Homeworkers can be used to author subtitles but even this has limitations which are quickly encountered. First of all, the media has to be sent to the homeworker by such methods as posting a DVD. However, some of the big film producers are extremely nervous when sending pre-release blockbusters and this method demonstrates an obvious security issue. Expensive authoring software has to be sent to each homeworker and maintained, and the licensing model usually requires each user to have their own license, this adds cost and complexity to the already troubled workflow.

SaaS solution

At first sight it looks like we can solve all of these problems using SaaS services. A producer loads a proxy file onto a known secure Cloud server with user login credentials. In a similar way to watching a YouTube video the subtitling author working from home can easily view the media in a web browser. The authoring tool can be built into the SaaS server and the user login further provides an audit trail of who has watched which video, where and when, as well as keeping track of their progress.

One of the key advantages to the SaaS model is the numerous different monetization models that are available to the client and vendor. The true SaaS service gives a user login credentials through an internet browser and all of the infrastructure and software is maintained by the hosting company. The broadcaster has no infrastructure or software to maintain. Charging can be provided per upload, per user or per time used. The flip side being the broadcaster has lost some control. Although the SaaS service provider probably encrypts their hard disc drives, there is no guarantee that somebody in the service providers company won’t be able to copy the media.

Private Cloud solution

The private-cloud model requires the broadcaster to host and maintain the software and infrastructure. The technical skill requirements for this can vary enormously, from the broadcaster having to provide a network hosted Apache server with all of the security needs that follow, to providing a simple VM host to mount a node behind a strict firewall.

The private-cloud network design is greatly simplified if access can be kept within the broadcaster domain, protected from outside hostile traffic using a standard firewall. However, as soon as we start using workers at their homes security becomes a major issue. We have to assume the network is being watched. Either we have to provide elaborate VPN tunnels to protect the server, or the host-server has to be assumed accessible by the world and the network configured accordingly.

Public Cloud solution

A third option is now available and that is for the broadcaster to take advantage of one of the public cloud providers such as Amazon Web Services or Azure. Both of which provide simple VM models with enhanced security to allow the server to be locked down to a specific port, such as 80 for HTTP, or list of IP addresses. In the case of AWS the vendor can make the image available to specific companies so they can create their own infrastructure using load balancers and secure security policies. When the vendor makes a new version of the software the broadcaster can create a VM with the new image, bring it on line behind a load balancer, then stop and delete the existing VM. The user will have no idea this is happening and the first they know is when they notice a bug has been fixed or a new feature appears.

The theory sounds simple but complications occur when we consider integration into the broadcasters automated workflows and credential verification systems. With all of the different software services that exist the number of credentials that individual users have to maintain quickly snowballs, leading to the “password on a post-it” syndrome. Systems such as Microsoft’s Active Directory allows for the use of centralised credential management, allowing a user to have just one logon name and password. To take full advantage of AD systems the SaaS provider must be able to interface to them in a secure and safe manner.

The private-cloud model is arguably more secure from a copyright point of view. The broadcaster hosts the infrastructure platform and application software, resulting in the media staying within the broadcaster domain. The weakest link becomes the internet connection between the broadcaster network and the home workers’ PC.

Security trumps any solution

With all these models an unscrupulous person could record the streamed video via a hacked browser that has bypassed any digital rights management. Although we are now delving into the improbable, these scenarios will be considered and audited by big film and distribution companies. A simple way of adding security in this instance would be to add a strap across the vision saying “not for broadcast” with a unique code for that broadcaster. The broadcaster should look to see if this is available in the subtitling software, if it is not then a further task will need to be added to their automated workflow.

At first sight the SaaS model seems to be the answer to all our problems. However, even after a simple analysis of the workflows involved we see that copyright security soon becomes an issue, especially when we move out of the broadcaster domain. TV companies have been spoiled in the past as far as security is concerned. Media was distributed on physical media that only the industry had access to. Point to point dedicated lines provided network security with robust audit trails. With the advent of file based media, distribution has become much easier and has provided broadcasters with cheaper simpler solutions to workflows such as subtitling. With this simplification comes responsibilities, and broadcasters should fully explore copyright and security before jumping into utopian SaaS models.