This is perhaps the most counter-intuitive of all the factors
comparing native with downloadable DRM. One could make
the argument that, as shipped on day 1, native-integrated
DRM is more resistant to hacking than a downloaded client.
However, this advantage is not sustainable over the long-term.
It is a short-term benefit, and the differentiation is neither
massive nor consistent.
Furthermore, basic DRM is limited to cryptographic
security only. Non-cryptographic security features are typically
not provided by native DRM systems; nor are they accessible
via browsers. For example, persistent security tools such as
forensic watermarking for VOD content or live fingerprinting
for broadcasts are necessarily proprietary and therefore not
available through standardized browser-based playback.
The effective security offered by a DRM system consists of
both upfront robustness and long-term resilience. Resilience
in turn relies on infrastructural capabilities such as revocation
and developmental investments such as renewability. Over
time, the total stack is critically important to safeguarding
a VSO’s business and revenue. Having a single point of
accountability and remediation if something should break
or be broken is the only way to ensure a service remains
consistently available to all its users on all their devices.
Long-term renewability is necessary not only to proactively
or reactively manage breaches over time, but also to allow
the video service itself to evolve as content offerings evolve
and protection bars inevitably rise over time. CE devices are
expected to have a useful life of at least three years, with Smart
TVs expected to be useful for upward of seven years. A service
that cannot deliver its latest and greatest content selection to
legacy devices will be faced with frustrated customers and lost
We have talked already about the need for VSOs to
control the security of their services and content. This
is only one aspect of control, however. The use of apps
provides not only control over security but also control
over data (e.g., usability data and corresponding analytics),
and control over feature sets (including security features
like watermarking and user experiences such as offline
consumption). The use of apps ensures that third parties
cannot tap into service-specific data via the browser. One
aspect of control worth diving into more deeply is the
ability of apps to allow control over service-critical data
such as service authentication credentials.
SHORT TERM VS. LONG TERM
On the surface of it, the argument seems clear. Leveraging
native DRM offers lower upfront cost, and the use of browser-based delivery promises near-universal portability. The good
news is that native DRM and native player engines provide
all key playback functions, pre-built and ready for use.
Unfortunately, that’s also the bad news, because you are bound
to this functionality as the lowest common denominator. If
there isn’t an API for it, then you can’t do it. A business-focused
assessment of the pros and cons of browser vs apps indicates
that premium services are better served by apps.