monetising ott presenentation on ott and risk management. march 2015
TRANSCRIPT
Managing the security challenges presented by OTT
Monetising OTT
London March 26th 2015
Ben Schwarz - [email protected]
Workshop agenda
Security concerns may be considered ‘old hat’ to telecoms operators, we’ve always had them!However, the age of IoT and OTT delivery has changed this. In this workshop we will discuss YOUR OTT security concerns, and work to try and solve these, whilst also:
– Identifying the drivers of concern amongst both operators and consumers of OTT security – is it all about privacy?
– Determining to what extent security can delight customers in the age of IoT, despite the fact that early DRM systems were considered a hindrance
– Establishing whether analytics can and should be run through the security system
– Debating whether security should be connected, as OTT services are
Ben Schwarz - [email protected]
Some security challenges
• Speed up provisioning
• Increase agility to adapt to new threats
• Develop and maintain ever deeper expertise
• Improve Cost effectiveness
• Don’t miss the Analytics boat
• Adapt security to evolving risk level (inc.during a single session)
Ben Schwarz - [email protected]
DRM at the turn of the century
Ben Schwarz - [email protected]
But DRM must also be …
• About making users’ lives easier– Addressing privacy concerns
– Facilitating sharing, testing/tasting
• For managing & promoting Digital Rights– The original goal of DRM
• Connected– experience continuity, adaptability
• Security domains are merging– E.g. pay TV and Smart Home, …
Ben Schwarz - [email protected]
So what is Security?
• It depends who you ask:– Authentication, Authorization, Rights management
– Deterrent, preventive, detective, corrective
– Encryption & protection?
– Emergency response? Processes ?
• Security / identity / Privacy– Why is there still a plethora of password management
companies out there?• Despite SSO, authentication still needs work and Identity
theft still righty scares people
Ben Schwarz - [email protected]
Physical
Conceptual
Contextual
Logical
Component
An IT Architects view on security
Ben Schwarz - [email protected]
Server infrastructure
Content creation
Distribution / broadcast
Service consumption
Content Storage
So where does security come in for OTT delivery of pay TV
Ben Schwarz - [email protected]
Security domain 1
Security domain 2
Security domain 3
Security domain 4
Security and product lifecycles
Design Build TestSpecify
Establish security
requirements
IdentifyKey
threats
Remove unsafe
features
Analyze risk vs.
security
Incident response
plan
Training
Run
Ben Schwarz - [email protected]
Real-world and digital resources
Content security
Authorization
Authentication
Analytics
Rights management
Ben Schwarz - [email protected]
Content security
Authorization
Analytics
Rights management
Authentication
1
4
Start VoD
session
2
…
6
5
3
Content store
Big data Analytics
Fully in-house
Fully outsourced
In-house &/or outsourced
Entitlements database
Subscriber managemen
t system
Abstraction layer
The importance of an abstraction layer
Components can be delocalized as
required
Ben Schwarz - [email protected]
Does OTT change risk?
• In an OTT environment, the content protection risks themselves are similar, only the impact of a breach can be greater.
• When operator aggregates an OTT service through their controlled infrastructure (e.g. Netflix) the aggregator carrier little or no risk.
• Whether OTT or not the risk on user data has much longer-term impact than the risk on content.
Ben Schwarz - [email protected]