The airing of the first episode of Game of Thrones season 5 was a big event for millions of people worldwide. Surprisingly the first four episodes were leaked to the torrent sites almost simultaneously. Game of Thrones is the most pirated TV-show, and has suffered several leaks even before.
Sharing digital content and retaining confidentiality might seem hard. The leaked screener copies were probably easy to copy and let loose on the torrent sites. Hollywood studios need to share a lot of content with external parties, and several different technologies have been developed to protect previews of Oscar nominees, TV-show pilots, etc. Embedded watermarks can pinpoint the owner of the preview copy discouraging leaks, or digital measures can be implemented making copying more difficult. The problem however is that the digital content is sent to the external parties, out of the hands of the owner.
We've been helping companies to securely share digital content online with their partners, customers, contractors, and etc. for a decade. There are a few principles that you need to nail down. The first thing that might come to your mind is authentication, but I'd say you are wrong.
Principles of sharing digital content securely beyond just authentication
1) Authorization. Authentication only tells to the online service who is entering your site. It does not say anything about what this particular person is authorized to see or do. In many B2B use cases trust is created through a contractual relationship. The contract describes the content that the external party is allowed to access. Businesses with multiple product lines, several different products within the line, the complexity grow. The first principle is to authorize your external users properly. When you think of a big corporate organization and complex product lines and portfolios, your next questions undoubtedly will be - how to manage this complexity?
2) Tiered delegated management is a concept of outsourced external identity management. The thought that your organization could have full visibility to your external partner, customer, or other stakeholder organization is far fetched. The contractual data is stored in your CRM. It is the seed of your trust relationship. The contract is a mutual agreement indicating trust. Creating a way for your external users and organizations to manage their own information and identities by themselves is the way. But you should not give your external users or organizations access to your CRM.
Authorization, and especially giving authorization control to your external organizations makes your life easier. When using an appropriate IAM solution, and empowering your external users to manage their own data, it can give you a complete picture about your customer organization and who is authorized to access what.
Sharing digital content is not difficult. You just have to have the right approach to it. Authentication is important, but it is even more important that you take correct steps after authentication, and make your services aware of role information or authorization data.
We have helped organizations to share information securely. It might seem a daunting idea to share confidential information over the Internet, but with proper tools and precautions it can be remarkably easy for both you and your external users. Correctly implemented IAM and a online viewing process could have kept the secrets of the Seven Kingdoms.
