ApsaraVideo VOD provides features such as data encryption, data isolation, and data leak prevention to protect data from potential security risks in the cloud.
Data encryption
Disk encryption after data writing
Secure download
You can download videos to your local device in the secure download mode. Downloaded videos are encrypted by Alibaba Cloud and can be played only by using ApsaraVideo Player. You must use key files to decrypt the videos before you play them. For more information, see Secure download.
Data transfer encryption
HLS encryption
HTTP Live Streaming (HLS) encryption uses AES-128 to encrypt video content and supports all HLS-compatible players. HLS encryption must be used together with Key Management Service (KMS) and the token service. This encryption method is widely used in fields that require high security, such as online education and TV shows. For more information, see HLS encryption.
Server-side encryption
Alibaba Cloud proprietary cryptography
Alibaba Cloud proprietary cryptography encrypts video data. Video files downloaded to a local device are encrypted, which prevents unauthorized redistribution. Video encryption prevents video leakage and hotlinking. Compared with HLS encryption, Alibaba Cloud proprietary cryptography is more secure and easier to use. For more information, see Alibaba Cloud proprietary cryptography.
Comprehensive encryption solution
Commercial DRM encryption
ApsaraVideo VOD offers industry-widedigital rights management (DRM) encryption. DRM encryption is powered by Apple Fairplay and Google Widevine. You can add and manage DRM certificates and enable DRM encryption in the ApsaraVideo VOD console to ensure the security of your copyrighted video content. For more information, see Overview.
Data isolation
Region isolation
Media resources and relevant configurations in ApsaraVideo VOD are region-bound. You cannot process media resources across multiple regions. For example, if you activate ApsaraVideo VOD within an Alibaba Cloud account in the China (Shanghai) region, you cannot process media files stored in the China (Beijing) region.
Region isolation facilitates data storage and helps enterprises comply with local regulatory requirements and adapt to local culture. It also allows users to retrieve data from the nearest data center or server. This reduces the wait time and data latency and improves user experience.
After you activate ApsaraVideo VOD, the system allocates a VOD bucket to each region. After you enable the VOD bucket in a region, you can upload and manage media resources in this region. For more information, see Manage storage buckets.
Application isolation
ApsaraVideo VOD provides the multi-application service. You can create multiple applications and isolate media data and relevant configurations in different applications. This allows you to isolate multiple environments, business lines, and channels.
The multi-application service supports isolation only for media upload, audio and video playback, media management, and callbacks.
The multi-application service is available only to users in the whitelist. To use the multi-application service, submit a request on Yida. For more information, see Overview.
Data leak prevention
Image or text watermarks
You can add image or text watermarks to videos to declare video copyright, promote brands, or improve brand recognition. This also prevent data leakage. For more information, see Video watermarks.