How To Solve IP’s Security Challenge

The transition to IP networks is a paradigm shift for the broadcasting industry. Media organizations are pressing forward with the implementation of new distributed IP production workflows, and the security of IP networks becomes a key consideration.

Due to the open and easily accessible nature of IP technology, the fundamental principles that make SDI connections secure no longer apply. Do media companies need to comprise on security when leveraging IP technology? Definitely not. We have entered a new era of IP network technology where media companies can reap all the benefits of IP-based media delivery while maintaining media network security.

SDI ‘Security’ No Longer Cuts It

For decades, SDI enabled the transition from analog to digital video infrastructure supporting the transmission of uncompressed, unencrypted digital video signals. Since the 2000s, we have transported SDI over IP networks. By adding an adaptation layer to and from IP when handing over SDI signals to the studio LAN, we could create a very clear demarcation point between the IP WAN and the studio. Security became a lightweight and scalable process for media streams.

However, SDI no longer meets industry expectations driven by the need to keep pace with global automation and commoditized network trends. Compounding this further are the new high bandwidth UHD-4K and UHD-8K video formats as well as the increasing spectrum of IP standards and requirements that enable IP transformation. Broadcasters and production companies are moving to IP studios to secure the agility and scale necessary to provide the new content experiences that consumers expect.

Trust Is Front And Center

The transition to IP means switching between local and public IP networks and different IP domains. All data, audio and video will enter the different domains over the same network links and ports. As a result, ensuring what type of IP mmedia traffic can pass through these networks and which streams can go in and out of each network domain becomes crucial for security. This needs careful consideration. IP media traffic doesn’t need to be harmful to damage the network. Even “secure” IP media traffic can cause serious issues. If the content isn’t configured properly, it can flood the network and cause packet loss, jitter and delay. This makes it really important that media companies have full control of the content filtering in their IP media networks and services.

Up to now, securing IP media networks has relied on the combination of general purpose, media-unaware firewalls and, to a certain degree, Network Address Translation (NAT) capabilities. These solutions have not had all of the functions and performance required to handle the large number of streams and data in large IP media networks. To drive the shift to IP technology, media companies need to address these challenges without compromising on speed, latency or efficiency.

The New Security Requirements

To be able to strictly control which stream traffic is allowed to pass in which domains, we need to automate the traffic filtering of incoming and outgoing IP addresses and ports per stream and per core application. User selectable metrics allow for fine-grained control to broadly or narrowly define which data and streams to be allowed or blocked. This covers transferring content in mixed IP environments and between trusted and untrusted IP domains.

In addition, these features should resolve the fundamental IP media security challenges in two ways. First, they need to be cost-effective, reliable and scalable. Second, they need to provide the high-bandwidth, low-latency mechanism that protects IP media networks from untrusted, unapproved media traffic.

With security no longer a roadblock, the transition to IP media workflows will further take off, shifting the dynamics of the broadcasting industry.

Per Lindgren is CTO and co-founder of Net Insight.