Share Sensitive Audio and Video Files More Securely than Ever

Secure Audio and Video Playback for Virtual Data Rooms

14 February, 2022

“Letting the cat out of the bag is a lot easier than putting it back in.” - Author: Charles Martin

Not every A/V file is destined for wide release. In this blog, we explain why data rooms should have secure video sharing to safeguard A/V assets.

Much like any other form of information, sharing audio and video files online comes with inherent security risks. Any way you slice it, nobody makes video in a vacuum.

Increasingly we are seeing companies use video and 3D animations to explain products, technologies and procedures. Often times this information is proprietary, and in the wrong hands, it could be used to displace you, disgrace you or to achieve many other possible outcomes.

Whether you’re a Hollywood director sharing snippets of the new Avengers movie or a global phone company creating updates for the next iPhony 29, there’s always an audience just waiting to get their clammy hands on your secrets…

Case in Point - 2014 Sony Hacks

Let’s check out one of the most famous examples where the widespread use of the internet and unsecure A/V solutions led to massive losses after sensitive/proprietary videos were hacked and leaked.

In 2014, one security incident alone led to the theft and circulation of 5 movies from Sony Pictures.

The group responsible for the hack, the “Guardians of Peace”, stole and leaked huge amounts of information off of Sony’s Network, including personal and embarrassing employee messages.

The hackers then demanded Sony cancel the planned release of The Interview, a comedy where two Americans assassinate North Korean Leader Kim Jong Un.

Sony’s initial reaction was to shelf the movie, but critics like President Obama warned capitulation in the face of terror sets a bad precedent leading to the studio reversing its decision and releasing the movie online.

This is just one example why secure A/V and document security solutions should be integral to your business as a standard capability, not just when you are entering into deal-making.

With A/V assets now becoming a component for marketing and business growth, losing control of your content could have far more punishing ramifications than mere plot spoilers. Internally or externally, today’s businesses are using video to share all types of information, more and more.

Companies of all sizes use video content as the preferred medium for the delivery of executive communiques, product demos, employee training, financial reports, and much more. And recording a Zoom meeting for those that missed it, is now quite a common practice.

The Bad News

Unfortunately, most organizations don’t have a good system for safely sharing their audio and video files over the internet for on-demand viewing. And as you’re well aware, free video platforms are far from ideal for the majority of work-related content.

You wouldn’t trust YouTube with a video of your personal credit card info now, would you? Just try running a quick search for internal meetings and YouTube gives you over 800,000 results.

Even with privacy settings, free video sharing solutions like Vimeo and YouTube open your company up to the potential risk of sensitive information falling into the wrong hands. So, what can you do to safeguard and securely distribute your organization’s most sensitive A/V assets?

Privacy and GDPR Compliance

According to the National Institute of Standards and Technology, whenever information is shared online, there’s a risk of breach of sensitive data such as controlled unclassified information (CUI), classified information (CI) and personal identifiable information (PII), as defined under the privacy protection laws known as General Data Protection Regulation (GDPR).

The videos your company produces might fall under the scope of GDPR, for example, filming member of the public can make you the “content controller”, thus making you responsible for setting the purpose of creating and storing video assets.

Therefore, a secure video sharing platform needs to protect your content both during production and development, then once more during the distribution and consumption stage. To be termed compliant, a video sharing platform must meet the following requirements.

10 KEY GDPR Requirements

1: Limitation of Purpose, Data, and Storage

This means A/V sharing platforms are expected to limit their processing by only collecting data that is necessary – no personal information outside the legitimate purpose for which it was collected. Private data should be deleted once its purpose has been fulfilled.

2: Lawful, Transparent, and Fair Processing

All processes have to be based on a legitimate purpose, with companies informing subjects about any and all activities on their personal data. Fair simply means companies shall take responsibility and not process data for any other reason than the legitimate purpose.

3: Data Subject Rights

Data subjects have a right to ask the company about the content and intended purpose of their personal data. They also have the right to object to processing, lodge complaints, ask for corrections and even deletion of said data.

4: Privacy by Design

For a company to qualify for GDPR compliance, it has to incorporate technical and organizational mechanisms for personal data protection; that’s to say, by default, privacy and protection aspects need to be ensured.

