eCDNs Alternatives for
Zero-Trust Security Framework
How enterprise content delivery network (eCDNs) alternatives (peer-to-peer, video caching, and multicasting) fit an organization using a Zero-Trust security framework
CORE RESOLUTION
The Enterprise Video Challenge
Delivering video over an enterprise network poses a number of challenges and they are must be carefully considered when planning to deliver video over an enterprise network.
Bandwidth-intensive activity
Video is a bandwidth-intensive activity, and enterprise networks are often not designed to handle large amounts of traffic. As a result, video can quickly overwhelm the network, causing delays and interruptions.
Wide area of distribution
Enterprise networks are typically distributed across a wide area, making it difficult to deliver consistent quality. Different locations may have different levels of bandwidth available, and the further the distance, the greater the chance for delays and disruptions.
Security restrictions
Enterprise networks are often subject to security restrictions, which can make it difficult to deliver video content in a safe and secure manner.
CORE RESOLUTION
Enterprise Content Delivery Network (eCDN) to the rescue
Many enterprise networks are not designed to handle the large amount of traffic that video streaming can generate. As a result, video delivery can be slow and unreliable, leading to a poor user experience.
An eCDN (enterprise content distribution network) can help to solve these problems by distributing video traffic across multiple servers. This allows for more efficient use of bandwidth and prevents any single server from becoming overloaded.
In addition, eCDNs can provide features such as caching and transcoding, which further improve the quality and reliability of video delivery.
As enterprises increasingly rely on video for communication and training, an eCDN can be an essential tool for ensuring smooth and reliable delivery.
Applying Zero Trust to Video Streaming
Protecting video content from source to viewer is critical to the continued success of video as a learning and collaboration tool. This paper explores the seven best practices for applying a Zero-Trust security framework to video delivery
CORE RESOLUTION
Three eCDN Video
Delivery Methods
There are three primary methods for delivering video:
Peer-to-Peer (P2P)
Refers to a decentralized network architecture in which computers communicate directly with each other without the need for a central server. Each computer in a P2P network is both a client and a server, meaning that it can request and provide resources to other computers on the network.
VIDEO CACHING
Is the process of storing frequently accessed video content on a local server, in order to improve delivery speed and reduce strain on the network. By keeping a local copy of popular videos, the caching server can provide immediate access to viewers, without having to wait for the content to stream from the original source.
Multicast
Is a method of communication in which information is sent to a group of destinations simultaneously. Multicast uses a special type of IP address, called a multicast address, to identify the group of destinations. When a message is sent to a multicast address, it is automatically forwarded to all hosts that have subscribed to that address.
HOW
How Do The Delivery Methods
Fit Zero-Trust
In cyberspace, the term “zero trust” indicates a security strategy in which access to data and resources is not automatically granted based on an individual’s location or identity.
Instead, all users are treated as untrusted outsiders, and every interaction is verified and authorized before it is allowed to proceed.
The goal of zero trust is to verified identities and strengthen security by making it more difficult for attackers to gain a foothold within a network.
The seven core considerations when implementing an eCDN in a Zero-Trust security model:
1
Securing Physical Assets
The infrastructure used to retrieve, store and transmit video.
2
Micro-segmentation
Creating a secure perimeter zone around each workload.
3
Least Privilege Access
Limiting users’ access rights
to only what is strictly needed.
4
Network Transport
Controlling ports and protocols used to carry video streams.
5
Securing Data
Securing vide streams at rest and in transit, and related data.
6
Application Control
Ensuring apps have been developed properly and are
up to date.
7
Preventing Lateral Movement
Preventing attackers from progressing through the network.
How Do The Three eCDN Methods Fit this model?
What are the issues with P2P in Zero Trust?
| P2P | Video Caching | Multicast | ||
|---|---|---|---|---|
|
Securing Physical Assets |
|
|
|
|
|
Micro-Segmentation |
|
|
|
|
|
Least Privilege Access |
|
|
|
|
|
Network Transport |
|
|
|
|
|
Securing Data |
|
|
|
|
|
Application Control |
|
|
|
|
|
Preventing Lateral Movement |
|
|
|
|
Micro-Segmentation – P2P
Micro-Segmentation – P2P can inadvertently prevent peers from connecting and sharing videos. Additionally, security mechanisms used in zero-trust networks can interfere with the normal functioning of P2P networks, causing videos to fail to download or play correctly.
Least Privilege Access - P2P
Least Privilege Access - P2P requires each user to accept the stream and then restream the video to others in the network. In a zero-trust model, users need to be restricted to the least privilege necessary to do their job and should have the ability to share video with other users outside of their own role.
Preventing Lateral Movement – P2P
Preventing Lateral Movement – P2P video delivery is based on moving data laterally between devices and across network segments violating the fundamental tenant of lateral movement.
