The Five Keys to Video Content Governance

The following is a guest post from Irwin Lazar, VP Analyst at Nemertes Research. He will be joining us on December 6, 2018 at 11:00 AM EST for a live webinar, “Successfully Addressing Video Governance Challenges”. To register, click here.

Organizations are increasingly using video to communicate and collaborate.  Whether it’s streaming of live broadcasts like executive town halls, training, or other content, or recording of meetings for later playback, IT leaders are diligently working to meet rising demand for video streaming.  But in doing so, they must also support regulatory, legal, and policy requirements for managing video content to ensure proper security and support for governance requirements.   Given the myriad of ways that video can be created and shared, a proactive strategy is necessary to ensure success.  Absent such an approach, enterprise video assets are vulnerable to a wide range of threats including:

  • Unauthorized viewing and sharing
  • Sharing of inappropriate content
  • Leakage of intellectual property or sensitive communications
  • Sharing of unauthorized likenesses or logos
  • Lack of insight into where video content is stored
  • Inability to support compliance requirements for retention and storage

Developing a successful content governance strategy requires addressing five key areas as shown below: Assessment, Access, Encryption, Approval, and Retention

Assessment starts with cataloguing the types of video content you have, where it is stored, who needs access, and what is the risk of unauthorized access or leakage?

Once you know what you have, the next step is to implement an access control strategy.  This requires creation of a schema that applies restrictions based on access need and risk.  Example may include limitations on who can access specific streams, from where, and on what device(s).  It may limit the ability to locally cache, or download videos, and it will protect access to personally identifiable information.

The next step is to ensure that video content is encrypted so that even if unauthorized individuals are able to access video content, they are unable to view it or manipulate it.  Encryption strategies typically ensure encryption at rest, using the AES-256 standard, as well as encryption in-motion, using secure HTTP.

Approval processes govern the sharing of video.  This could include something as simple as ‘no video is published to our company portal without HR review” to more complex review schemes that require approval at the departmental and corporate level.   Approval processes should require anyone who will be sharing video to agree to an acceptable use policy that clearly defines what is allowed, and what isn’t, and that will serve as a reference point to ensure video meets compliance requirements before it is shared.

The final component of success is a retention strategy.  This will govern how long video content is kept, and must provide flexibility to support retention based on previously defined assessment and classification schemes.  For instance, routine content may only be kept for six months, but content that may involve legal or regulatory proceedings could require retention for a period of years.  A rule of thumb is to align video content retention policies with the governance model in use for document content retention.

Addressing these five components may not eliminate all risk, but it will ensure that organizations are proactively managing their video content assets in accordance with governance need, and are minimizing risk of unauthorized access and distribution.

For more information from Irwin and his research related to enterprise video governance, please join us on December 6, 2018 at 11:00 AM EST for a live webinar, “Successfully Addressing Video Governance Challenges”. To register, click here.

About Nemertes: Nemertes is a global research-based advisory and consulting firm that analyzes the business value of emerging technologies. Since 2002, they provided strategic recommendations based on data-driven operational and business metrics to help organizations deliver successful technology transformation to employees and customers.