Presented at a 2 hour workshop at the "Monetising OTT" event in London, March 2015.
Agenda: Security concerns may be considered ‘old hat’ to telecoms operators, we’ve always had them!
However, the age of IoT and OTT delivery has changed this. In this workshop we will discuss YOUR OTT security concerns, and work to try and solve these, whilst also:
Identifying the drivers of concern amongst both operators and consumers of OTT security – is it all about privacy?
Determining to what extent security can delight customers in the age of IoT, despite the fact that early DRM systems were considered a hindrance
Establishing whether analytics can and should be run through the security system
Debating whether security should be connected, as OTT services are
Company Snapshot Theme for Business by Slidesgo.pptx
Monetising ott presenentation on ott and risk management. march 2015
1. Managing the security challenges
presented by OTT
Monetising OTT
London March 26th 2015
Ben Schwarz - bs@ctoic.net
2. Workshop agenda
Security concerns may be considered ‘old hat’ to telecoms
operators, we’ve always had them!
However, the age of IoT and OTT delivery has changed this. In
this workshop we will discuss YOUR OTT security concerns,
and work to try and solve these, whilst also:
– Identifying the drivers of concern amongst both operators and
consumers of OTT security – is it all about privacy?
– Determining to what extent security can delight customers in
the age of IoT, despite the fact that early DRM systems were
considered a hindrance
– Establishing whether analytics can and should be run through
the security system
– Debating whether security should be connected, as OTT services
are
Ben Schwarz - bs@ctoic.net
3. Some security challenges
• Speed up provisioning
• Increase agility to adapt to new threats
• Develop and maintain ever deeper expertise
• Improve Cost effectiveness
• Don’t miss the Analytics boat
• Adapt security to evolving risk level (inc.
during a single session)
Ben Schwarz - bs@ctoic.net
4. DRM at the turn of the century
Ben Schwarz - bs@ctoic.net
5. But DRM must also be …
• About making users’ lives easier
– Addressing privacy concerns
– Facilitating sharing, testing/tasting
• For managing & promoting Digital Rights
– The original goal of DRM
• Connected
– experience continuity, adaptability
• Security domains are merging
– E.g. pay TV and Smart Home, …
Ben Schwarz - bs@ctoic.net
6. So what is Security?
• It depends who you ask:
– Authentication, Authorization, Rights management
– Deterrent, preventive, detective, corrective
– Encryption & protection?
– Emergency response? Processes ?
• Security / identity / Privacy
– Why is there still a plethora of password management
companies out there?
• Despite SSO, authentication still needs work and Identity
theft still righty scares people
Ben Schwarz - bs@ctoic.net
10. Security and product lifecycles
Design Build TestSpecify
Establish
security
requirements
Identify
Key
threats
Remove
unsafe
features
Analyze risk
vs.
security
Incident
response
plan
Training
Run
Ben Schwarz - bs@ctoic.net
11. Real-world and digital resources
Content
security
Authorization
Authentication
Analytics
Rights
management
Ben Schwarz - bs@ctoic.net
13. Does OTT change risk?
• In an OTT environment, the content
protection risks themselves are similar, only
the impact of a breach can be greater.
• When operator aggregates an OTT service
through their controlled infrastructure (e.g.
Netflix) the aggregator carrier little or no risk.
• Whether OTT or not the risk on user data has
much longer-term impact than the risk on
content.
Ben Schwarz - bs@ctoic.net