Takeaways from an In-Depth Look at Operator Security
Each week, news stories present headlines of new breaches or, more troubling, breaches that happened months or years ago that were only recently discovered. In the past two weeks alone, security-related stories ran regarding recognizable brands and government organizations, such as Morgan Stanley, LinkedIn, Myspace, and school districts in New Hampshire and Colorado. Each story underscores the scope of the challenge and raises consumer concerns regarding life in our evolving connected world.
Given our focus on the pay TV and broadband services marketplace, we wondered about the level of concern among operators about security – of their data and content. To gauge the anxiety level, Verimatrix commissioned a research project where Parks Associates interviewed operators in the U.S. and Europe to understand their philosophy and approach regarding security. While the results were published in a recent whitepaper (Securing the Integrity of Video Analytics Data), our team came away from the project with several key impressions.
The threats are growing, and operators know it. The reality, and history, of data and content security is that the threats never rest. They continue to evolve, learning and changing in order to exploit new technologies and overcome the latest security innovations. Often hackers are well-organized and coordinated, potentially outstripping the internal capabilities of all but the largest operator software development and security teams. Operators are painfully aware of this reality and of the potential risk that security breaches pose to their customer and content partner relationships. Executives that we interviewed indicate that company leaders had set security as a leading priority.
Breaches from outside the industry could compromise pay TV customers. In the past, operators simply had to protect the walls of their own networks in order to protect content and data. No longer. Outside breaches that yield e-mail addresses and credentials to other sites / services can allow hackers to potentially get access to pay-TV customer accounts. For example, consumers may use the same passwords for differing services. Alternatively, hackers could use stolen information to request password changes, granting them access beyond the original breach.
Differing regulations around the world complicate the problem. In a world of multinational operations and cloud-based services, operators must navigate a patchwork of regulations regarding security and privacy. Operators facing this environment often must take extraordinary measures in encryption and anonymization of the data, particularly those that want to store or access data remotely (as is increasingly the case with large scale, low cost, cloud-based storage solutions). The cross-border challenge is particularly felt by operators with less stringent regulations as they attempt to reach markets with high security/privacy requirements, for example, operators in Eastern Europe seeking to offer OTT video services in Western Europe.
High profile breaches do raise consumer concerns…but that may not be all bad. A little caution by consumers, and by operators, is a wise approach in today’s hyper-connected, multiscreen world.