Security in OTT Media Delivery [White Paper]

As we enter the 2020’s, we see a major segment of businesses take the entertainment industry by storm: over-the-top (OTT) media services.

Recent studies estimate that the OTT market will cumulatively generate revenue of $332.5 billion in 2025, growing at a CAGR of 15% from 2017. Major streaming services have amassed millions of customers thanks to continuous innovation and exclusive high-quality content.

As we witness this impressive growth, we find a key business threat that is also growing: piracy. The illegal re-distribution of video content cost the industry $9.1 billion in 2019, with analysts estimating it will reach $12.5 billion by 2024. (Find additional key statistics for the OTT market in our data sheet.)

Besides piracy, a key threat to business sustainability comes from the surge in competition. With several new providers betting on the OTT media and releasing their own subscription-based services, market share is set for significant fragmentation. To retain subscribers and resist this expected turbulence, major providers are betting on two main strategic vectors: exclusive content and customer-centered innovation.

For OTT providers, sustainability in the coming decade will surely be defined by decisive action for piracy prevention and customer retention.

A problem as old as digital media itself, piracy is a top-of-mind concern for OTT providers. Recent technological advancements have brought forward solutions to incisively tackle piracy.

A widely adopted solution is Digital Rights Management (DRM). This licensing system allows content owners to define how and by whom their content can be accessed. Whenever the user wants to access the content, the DRM system comes into play, with a series of permission and security checks that allow or deny access to (encrypted) content and the corresponding access keys.

Even though DRM is still the go-to choice to securely deliver content and avoid piracy, the fact remains that it is often not enough. Motivated attackers often find ways of leaking content. When that happens, the goal of OTT providers is to find the culprit as quickly as possible and block the respective account. The answer to this is forensic watermarking.

Forensic watermarking adds an imperceptible unique watermark to video content. When OTT providers find content being illegally distributed in the wild, they can read the watermark to retrieve actionable info of the leaker, such as the user ID, device ID, and IP. This enables providers to quickly block the account and contain the leak.

As watermarking solutions increasingly move to a client-side approach — a move that has serious benefits to OTT providers, such as better player performance — they are now being placed on an adversarial environment. If this client-side watermarking agent is not properly secured, an attacker can easily tamper with the agent and ultimately bypass it — namely by reverse-engineering the agent’s exposed JavaScript code or by tampering with the DOM. This bypass means that leaked content will not be traceable and providers may take too long to stop the leak.

Here enters a solution to secure the client-side watermarking player and prevent any type of bypass or tampering: Jscrambler. By protecting the agent’s source code and monitoring the DOM to detect and/or block modifications to the watermark, Jscrambler minimizes OTT providers’ exposure to piracy.

With a combination of DRM, client-side watermarking, and Jscrambler’s protection, OTT providers can deliver content on the Web while maximizing performance, users’ experience, and security.

Customer behavior analyses show that a top reason why users cancel their streaming subscriptions is the actual experience of using the player. Especially at a time when competition among video subscription services is surging, major providers seek to retain customers through innovation that uplifts the customer experience. We’ve seen providers come up with disruptive solutions to handle buffering, analytics, and the user interface.

As a result of this innovation, providers go the extra mile to ensure that their proprietary logic remains protected against the prying eyes of competitors. Seeing how the majority of modern players rely on JavaScript and HTML5, the most suitable approach is JavaScript protection.

Unlike any other JavaScript protection solution, Jscrambler secures the web players of OTT providers with a combination of cutting-edge layers that are deployed intelligently by the Jscrambler engine. This tailor-made protection, which includes polymorphic obfuscation, anti-debugging, and anti-tampering features, mitigates attempts to uncover proprietary algorithms, keeping intellectual property safe.

This enthralling peek at the OTT media delivery industry is a prime example of how Web Application Security becomes a key competitive advantage.

Piracy and customer retention are only two of the many challenges that providers in this space must consider. Another lurking threat is that of Magecart-like data breaches, especially considering that most OTT providers handle payments on their web platforms.

Still, providers in this space have a decade of growth to look forward to. As we see management understand these key security threats and identify their major role in business sustainability, providers that put security first will surely thrive.

For an in-depth analysis of this topic of security in OTT media delivery, read our free white paper.