Whether you are a media publisher, content owner, a business enterprise, a government department or an educational institute, content security is of utmost importance and a key challenge. VIDIZMO was designed to be highly secure from the ground up and to meet security requirements of both IT and business users, it includes several security layers at application, database, storage, and data center levels.
1. Application-level Security
SSO/Identity Federation: VIDIZMO provides identity federation and single sign-on integration with industry standard protocols such as OpenID Connect, strong password, multi-factor authentication, ensuring no personal data. Content security is offered through token-based authentication; granular content access rights management provides ultimate control over who has access to content. To learn more, see: Setting up Single Sign-on in VIDIZMO.
AD Attributes and Groups Synchronization: VIDIMZO has very tight integration with Active Directory allowing synchronization of users, any attribute, security groups to be synchronized with VIDIZMO. Furthermore, rules can be created routing users based on synchronized attributes to a certain portal, content or perform a certain action.
Role-Based Access Control (RBAC): Role-based access control is a method of regulating access to the computer or network resources based on the roles of individual users within an enterprise. VIDIZMO allows these roles to be configured for each portal, and to be assigned to all users that require access to the content being uploaded or published via VIDIZMO.To learn more, see: Understanding VIDIZMO User Roles.
- Content Segregation: Thanks to the multi-tenant design, each VIDIZMO portal provides complete segregation of content among various portals. This access can be inherited/ shared among a group of portals or can be completely customized for each portal. To learn more, see: Understanding Portal's Security Policy.
- Audit Logs: Complete security audit logs are maintained with IP addresses, date stamps associated with user accounts accessing the platform.
To learn more, see: How to View and Export Audit Logs.
Trusted Domains: Trusted Domains allow secure connections with other enterprise systems on the network. To learn more about it, see: Understanding Portal's Security.
HTTPS: At Network level, all requests are exchanged using HTTPS for secure communication.
Network Management: Network location detection, filtering, and redirection allow requests to be routed to designated servers and edge appliances, preventing unauthorized networks from accessing the content altogether.
2. Database/Storage Level Security
Data Encryption: All data including passwords, user profiles, and sensitive content information can be encrypted using AES256 and 3DES encryption.
Content Encryption: At Storage level (at-rest), content can be encrypted using AES128 and/or PlayReady or Widevine DRM with SSL for in-transit encryption. To learn more about DRM, see: Understanding Digital Rights Management in VIDIZMO
3. Datacenter Level Security
VIDIZMO leverages Microsoft Azure to monitor, detect and resolve any issues:
Security Center: VIDIZMO uses a central view of the security state of its deployments to verify that the appropriate security controls are in place and configured correctly.
Security Policies: VIDIZMO can define security policies for specific customer deployments according to their security needs.
3rd Party Security Solutions: VIDIZMO can rapidly enable a range of security solutions from 3rd party providers, including industry-leading firewalls and antimalware.
Global Threat Intelligence: VIDIZMO leverages Microsoft global threat intelligence and expertise with insights into security-related events across customer deployments. Security Center helps VIDIZMO detect actual threats early and reduces false positives. Security alerts offer insights into the attack campaign, including related events and impacted resources, and suggest ways remediate issues and recover quickly.
4. Public CDN Level Security
VIDIZMO leverages Azure CDN for:
DDoS Protection: Reverse-proxy architecture with sophisticated DDoS identification and mitigation technologies to protect our customers and their users by identifying, absorbing, and blocking security threats.
Fast Purge: Fast Purge to remove any content from CDN.
Geo-Blocking: Country Filtering to block countries content can be delivered to.
Rule-Based Engine: Rule-Based Engine to configure advanced workflows for allowing/denying access to content.
Location Detection: Location detection based on country or network operator.
HTTPS support: HTTP over SSL ensures all data is encrypted and secured in-transit.