstructed into a few key sub-components for authorization, authentication, analytics and rights management.

In software terms, an abstraction layer is a software layer that sits between different parts of the overall architecture. It “wraps up” other components so that they are seen to be simple and easy to interact with. With an abstraction layer approach, components can be used in a standardized way that doesn’t change over time as new features are added or bugs are corrected. The abstraction layer also makes components less dependent on each other thus enabling a best-of-breed approach where components can be swapped out easily.
Abstraction and the cloud

An abstraction layer also makes it easier to place different parts of a complex system at different physical locations. Service providers can then retain the strategic components and data in-house and meet stringent local market regulations associated with this constraint. But they can also benefit from outsourcing for economies of scale, peace of mind and improved cost efficiency.

Although reducing costs is always a business decision driver, security is still far from a commodity, and the motivation to host security components in the cloud is primarily to provide the best possible experience for the subscriber and enhanced flexibility for service providers.
Analytics

Pay-TV operators constantly strive to improve the quality of experience for their customers. More detailed subscriber behavior and usage visibility is essential to reaching this goal. The analytics component increasingly relies on a “big data” approach with computing resources and extra customer data that are required from outside the operator’s network. In-house expertise, data capture capability and computing infrastructure of all but the largest service providers will not be able to scale to deliver the many promises of analytics, which can help to answer questions like:
• What is a given piece of studio content worth to an operator?
• What value does a given operator add to a studio’s distribution strategy?
• How can consumption patterns drive the best-informed recommendation engines?
• Which audience segmentation provides the most value to advertisers and programmers?
• How did a specific piece of content like, say, ‘Breaking Bad’ fare in a specific market like, say, Serbia? Both Serbian cable operators and the rights owner will want to know.
Security solutions typically have touch points at many of the critical interfaces necessary to gather raw data that can satisfy such needs. The next leap in analytics capability will come from the aggregation of data across regions, which would be achievable with globally interconnected systems.
Imagine globally interconnected revenue security

Well-known usage scenarios illustrate the need for globally interconnected security in our multi-network, multi-screen, TV-Everywhere world. Subscribers expect to be able to pick up an on-demand video session while travelling on a train, where it was left off several days ago on the living room TV. Operators can effectively leverage the opportunity of ever-cheaper cloud-based software and IP infrastructure to address the growth of security complexity while containing operational cost.

As a complement to their own support requirements, operators should be able to outsource the security management of system and client device integrity in order to concentrate on their core value proposition. This will also lower the cost of entry for new comers. Global visibility of the threat development will help to increase operators’ system integrity as they can benefit from the expertise of world leading authorities, learn lessons of others in near real-time and profit from centralized cost-effective security monitoring.

In the never-ending quest to add more value, leading IP-based service providers around the world have independently entered the video delivery market. They need to become trusted partners for the ever-wary content providers and rights owners. Even if a service provider only operates in a single market, in this connected future they can be seen as part of the global community of providers if their security system leverages a global infrastructure.

For more information on the opportunities and challenges facing pay-TV operators today, please download our new e-book The Software-Empowered Video Operator: Connecting the Dots at www.verimatrix.com/swempowered3