Overview

Whether you are a media publisher, content owner, a business enterprise, a government department or an educational institute, content security is of utmost importance and a key challenge. VIDIZMO was designed to be highly secure from the ground up and to meet security requirements of both IT and business users, it includes several security layers at application, database, storage, and data center levels.


1. Application-level Security


SSO/Identity Federation

VIDIZMO provides identity federation and single sign-on integration with industry standard protocols such as OpenID Connect, strong password, multi-factor authentication, ensuring no personal data. Content security is offered through token-based authentication; granular content access rights management provides ultimate control over who has access to content. To learn more, see: Setting up Single Sign-on in VIDIZMO.


AD Attributes and Groups Synchronization 

VIDIMZO has very tight integration with Active Directory allowing synchronization of users, any attribute, security groups to be synchronized with VIDIZMO. Furthermore, rules can be created routing users based on synchronized attributes to a certain portal, content or perform a certain action.


Role-Based Access Control (RBAC) 

Role-based access control is a method of regulating access to the computer or network resources based on the roles of individual users within an enterprise. VIDIZMO allows these roles to be configured for each portal, and to be assigned to all users that require access to the content being uploaded or published via VIDIZMO.

To learn more, see: Understanding VIDIZMO User Roles.


Content Segregation

Thanks to the multi-tenant design, each VIDIZMO portal provides complete segregation of content among various portals. This access can be inherited/ shared among a group of portals or can be completely customized for each portal. To learn more, see: Understanding Portal's Security Policy.


Audit Logs 

Complete security audit logs are maintained with IP addresses, date stamps associated with user accounts accessing the platform. To learn more, see: How to View and Export Audit Logs.


Trusted Domains 

Trusted Domains allow secure connections with other enterprise systems on the network. To learn more about it, see: Understanding Portal's Security.


HTTPS 

At Network level, all requests are exchanged using HTTPS for secure communication.


Network Management 

Network location detection, filtering, and redirection allow requests to be routed to designated servers and edge appliances, preventing unauthorized networks from accessing the content altogether.


2. Database/Storage Level Security  


Data Encryption 

All data including passwords, user profiles, and sensitive content information can be encrypted using AES256 and 3DES encryption.

Content Encryption 

At Storage level (at-rest), content can be encrypted using AES128 and/or PlayReady or Widevine DRM with TLS for in-transit encryption. To learn more about DRM, see: Understanding Digital Rights Management in VIDIZMO


3. Datacenter Level Security


VIDIZMO leverages Microsoft Azure and Amazon Web Services to monitor, detect, and resolve any issues: 


Security Center

VIDIZMO uses a central view of the security state of its deployments to verify that the appropriate security controls are in place and configured correctly.

Security Policies

VIDIZMO can define security policies for specific customer deployments according to their security needs.

3rd Party Security Solutions 

VIDIZMO can rapidly enable a range of security solutions from 3rd party providers, including industry-leading firewalls and antimalware.

Global Threat Intelligence 

VIDIZMO leverages Microsoft global threat intelligence and expertise with insights into security-related events across customer deployments. Security Center helps VIDIZMO detect actual threats early and reduces false positives. Security alerts offer insights into the attack campaign, including related events and impacted resources, and suggest ways remediate issues and recover quickly.


4. Public CDN Level Security


VIDIZMO leverages Azure CDN for:


DDoS Protection 

Reverse-proxy architecture with sophisticated DDoS identification and mitigation technologies to protect our customers and their users by identifying, absorbing, and blocking security threats.

Fast Purge 

Fast Purge to remove any content from CDN.

Geo-Blocking 

Country Filtering to block countries content can be delivered to.

Rule-Based Engine 

Rule-Based Engine to configure advanced workflows for allowing/denying access to content.

Location Detection 

Location detection based on country or network operator.

HTTPS support 

HTTP over TLS ensures all data is encrypted and secured in-transit. 



Contributions were made by Javeria Hasan & Sarah Hussain.