photo credit: eZinePhotos.com

This morning I received emails from two separate clients who were worried about their Amazon S3 protection. Amazon Web Services sent out an email over the weekend alerting people who had settings that may cause a security issue. So I did some research to help solve the problem for my clients.

Here’s the setting issue: In order for my clients’ members to access the media on the membership sites, the files in Amazon S3 must have the permission set to “Everyone = Read”. That allows anyone who has access to the full URL of the file to be able to open it. The issue happens when someone shares the direct link with others. Another issue (and what was shared by AWS in their email) is hackers and pirates are developing software to harvest those “visible” links. While you may trust your members to a point, you can’t trust hackers to leave you well enough alone.

There’s no way to isolate yourself from criminal activity completely. Just as there’s no way to guarantee you will never be in a car accident or cut yourself shaving. But just as you would probably never stop driving completely or throw away all your razors, you don’t want to delete everything you’ve ever done online. We have ways to minimize the odds. We wear seat belts and practice defensive driving techniques. We use safety razors and shaving cream. And there are tools to help protect the security of your files.

First, take a risk assessment. If you are only hosting a few files and are offering them up for free to your website visitors, link sharing really isn’t a major concern. You want people to share the links! And a hacker/pirate probably won’t be interested in your marketing videos anyway. That doesn’t mean you shouldn’t protect your files, but it may not be #1 on the priority list at this time. If, however, you are sharing proprietary content that people are paying you to access, you really should look into securing the files from sharing and pirating.

There are two programs on the market that solve this issue for you. Both come highly recommended and are similar in cost. (Yes, there is a cost for both of them, but it’s minimal compared to the peace of mind you will have!) S3 FlowShield: $97 and Secure DL: $67.

Both of these programs do basically the same thing: they create an authenticated link that expires after a set period of time. So your member can view a video, but cannot share the link with anyone. And, since your file is not “visible” on Amazon S3 (ie: the Everyone permission is denied “Read” access), hackers can’t find your file either. This works with videos, audios, downloadable files… you name it!

The biggest difference between the programs is the media player(s) they use. S3 FlowShield comes bundled with a commercial license for FlowPlayer, allowing you to brand your videos. That license typically costs as much as S3 FlowShield itself, so if you want to use that player it’s a great deal! If you’d like to use your own player, then you may prefer Secure DL as it will work with any video player.

My advice? Don’t wait until the horses are stolen before you lock the barn door. Checkout the programs above and find which one works best for you. Let me know if you need help deciding or implementing! My team and I are always ready to help.