The Tokyo 2020 Olympics might seem far away — yet for lead engineers in charge of streaming the games, it’s not far enough.
Tokyo will have a total of 33 official sports — five more than the Rio Summer Olympics in 2016. In particular, new sports like surfing, skateboarding, sport climbing, and karate target younger viewers who are accustomed to watching sports (and e-sports) online, uninterrupted, and at high resolution.
In 2018, major broadcasters like NBC streamed thousands of hours of events. The BBC broke viewing records with 22.2 million streams. The pressure is on in 2020 to reach and impress an even larger audience.
Delivering a high-quality Olympic viewing experience is an enormous challenge from both a bandwidth and a security point of view. Over 100 million unique users watched the Olympics across NBC’s digital platforms alone in 2018 — nearly a 30% jump over London’s 2012 games. Users logged in to watch the games on-the-go and on myriad devices. NBC had to build out its operations and rely on more than 1,100 staff to maintain consistent service.
Since then, the risks for video streamers have become more visible and acute. In February of 2019, hackers exposed a vulnerability in Chromecast streaming devices that allowed them to play any video they wanted. More recently, on March 2019, free movie streaming site Kanopy disclosed a significant breach of its users’ personal information, including geolocation, device type, and IP address. Hackers know how popular subscription streaming services are today — and are anticipating the 20-day bump that will start next July.
Below, we offer three ways to future-proof your team’s streaming system, so you can deliver the safe yet thrilling experience your users expect.
1. Seamlessly and Securely Authenticate Your Users
Many users watching the 2016 Rio Games online were disappointed. Poor buffering, slow load times (occasionally up to 4 hours in parts of the U.S.), and mediocre in-app experiences caused frustration. Live streaming has been a major part of the Olympic experience since the 2008 Beijing Games. After more than a decade, it’s difficult to excuse subpar services.
Staggered visuals and outages are more than embarrassing. They can lead to declines in user engagement and revenue loss if advertisers seek other platforms.
One way to quickly and significantly improve your user experience is to implement better authentication measures. If a user is pleased with a simple, frictionless initial login — and can access content easily thereafter — it sets the stage for a rewarding, long-term relationship.
A third-party service like Auth0 can help you seamlessly implement features like single sign-on (SSO) that make authentication painless and highly effective. Particularly when users require access to several applications simultaneously or in quick sequence, SSO allows them to simply log in once — regardless of their platform, technology, or domain.
Auth0’s SSO feature has built-in security certifications, including OpenID Connect, OAuth 2, and LDAP. In addition, it’s already SOC 2 and GDPR compliant — so if you’re concerned about protecting a volume of customer data, Auth0 can help with much of the heavy lifting.
Another way to offer your users smooth authentication and authorization is Device Flow, a fast, easy, and safe way to log into limited-input devices. Auth0 offers a fully compliant implementation of the OAuth 2.0 Device Flow so you can take advantage of the security and user experience benefits of a standard delegated authorization protocol.
Taking the time to create a richer user experience doesn’t have to be a drain on your resources. Zeroing in on a pain point like authentication can improve multiple issues simultaneously — making you at once more organized, more secure, and more delightful to your audience.
2. Detect Threats before They Snowball
Cybercrime is on the rise — and according to recent data from Akamai, streamers have emerged as top targets.
In this challenging environment, which will likely become even more dangerous leading up to 2020, it’s critical to take every precaution to protect the customers on your platform.
Simple yet powerful anomaly detection features can help you quickly catch common threats — and take immediate action to block their progression.
Auth0’s brute-force shield, for example, triggers after a set number of failed login or sign up attempts from the same IP address. The shield automatically notifies the administrator, who can immediately respond.
On the back end, admins can tailor their response to a suspected attack in a number of ways, including:
- Blocking the suspicious IP address
- Sending a customized email to the affected user, and/or
- Whitelisting the account, so it doesn’t erroneously trigger a reply in the future
If admins are able to verify the user’s identity and resolve the issue, they can also easily remove the block via an email link.
A tool like brute-force protection is particularly useful with subscription services — where major data leaks have left millions of user credentials exposed to hackers.
With this cache of personal information, it’s easy for cybercriminals to develop algorithms that churn through username/password combinations — rapidly testing them against a login screen — until they gain access.
The bad news is that since consumers worldwide expect to increase their number of subscriptions, the surface area for such attacks continues to widen. The good news is that it’s not hard to bolster or build your platform to keep these attempts in check. Offloading this specific concern to a third party can also free up your technical talent to focus on larger, more complex tasks that directly relate to your efforts to scale.
3. Easily Handle Increased Volume
Even if you’ve developed a winning UX and strengthened your platform against major attacks, video streamers still face the challenge of making sure their service is robust enough to handle the surge in viewers expected for the Olympics.
Now is the time to be updating legacy systems, load testing, and determining specific gaps so that you can make necessary changes in time for Tokyo.
One way to do this is to develop your technology in-house. This has the potential to give you more ownership and flexibility over your outcomes. Yet many teams can’t afford to dedicate the time and engineers required to make these systemic changes.
A second option is to buy your solution. In this case, it’s critical to find technology you can tailor to fit your needs. Every company is different — and will have different needs as it evolves. There is no one-size-fits-all product or suite of products that instantly delivers on volume, security, and design.
For this reason, at Auth0, we’ve built flexibility into our core. Every tool and feature we provide comes with extensions — ways to run commands/scripts that enlarge the functionality of the base product. Whether it’s SSO, anomaly detection, advanced authentication features, or tools for better user management — Auth0 has specific Rules and Hooks that adapt our technology to serve yours.
Be a Team Player
Preparing your platform for an enormous uptick in demand and increasing security threats — all while remaining fun and easy-to-use on the front end — might seem like an unwieldy and expensive task.
Whether you build or buy the solutions you need, you’ll be dedicating significant financial and human resources in a tight time frame. Partnering with a team who has done this before can make all the difference — and the ROI is often much higher than teams think.
You’ll speed up time to implementation, reduce security costs, and free your engineers to double down on core, revenue-driving products.
You don’t have to dread the Olympics. If you update your platform now, by the time 2020 rolls around, you too could be in the audience.
Auth0, a global leader in Identity-as-a-Service (IDaaS), provides thousands of customers in every market sector with the only identity solution they need for their web, mobile, IoT, and internal applications. Its extensible platform seamlessly authenticates and secures more than 2.5 billion logins per month, making it loved by developers and trusted by global enterprises. The company's U.S. headquarters in Bellevue, WA, and additional offices in Buenos Aires, London, Tokyo, and Sydney, support its global customers that are located in 70+ countries.