Secure podcasting for the enterprise
My clients, which are Fortune 50 financial services companies, would like to use podcasting internally (that is for their employees only) to support their innovation programs. There are a number of security hurdles to overcome to make this possible.
First, just plugging a USB device into your desktop computer at work represents a major security threat. Some articles about this are collected here. In addition to being able to transport large amounts of data, iPods in particular are more intelligent than other devices and have the ability to execute code that could be used for data extraction.
Solutions include M-systems Xkey device and Reflex Magnetics removable media manager to keep centralized control over what USB devices can be used and by whom.
Another solution is simply to pre-load the iPod with the media files and avoid the problem of connecting them to the desktop altogether. This is a viable solution for less sensitive information and a certain level of security can be achieved using the Screen Lock feature on the iPod. Here are instructions:
But this won’t work for sensitive information. My clients’ information security controls require that any classified information that is put on electronic transportable media (ETM), such as an iPod, must be encrypted. I have not yet been able to find a portable media player or third party software that will encrypt the media files.
Moon Valley Software offers Icon Lock-iT, file security software that will encrypt files when you enable disk use on the iPod. But it does not encrypt the music/podcast files.
One of my clients uses Pointsec centralized encryption for removable media which will do full disc encryption. But it is not clear if an iPod would be functional after encryption and there is nothing on the Pointsec site about iPods.
Of course encrypting the media files on an iPod seems to run counter to what podcasting is all about and Digital Rights Management already takes care of protecting the media files distributed by iTunes, etc. So why not make it possible to apply DRM to podcasts? Jake Ludington has written extensively on that here. He writes:
As far as I know, this isn’t currently addressed by DRM solutions. There are plenty of rules about only playing files on certain machines or on a limited number of machines. There are rules about only allowing a file to play a certain number of times but not whether those times are as a stream or in some other format. At this point the whole issue of combating streaming starts to look ugly because DRM is complicated. Existing systems require a validation server to verify rights against before playback, which isn’t convenient for the guy making podcasts in his basement. Further hassle is added by the small number of devices capable of playing back DRM wrapped content from any provider and an unwillingness on the part of Apple to open the Fairplay DRM implementation they use in the iTunes Music Store and the entire audience is marginalized.
That’s the extent of my research so far.