Facebook
Twitter
LinkedIn
It’s time to talk about p2p security! Back in 2007, when Hive began moving out of the realm of the theoretical and into the commercial world, attitudes towards p2p networking were divided. Chief Information Officer Nils Franzén explains how that helped shape the company’s attitude towards security.
Hive’s great founding insight was that by using peer-to-peer technology to distribute live video. The impact on a network’s bandwidth could be dramatically reduced. But the technology itself had become associated with sites like The Pirate Bay and Napster. Which had amassed tens of millions of users with their vast indexes of music, movie, and software files.
“P2P security had a bad reputation,” Nils explains.
It was used for illegal file sharing and there was a lot of tension around it. That connotation has faded away by now, but it meant that security was absolutely paramount for Hive, from day one.
Hive’s first employee
When Nils joined Hive as a software developer thirteen years ago, he became the company’s first employee. It is indicative of the company’s priorities that this recruit wasn’t a sales director, a marketing manager, or a CFO. It was a security expert.
This intense spotlight on security mirrors the mindset of Hive’s customers. Put simply, security is a top priority for every one of them. While enterprises are now comfortable with peer-to-peer as a technology. The focus on information security is far stronger and more mature than it was a decade ago.
At the same time, GDPR and the wider debate around data privacy have raised the level of understanding among non-IT executives.
I’d say we’re paranoid when it comes to security, Nils Franzén,CIO Hive Streaming
GDPR-compliant before GDPR existed
As Nils points out, Hive was GDPR-compliant before GDPR ever existed. The backend is securely located in Microsoft Azure datacenters, and the company has unwaveringly stuck to its three security principles since the very beginning.
- Nothing to steal
Most important is that we have always carefully tried to avoid storing any sensitive information. This makes the whole challenge of security so much easier, says Nils. It means that we don’t have any PII or any other video data. We don’t touch that.
In other words, because the video data doesn’t pass through Hive’s cloud space, there’s nothing to steal.
- Defense in depth
The second principle is one that would appeal to data and privacy experts everywhere: defense in depth.
The underlying assumption is that in all software there are risks, so you can’t just rely on one layer of security. We have multiple security mechanisms so if, for instance, your (unpatched) operating system has a security flaw, we survive thanks to the security in other layers.
- Being humble
The third principle is to approach the challenge of security with humility. Security is hard and it’s important to recognize that.
That means baking security into every stage of the software development life cycle and using industry-standard threat modeling. Security code reviews, security scanning, and dependency vulnerability checking tools.
Our principles for P2P Security
These principles have helped Hive to meet the most stringent security demands from over 150 enterprise customers. One of those customers was Microsoft, which has now become one of Hive’s longest-standing partners.
In fact, we designed part of our security together with the Microsoft engineers at Redmond, says Nils.
They were installing it on their computers for use across their company. All the way up to their CSO and the rest of the global management team.
As the security industry has matured, customer requirements have become more standardized – but also much more demanding.
So in 2020, Hive invited the Swiss security firm Kudelski to conduct a detailed review of the company’s approach to security. They assessed twenty different focus areas including the Hive Agent, the peer-to-peer distribution technology, and how the company collects and analyzes data.
Their conclusion was that “Hive demonstrated high maturity in their security practices, development practices, privacy practices and overall security by design methodology. It was a ringing endorsement of Hive’s security methodology – but not one that the company will ever take for granted.
Establishing a culture of security awareness in an organization is a mindset and a vital component for our company to be competitive. In 2021 we decided to re-evaluate our Security Awareness Training partner. We contracted and partnered with a leading vendor in this field “KnowBe4”. In this way, we can continue to build the most resilient cyber risk-aware workforce.