5: Data Transfers

Your personal data controller is accountable for ensuring personal data is protected and all GDPR requirements are respected. Even in the case of third-party protection, controllers have an obligation to ensure the privacy and protection of personal data when being transferred to a third party.

6: Consent

Should the company have any intent to process personal data beyond the legitimate purpose for which it was collected, a clear and explicit consent must be asked from the data subject. This consent must be documented and can be withdrawn by the subject at any time.

7: A Data Protection Officer

An organization should assign a Data Protection Officer when there’s significant processing of personal data. The responsibilities of the DPO include advising the company on EU GDPR Compliance requirements.

8: Data Protection Impact Assessment

The aim of this assessment is to estimate the impact of new actions or changes to the system. It’s conducted when initiating a new project, product, or change.

9: Personal Data Breach Registrar

Organizations must maintain a Personal Data Breach Registrar and inform both the regulator and data subjects within 72 hours of the breach.

10: Training and Awareness

Organizations have to create awareness amongst their employees on key EU GDPR requirements and carry out routine training to guarantee all staff remains aware of their responsibilities with regards to protecting personal data and identifying breaches as soon as they happen.

There’s a lengthy list of requirements relating to EU GDPR. Understanding these requirements and their implications for your company is of the utmost importance.

More details here: Checklist of Mandatory Documentation Required by EU GDPR

ShareVault Secure A/V Player

Now that you’ve seen how difficult it is to stay GDPR compliant, you can appreciate the dangers of allowing video and audio files to escape into the public domain even if they don’t contain your intellectual property secrets, because they may still be non-compliant with GDPR.

Available now, our Secure Audio / Video support provides a slick, secure playback experience for any type of media right inside a ShareVault data room. We can stream audio/video player files safely in your end user’s browser without the user ever downloading the files to their local devices, as is the case with almost all other virtual data room platforms.

When uploading your A/V media, ShareVault automatically transcodes your media to Apple’s HLS live-stream protocol for high fidelity playback, with support for most popular audio/video input file formats, including MP4, MOV, AVI, WMV, WAG, MP3, M4A, FLV, AAC, WMA, FLAC, OGG,OGV, MKV and WEBM. So regardless how your content was created, we can stream it safely to any browser on any device.

ShareVault’s Secure A/V Player provides:

• Fast, continuous streaming for any media without downloads
• Intuitive interface that allows easy switching between media
• Amazing, up-to the second viewer analytics and tracking
• Complete protection of all Media assets at all times

When a user clicks a video file, the Secure A/V Player plays back the video right in the user’s browser with the appropriate security settings based on the user’s policies:

• The video’s URL cannot be shared and the video can only be viewed by authorized users by using ShareVault’s Secure Video Player
• If the user’s policy does not allow saving, or is configured for IRM, then the video cannot be downloaded.
• A personalized custom watermark may be displayed diagonally across the video viewer using ShareVault’s unique video watermarking overlay technology, which employs anti-tampering countermeasures to prevent users from removing the watermark.

In many cases, our customers’ intellectual property is embedded in A/V media files, including confidential Zoom recordings, recorded conference calls, proprietary video storytelling or mechanism of action animations, recorded legal testimony, videos illustrating trade secrets, proprietary processes and methods including surgical procedures or unreleased creative audio / video productions.

In all of these cases, the ShareVault secure video player is the ideal solution for easy, secure sharing of audio / video content.

Administrative Features

Administrators can use digital rights management policies to control what users can see and do when they access video and audio files. The same policies you have for documents, apply to multi-media files too.

1. Except for features like printing which are not relevant. And the only permitted download option is "Save as Original"
2. As with documents you can add a tamperproof custom watermark to discourage illegal copying, say by filming the screen.
3. In reporting you can see exactly what happened down to the second. So you know precisely what each person watched and what they skipped.

Summary

We can all agree that not every A/V file is destined for wide release. ShareVault’s A/V player lets you securely stream audio or video files and never lose control.

With ShareVault Secure Video support in your data room, you now have a safe and convenient way to share video and audio without allowing users to download your assets.

To see more ways that ShareVault helps you protect your assets and streamline due diligence, book a Personalized Live Demo or Start your Free Trial today.

FAQs