As HTML5 video solutions gain momentum and cement themselves as the industry standard, the proprietary technologies the replace continues to be a security risk. And none of these legacy technologies had an impressive Spring.
In early April, Adobe issued an emergency update to Flash Player after mass ransomware attacks. Adobe published a security bulletin on the topic, which summarized the security vulnerabilities this way:
“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.”
The term “critical vulnerability” doesn’t engender confidence. And yet, this isn’t the only critical vulnerability Flash Player has experienced in the past 12 months. A quick Google search for “timeline of Adobe Flash security flaws” returns the following results just on the first page.
Clearly, it’s not news that Flash has security issues. Just look at the last result from money.cnn.com, which lists critical security vulnerabilities in Adobe products every year from 2007 to 2013, when the article was published.
To be fair, Adobe is not the only vendor with security challenges. Apple recently had its own security issues with QuickTime. In April, the US Department of Homeland Security notified Windows users about two known security flaws with Apple QuickTime, advising them to uninstall the software altogether. Unlike Adobe, Apple had already cut bait and no longer keeps QuickTime on life support. The last update to QuickTime was in January of this year, and Apple has confirmed it will no longer update QuickTime for PC’s.
Interestingly, the two products share one important trait. Both have a proper noun before their name. Both are proprietary products developed and maintained by one company. And, most importantly, executives at both Apple and Adobe have arrived at the same conclusion that their once integral video-enabling technologies are no longer strategic.
Apple has publicly abandoned QuickTime. And, while Adobe has not made any public statements admitting their perennial cash cow is no longer part of their long-term strategy, their actions speak louder than words. Adobe’s increased focus on HTML5 video support in both Creative Cloud and Adobe Experience Manager clearly demonstrates its recognition of HTML5 as the dominant standard moving forward.
The security and performance issues that plague Adobe Flash are rooted in its proprietary nature. Keeping Adobe Flash Player up-to-date, in a constantly changing universe of security threats, is the sole responsibility of Adobe, using whatever resources and skills they choose to dedicate. In today’s world of ingenious and continuously evolving hacks, it’s hugely challenging and expensive to single-handedly maintain the security and performance of an enabling technology such as Flash Player.
There is another factor at play as well. Flash Player’s security issues have been exacerbated recently because Adobe realized Flash Player is no longer a strategic play. And why continue to invest in a dying product?
Adobe and Apple likely foresaw the marginalization of Flash and QuickTime in the face of standards-based technology years back. For the rest of us, there is an alternative now to the risks of a vulnerable platform. HTML5 video has arrived as the standard and is ready to go; it is a tangible and robust replacement to Flash.
Yet, for many organizations, Adobe Flash is still integral to enterprise video infrastructures. The reason is straightforward: until recently, a number of enterprise video use cases were only possible with Flash as a piece of the solution.
High-profile examples of this continued dependency are all around us in the form of the live webcast. Securely broadcasting a CEO Town Hall, an earnings call, or executive presentations to tens of thousands of employees viewing from offices around the globe with secure and reliable transmissions has traditionally relied on multicast supported by Flash.
Despite the imminent demise of Flash Player, many enterprise content delivery network (eCDN) solutions require Flash for streaming live video via multicast.
Those eCDN vendors with products built upon Flash pose significant security liabilities and risk obsolescence as the market moves ahead without them.
Enterprises looking to move on from Flash Player may consider abandoning multicast altogether in favor of a peer-to-peer (P2P) video platform. And while P2P vendors claim to be a worthy heir to multicast for video delivery, this technology compares unfavorably to multicast when it comes to simplicity and security. A P2P overhaul is unnecessarily complex and cumbersome in a world with end-to-end solutions enabling the streaming of Flash-less HTML5 video solution via multicast. So with this “best of both worlds” capability (no Flash and no complex overhead) the barriers to HTML5 live streaming adoption have dropped significantly.
It’s important to understand the significant advantage HTML5 video has over Flash and other proprietary video technologies. With standardization, the entire ecosystem can focus on maintaining one technology (HTML5) instead of companies focusing their individual resources on trying to keep a proprietary technology secure, up-to-date and performing at a high level. The continuing news of major security liabilities with legacy proprietary video players highlight the need for a standardized technology. The days of struggling to “go it alone” with siloed, outmoded video-enabling technologies are a relic of business models that no longer make sense for anyone.
The point is this: Flash has had an agonizingly slow death, but its final days have arrived. The emergence of a standard – HTML5 video solutions – has put the final nail in Flash Player’s proverbial coffin. Proprietary video technologies must quickly give way to a standard that ensures the security of all corporate users.