n event management (EM) as a way to gather rel-
evant data about an enterprise’s security from
multiple locations, viewing that information at a
single point or with an overall purpose of spot-
ting anomalies and trends for usage patterns
that are out of the ordinary.
Another key area is mobile security, especially with the rise in bring-your-own-device-
(BYOD) culture—employees using their personal tablets and other mobile devices for work-related functions. The BYOD approach to security essentially looks to protect the company’s
data—whether it be apps or documents or videos—from the rest of the data or APIs on an inherently non-secure, consumer-focused device.
In a 2016 survey report by the LinkedIn Information Security Community, the topic of BYOD
and mobile security was addressed by over 800
cybersecurity professionals. Even among these
professionals, the fear around BYOD security
far outweighed other concerns (such as employee privacy) by a factor of more than 3-to- 1
(39% versus 12%, respectively) when it comes
to BYOD adoption in the enterprise.
Yet the survey also noted that “half of the
globe’s employers require BYOD by 2017,” setting up a huge amount of cognitive dissonance
for IT teams and chief information officers. In
addition, almost two-thirds of the CIO responses to the LinkedIn survey indicated that BYOD
and mobile will have a major impact on their
workforce—“as much, or more, than the Internet did in the 1990s.”
Buy versus Build
While we don’t have space here to get into the
weeds of a buy-versus-build decision for EVP
solutions—and we covered parts of this in a 2017
Streaming Media Industry Sourcebook buyer’s
guide ( go2sm.com/evp17)—the fact is that security is often an overlooked factor when deciding
between in-house and third-party solutions.
“Purpose-built EVP solutions are designed
from the ground up like an enterprise appli-
cation,” said Oliver Jaeger, global vice pres-
ident of marketing and communications at
movingimage, in another Streaming Media East
interview ( go2sm.com/jaeger). He adds that en-
terprise applications “provide granular permis-
sion systems, auditing support, and personal
Audit touchpoints are key, since this is how
most secure EVP solutions will be assessed,
short of an actual security breach.
According to movingimage, the focus during
security audits is usually authentication and authorization. “Having support for single-sign-on
standards like SAML,” said Jaeger, “and being
able to map user, group, and role information
from the corporate ActiveDirectory or LDAP
Trying to retrofit an OVP solution into an
enterprise-specific solution may add an increased burden on the information technology teams—for instance, trying to retrofit even
basic “table stakes” functionality for critical enterprise requirements like security. This is oftentimes only possible on a feature level, making it very hard to guarantee things like access
control throughout the software.
Rainer Zugehoer, founder and CEO of
movingimage, sums up this concept nicely: “It
is not enough to rename an OVP and call it
EVP, by simply making some adjustments on
the feature level and expecting it to meet enterprise security requirements. A proper EVP
has to be built from the ground up for the enterprise, with scalability, security, and application integration in mind.”
Tim Siglin is a streaming industry veteran and longtime
contributing editor to Streaming Media magazine.
Comments? Email us at email@example.com, or check
the masthead for other ways to contact us.