Building a Secure and Reliable Foundation for your Video Lifecycle

By Laura Balboni on March 27, 2019

Let’s continue our discussion of the core tenets of VidOps, the industry approach that promotes collaboration, visibility, and shared goals to drive the expansion of owner-controlled video content and the value it delivers.  (Learn more about tenets one, two, three, four, five, six, and seven in previous blogs).

Today we focus on the eighth tenet:

Think security, reliability, scalability and governance — build from a solid foundation:

When we talked about gathering requirements in tenet three, building a matrix of requests, requirements and goals, some of those requirements are going to satisfy security imperatives, compliance and relevant regulations.

Today, organizations must be more proactive than ever when it comes to the security, scaling and reliability of digital assets and ensuring proper video governance throughout the organization.   Rather than reacting to a disastrous security breach, a critical outage, or a compliance violation, it is better to get ahead of these scenarios by defining processes and policies that govern all critical business functions at the outset. By creating a VidOps governance strategy that spans organizational, financial and operational requirements, these actions are built into the early stages of the product lifecycle.

To quote directly from the VidOps Framework :

“In a rush to bring a product to market, many organizations do not devote enough focus and time to the foundation of video streaming systems. Understanding and addressing the needs of security, scalability, reliability and governance is an important step toward product success.

VidOps initiatives need to hold this mission at its core, so teams work together as partners and key business stakeholders can be assured of success. While this process is crucially important at kick off, it also is an important part of the ongoing process, regarding constant assessments against the plan for compliance.”

Establishing a robust, yet manageable, governance model should consist of the following foundational pillars. These pillars are applicable regardless of whether the governance model and plan are supporting security, scaling, or resiliency of regulatory compliance.

Understand the tradeoffs and objectives of video governance

The scope of any video governance model will be unique to each video provider as they are driven by a number of specific factors including business strategy, staffing and investment ability, geographic reach and customer expectations. For example, the level of resiliency you build into your service will come at a cost and it’s important to not only establish customer-facing goals for uptime and performance but to accomplish some basic hypothetical modeling to understand the potential impact to your business of 99.999 reliability versus 99.9. Similarly, if you are, for example, planning to expand from a U.S. only service to countries within the European Union, there are distinct regulatory requirements that apply relative to privacy and portability of your service.

Establish Key Ownership & Responsibilities

A central tenet of VidOps is to promote ongoing collaboration amongst video teams and stakeholders and break down operational silos. The benefits of collaboration and transparency are critical to governance, however, it is essential to establish individual owners and clear objectives for video governance of security, scaling and reliability.

Governance owners will be responsible for ensuring that inputs, feedback and critical information to inform governance decisions are collected from across the VidOps stakeholders. Owners will also have the crucial responsibility of conveying the tradeoffs associated with different levels of governance rigor, establishing clear objectives and ensuring the governance plan is well-documented and maintained over time.

Document Contingency Plans

It is impossible to adequately assess the trade-offs of an established video governance model without having a clear understanding of how your business will respond to a potential violation of your plan and objectives. VidOps governance owners should consider how violations will be determined (proactive or reactive, the specific information will be required to be collected and the method for communicating the violation with customers, regulatory agencies or partners).

Where and how to start with video governance?

Video governance is an ongoing journey, and plans, responsibilities and deliverables should be maintained on an evergreen basis. Following are some preliminary questions and checklist items around each of the core areas of governance that should be used both at the beginning and on an ongoing basis to ensure your objectives and approach to governance for security, scaling, reliability and compliance consistently align and support your broader business strategy.


Do we have an understanding of our Average & Peak concurrency loads across all aspects of our service (e.g. media processing, video request handling, ad requests, transactions, CDN distribution)?

Do we have a process for sharing our quarterly/annual forecasts with internal teams and our infrastructure partners?

Do we have a process for ensuring adequate capacity for “tentpole” events with uniquely high anticipated customer demand?

Do we understand how our capacity requirements for partners compare to their actual capacity?

Are there options for reserving stand-by capacity we should consider?  What are the specific costs?


What are customer expectations around reliability and performance based on key criterion (e.g. service cost, type of content, geographic/cultural considerations, customer-facing SLAs and penalties etc)?

Have we modeled potential scenarios assessing the impact of various uptimes on the impact on churn and engagement?

What redundancy levels are built into our infrastructure partners solutions?

What are the failover mechanics for our infrastructure partners?  What SLAs and penalties are provided?

Are failovers seamless?  Are failovers redirected to infrastructure proximate to our customers or from other regions? What downtimes should be expected?


In what global theaters are distributing content and what are the applicable privacy and use regulations? (e.g. PII in U.S.; GDPR and Portable/Nomadic use in E.U.)

Where does PII information physically exist (e.g. subscriber databases, transactions, ad ecosystem, etc.)?

Have our partners provided documentation and/or certification that they are compliant with our applicable regulatory requirements?


Do we distribute licensed content which requires encryption? What levels (e.g. common encryption or studio-quality DRM)?

What is the intrinsic value of our own owned content? What are the potential revenue and business impacts of piracy/theft?

Are we supporting offline viewing?  Are there unique encryption requirements for this content?

Are there differing levels of encryption required for parts of our VOD catalog? Do the requirements differ for linear or live?

Can syndication partners support our security & encryption requirements?

Continuing on the VidOps journey

These requirements are ever-changing according to the needs of the organization, relevant regulations, the scale of distribution and so forth, so make sure the process is ongoing to facilitate continuous improvement.

If you’ve made it this far in the VidOps journey, congratulations -- you’re almost there! The work your team has done, leading up to this point, will set you up for success and streamline complex tasks.

Next time, in the last and final post in this series, we will unpack the topic of testing and performance measurement. Stay tuned.

Connect your video with viewers, everywhere.