Security in OTT Media Delivery [White Paper]

As we enter the 2020s, we will see a segment of businesses take the entertainment industry by storm: over-the-top (OTT) media services.

Recent studies estimate that the OTT market will generate revenue of $332.5 billion in 2025, growing at a CAGR of 15% from 2017. Streaming services have amassed millions of customers thanks to continuous innovation and exclusive, high-quality content.

As we witness this impressive growth, we find a business threat that is also growing: piracy. The illegal re-distribution of video content cost the industry $9.1 billion in 2019, with analysts estimating it will reach $12.5 billion by 2024.

Besides piracy, a threat to business sustainability comes from the surge in competition.

With several new providers betting on OTT media and releasing their subscription-based services, market share is set for significant fragmentation.

Providers are betting on two main strategic vectors to retain subscribers: exclusive content and customer-centered innovation.

For OTT providers, sustainability in the coming decade will be defined by decisive action for piracy prevention and customer retention.

Preventing Piracy in OTT

Piracy, a problem as old as digital media itself, is a top-of-mind concern for OTT providers. Recent technological advancements have brought forward solutions to incisively tackle piracy.

A widely adopted solution is Digital Rights Management (DRM). This licensing system allows content owners to define how and by whom their content can be accessed. Whenever the user wants to access the content, the DRM system comes into play with a series of permission and security checks that allow or deny access to (encrypted) content and the corresponding access keys.

Even though DRM is still the go-to choice to securely deliver content and avoid piracy, the fact remains that it is often not enough. Motivated attackers often find ways of leaking content. When that happens, the goal of OTT providers is to find the culprit as quickly as possible and block the respective account. The answer to this is forensic watermarking.

Forensic watermarking adds an imperceptible, unique watermark to video content. When OTT providers find the content being illegally distributed in the wild, they can read the watermark to retrieve actionable information about the leaker, such as the user ID, device ID, and IP. This enables providers to quickly block the account and contain the leak.

As watermarking solutions increasingly move to a client-side approach, a move that has serious benefits to OTT providers, such as better player performance, they are now being placed in an adversarial environment.

If this client-side watermarking agent is not properly secured, an attacker can easily tamper with the agent and ultimately bypass it, namely by reverse-engineering the agent’s exposed JavaScript code or by tampering with the DOM. This bypass means that leaked content will not be traceable, and providers may take too long to stop the leak.

Here is a solution to secure the client-side watermarking player and prevent any type of bypass or tampering: Jscrambler.

By protecting the agent’s source code and monitoring the DOM to detect and/or block modifications to the watermark, Jscrambler minimizes OTT providers’ exposure to piracy.

With a combination of DRM, client-side watermarking, and Jscrambler’s protection, OTT providers can deliver content on the Web while maximizing performance, users’ experience, and security.

Ensuring Customer Retention in OTT

Customer behavior analyses show that a top reason why users cancel their streaming subscriptions is the actual experience of using the player. Especially at a time when competition among video subscription services is surging, major providers seek to retain customers through innovation that uplifts the customer experience.

We’ve seen providers come up with disruptive solutions to handle buffering, analytics, and the user interface.

As a result of this innovation, providers go the extra mile to ensure that their proprietary logic remains protected against the prying eyes of competitors. Seeing how the majority of modern players rely on JavaScript and HTML5, the most suitable approach is JavaScript protection.

Jscrambler secures the web players of OTT providers with a combination of cutting-edge layers. These layers are deployed intelligently by the Jscrambler engine.

This tailor-made protection, which includes polymorphic obfuscation, anti-debugging, and anti-tampering features, mitigates attempts to uncover proprietary algorithms, keeping the intellectual property safe.

Looking Ahead

This enthralling peek at the OTT media delivery industry is a prime example of how Web Application Security becomes a key competitive advantage.

Piracy and customer retention are only two of the many challenges that providers in this space must consider. Another lurking threat is that of Magecart-like data breaches, especially considering that most OTT providers handle payments on their web platforms.

Still, providers in this space have a decade of growth to look forward to. As we see management understand these key security threats and identify their major role in business sustainability, providers that put security first will surely thrive.

For an in-depth analysis of this topic of security in OTT media delivery, explore our free white paper, a must-read if your company delivers media on the Web.