The demand for scalable DRM protection

There is no denying that content creators have faced some conflicting circumstances over the past 18 months: delight and excitement at sustained increases in subscription rates and viewing figures, tempered by the parallel surge in streaming piracy and other illegal activity that has been widely linked to lockdown conditions.

In this context, it’s unsurprising that interest in multiple digital rights management (multi-DRM) technologies to help safeguard content has also risen, although it’s arguable that we are only at the start of a new phase given that some pandemic trends – such as near-simultaneous cinema and digital releases of new movies – are likely to continue after the crisis.

Shane McCarthy, chief operating officer at digital platform security specialist Irdeto, predicts: “DRM will become an even more business-critical service as more valuable content (new releases, live sports) moves to online. Customers will have increased expectations with regard to SLAs [service level agreements], support responsiveness, no-downtime, and the ability to renew encryption on shorter time intervals – for example, 15-30 minute key rotation for premium live sports.”

Speaking to a selection of vendors in recent days confirms that this is a highly dynamic area of R&D, with the development and application of new DRM technologies needing to take particular account of broadcasters’ increasingly scale-driven business models. The composition of multi-DRM strategies inevitably varies between media organisations, but across the board there are signs of a heightened commitment to premium content protection and the identification of potential vulnerabilities before they can have a negative impact.

Security strategies & platform roadmaps

In McCarthy’s opinion, customer expectations of DRM are currently being formulated around three primary topics.

The first of these is “the ability to scale DRM services in order to accommodate subscriber growth while providing high SLAs and premium managed services. Second is the ability to help customers in defining and executing a security strategy for their roadmap and integrate it as part of their platform roadmap. Third is the ability to help customers in mitigating platform attacks that lead to revenue loss (or cost increase), as well as identifying and mitigating device vulnerabilities.”

“DRM will become an even more business-critical service as more valuable content (new releases, live sports) moves to online,” Shane McCarthy, Irdeto

Irdeto’s offer in this area continues to be led by Irdeto Control, which is designed to provide a scalable multi-DRM solution for OTT content delivery activities.

As of July 2021, it was issuing more than 3.4 billion licenses per month, with key features including: DRM-based concurrent stream management “as opposed to insecure app-based concurrent stream management”; AI and ML to detect service abuse and device vulnerabilities; and the ability to block vulnerable devices based on device fingerprints.

Invited to consider how DRM solutions are likely to evolve in light of continued OTT sector expansion, McCarthy emphasises the capacity to “help customers in identifying and mitigating service attacks and device vulnerabilities using both data analytics and AI/ML.” He also anticipates closer attention to “non-functional aspects of DRM solutions to enable and support streaming as a business-critical function”. These aspects could typically include support for high-profile events with quick response support teams, multi-level resiliency, and zero downtime upgrades.

Transparency & ease of integration

Edgecast is another leading vendor that can attest to the continually evolving nature of the DRM landscape. Indeed, the company itself has been through a transformation recently having been known until September 2021 as Verizon Media Digital Services, with new owner Apollo Global deciding on a rebrand having completed its acquisition of Yahoo!/Verizon Media.

• Read more Content security

Writing on the Edgecast blog, senior software engineer John Bowers and product manager Nate Cahoon pinpoint the high expectations, low visibility-style requirements of present-day DRM: “An effective DRM solution must work with the vast majority of playback devices, integrate easily into the workflow, and appear transparent to users.”

Far from being merely an AES 128-bit encryption “layered on a streaming platform”, DRM now provides a complete system for content management access, incorporating “the secure distribution of encryption and decryption keys coupled with backend licensing servers that add functions such as policy control to prevent playback on authorised hardware and offline playback control.”

While some content services have taken on the task of developing and integrating DRM themselves, the “development and integration burden” is such that utilising existing DRM solutions as part of a managed streaming service is now a popular choice, indicate Bowers and Cahoon. In Edgecast’s case, this centres upon the inclusion of a multi-DRM solution as part of the Streaming Platform, “seamlessly integrated…[and] protecting your VOD, live and linear video with a simple check of a box. Our multi-DRM solution supports HLS and DASH with PlayReady, Widevine and FairPlay, so your content is limited to authorised viewers.”

There is also recognition that, by its very nature, content protection is a moving target: “We are continually evolving our platform to keep pace with changing encryption standards and DRM technologies. [Also] we understand that many firms don’t enjoy working with DRM, so the more we can make this critical security task like any other item on a checklist, the better.”

Scalability & operational context

For Pierre-Alexandre Bidard, partnerships senior director at Viaccess-Orca, the determination of a suitable DRM solution tends to rest on a cluster of factors including the ability “to address all of the different devices; the operational context for the operator; and the value of the content.” Indeed, in premium content services it is increasingly common for the rights holder to issue very specific requirements that must be accommodated in the eventual DRM deployment.

The increasingly quick time to market in OTT is also a factor. As Bidard notes, it’s not unusual to encounter “an expectation to launch a new service in only six months.” The rapidly changing nature of streaming is such that content services “need to react fast in order to face their competition [effectively]. In terms of DRM that means they need a solution that supports a fast launch, does not come with extra costs in terms of integration, and can evolve in the future [as requirements change].”

• Read more Rights management

In terms of Viaccess-Orca’s offer, this blend of factors is leading an increasing number of customers towards its multi-DRM cloud service. Orange is among the major customers of this service, having delivered 1.75bn licenses in one 12-month period alone. Along with suitability for “quick implementation”, highlighted features include multiscreen security algorithms, scalable design, and support for the company’s proprietary VO DRM as well as Microsoft PlayRead, Apple FairPlay and Google Widevine: “Using VO’s multi-DRM cloud service we can rapidly launch pay TV services while meeting the stringent security requirements of the studios.”

With watermarking also being deployed alongside DRM in many cases as the overall security environment becomes more challenging, an evolving multi-faceted strategy will remain the only pragmatic route for content services. Notes Bidard: “It is not possible to use a single technology – the customer always needs several at any one time. So a multi-tech approach will continue to be the standard.”