ApsaraVideo VOD offers data security services, such as data encryption, data isolation, and data leak prevention, to effectively prevent security risks in the cloud.
Data encryption
Encryption at rest
Secure download
The secure download feature lets you use ApsaraVideo Player to cache videos on mobile devices for offline playback. Downloaded video files are encrypted with a generated key file and can be decrypted and played only by ApsaraVideo Player. The videos cannot be played by third-party players or without decryption. For more information, see Secure download.
Encryption of data in transit
HLS encryption
HTTP Live Streaming (HLS) encryption uses AES-128 to encrypt content and is compatible with all HLS players. It is used with Key Management Service (KMS) and the token service. This encryption method is widely used in fields that require a high degree of security, such as online education and exclusive video series. For more information, see HLS encryption.
Server-side encryption
Alibaba Cloud video encryption (private encryption)
Alibaba Cloud video encryption is used to encrypt video data. Even if video files are downloaded to a local device, they remain encrypted to prevent unauthorized redistribution. This effectively prevents issues such as video leakage and hotlinking. Compared with HLS encryption, private encryption is more secure and easier to use. For more information, see Alibaba Cloud video encryption (private encryption).
Comprehensive encryption solution
Commercial DRM encryption
ApsaraVideo VOD provides industry-standard Digital Rights Management (DRM) encryption. DRM encryption is natively supported by Apple FairPlay and Google Widevine. You can use ApsaraVideo VOD to add and manage DRM encryption from a single location to protect your copyrighted video content. For more information, see DRM encryption.
Data isolation
Region isolation
Within a single Alibaba Cloud account, media assets and related configuration data in ApsaraVideo VOD are isolated by service region. Cross-region processing of media resources is not supported. For example, if your service registration region is China (Shanghai), you cannot process media assets stored in the China (Beijing) region.
Region fencing helps businesses store data in compliance with local regulations and cultural customs. It also improves the user experience by providing access to nearby data centers or servers, which results in faster response times and lower latency.
After you activate ApsaraVideo VOD, the system allocates a storage bucket to you in each region. After you enable this system bucket, you can upload and manage media assets in that service region. For more information, see Manage storage buckets.
Application isolation
ApsaraVideo VOD supports a multi-application system. You can create multiple applications to isolate media assets and related configuration data. This helps address data isolation issues across multiple environments, services, and channels.
Currently, multi-application isolation is supported only for media uploads, audio and video playback, media asset management, and message callbacks.
The multi-application system is available only to whitelisted users. To use this feature, submit a ticket to request activation. For more information, see Multi-application system.
Data leak prevention
Image and text watermarks
You can add visible image or text watermarks (clear watermarks) to videos to highlight your brand, declare copyright, or improve product recognition. This helps prevent sensitive data leakage. For more information, see Image and text watermarks.
Digital watermarks
You can add invisible copyright or tracing watermarks (hidden watermarks) to videos for copyright protection and leak tracing. This helps prevent sensitive data leakage. If a leak occurs, you can trace its source. For more information, see Digital watermarks.