By Jonathan Stock, Senior Manager, Security Product Marketing, Verizon Media
Video streaming services have always prioritized delivering a high-quality viewing experience, which includes reducing startup times and minimizing rebuffering. New data suggests that focusing on infrastructure security could also be an important factor in improving quality, driving viewer growth and increasing retention.
In 2020, we asked more than 250 security professionals from across the OTT streaming market about their attack readiness and how they are addressing security threats. We received responses from broadcasters, publishers, studios, content owners, direct-to-consumer platforms, aggregators, and of course, sports leagues.
OTT security and QoE
We found that security lapses mean more than just a risk of a data breach. More than half of the survey participants said security breaches had degraded their service’s user experience––more than 3x the number that reported a content or data breach. A third of respondents also suffered a service outage.
Security risk management tends to focus first on preventing data breaches or content theft. And that’s understandable given the potential financial damage these imply. But perhaps it’s time to reframe security as a Quality of Experience (QoE) factor that can impact viewer engagement and subscriber retention as well.
Preventing data breaches and content theft are certainly worthy of our continued focus and attention. But if security incidents are also irritating and driving away viewers and subscribers, security instrumentation and countermeasures could be just as important as managing other QoE factors, such as rebuffering, slow startup, or ad break failure. While some viewers turn to social media to vent their frustrations with a streaming service provider’s buggy application, many more simply give up and try one of the hundreds of other streaming services available to them.
Web applications, like your streaming service, endure a constant barrage of attacks. Credential stuffing overload login and authentication services. Volumetric DDoS attacks prevent legitimate users from accessing the service. Targeted layer 7 application attacks on an API or backend resource can disable content browsing and playback. Even if these attacks don’t result in a data breach, they consume application resources, disrupt user accessibility, and in some cases, take down online services altogether.
Taking action to reduce the impact of these attacks on your streaming infrastructure not only can prevent the financial loss due to a data breach, but it could also prevent degradations and outages that, if managed correctly, could contribute to viewer growth and meeting your retention targets.
Assessing your security readiness
Coming on the back of a remarkable year of growth for streaming services, you’ve likely invested considerable time and resources into releasing new features, expanding to new platforms and improving performance. But this rapid growth may also mean more code, application components, and risk to manage. It may be why more than two-thirds of survey respondents said their streaming infrastructure was not prepared for application security threats. Given the rapid changes over the past 12 months, it may be time to ask, “How well prepared is your streaming service to withstand a security incident?”
We invite you to read our new report, ”Protecting your OTT streaming service from cyberattacks.” You’ll discover what your OTT peers consider to be their security gaps and where they are focusing their investments in 2021. Get a behind-the-scenes look at how prepared they are––or not––for a cyberattack and gain some insight into where you can channel your security efforts. You’ll also learn about proven security technologies that can help you protect your own OTT platforms and technologies, many of which now live in the cloud.