Securing Digital Assets

15 07 2012


Corporations produce a wide variety of digital files to make their presence known through television advertisements, email marketing, branded social media through Facebook and YouTube, mobile and tablet applications, and website updates to name a few.

Figure 1: Digital Content Categories

To keep their content and marketing messages fresh, these corporations spend millions of dollars to create and distribute these files [4][5]. In addition to marketing media production, corporations produce multimedia files for training, compliance, and product recipes to name a few.

Security Goals

Organizations that do not have a centralized repository for storing and retrieving digital assets use network shares, Compact Discs or other physical storage media to store and/or distribute. Network shares and compact storage media do not provide adequate security coverage to support some of the high-level security goals [1]:

  • Confidentiality – Digital assets must only be accessible to authorized personnel
  • Integrity – Digital assets must only be modified or altered by authorized personnel
  • Availability – Digital assets must be accessible to authorized personnel at appropriate times

The following sections provide a set of ideas for supporting the high-level security goals outlined above.

Digital Asset Management

One of the primary focuses of an organization, which produces considerable amount of digital assets for its marketing [5] or other initiatives, must invest in establishing a centralized repository. It helps in storing, retrieving, and distributing the digital assets in a consistent way. Digital Asset Management (DAM) systems help setup a centralized repository within an organization. As shown in Figure 2, Producers use a wide variety of tools to create digital assets. The assets are then ingested into the DAM system (depending upon the use-case) transformed or transcoded to produce a format that is suitable for the destination – website or mobile device among others.

Figure 2: Digital Asset Management System

By employing the DAM system, corporations could satisfy confidentiality and integrity goals using various security measures provided by the system. Figure 3 illustrates some typical roles that are defined within the DAM system as follows:

Figure 3: Typical roles within the DAM system [3]

As can be seen in the above diagram, one can establish access control policies for digital assets using a DAM system. Though several access control models are possible, role-based access control model (RBA) [2] is discussed here. In DAM systems, the following roles could be defined using the RBA model:

1)    Librarian

Librarians are primarily responsible for the following:

  • Providing metadata and taxonomy to assets
  • Keeping an eye on the overall quality of an asset
  • Assigning appropriate rights to assets

2)    Administrator

Administrators are primarily responsible for the following:

  • Installation and configuration of the DAM system
  • Regular maintenance of the system – applying patches/bug fixes etc.
  • Batch uploads/downloads of assets

3)    Producer

Producers are users who create digital assets – images, videos, text or other types of digital assets.

4)    Consumer

Consumers are users who make use of the digital assets in a wide variety of ways. Depending upon the delivery channel such as print, web, or mobile channel, the number of consumers could range from hundreds to several millions. Various levels of consumers could be established based on the sensitivity of the digital assets in question. For example, DAM systems provide a way to associate rights information with every digital asset. Rights information includes restricted, unrestricted, internal use-only, expiration with dates, embargo information with geographic details etc.

After defining these roles, various permissions (viewing, converting, importing, deleting, modifying etc.) can be granted to these roles. When new users require access to digital assets, depending upon their role, organizations could attach the specific role to users or groups of users to grant appropriate privileges within the system.

By implementing a centralized repository using digital asset management systems, organizations gain the ability to support the security goals discussed above. Only authorized personnel would be able to access the digital assets contained within the repository.

Digital Rights Management (DRM)

As discussed in the introduction section, corporations produce these digital assets for a specific purpose – to make them available to their consumers in some shape or form. To ensure the communication of ownership and other information, organizations could use a wide variety of digital rights management techniques such as digital watermarking to add a layer of security to assets that are managed centrally using digital asset management systems.

Digital Watermarking for images

Digital watermarking is a technique by which an invisible structure is added to the image data without affecting the quality of the image in such a way that when an image is distributed, the watermark is distributed along with the image [6]. There are several vendors such as Digimarc [7] that specialize in embedding digital watermarks to final assets. Either these technologies could be used as standalone options or could be integrated into a digital asset management workflow process. The following image has been watermarked using Digimarc technology from within the Adobe Photoshop software:

Figure 4: Embedding watermark using Digimarc from Adobe Photoshop

Typical watermarking that is integrated into the DAM creation workflow includes:

  • Make a copy of the original image (this can be based on some predetermined rule)
  • Apply digital watermark by invoking the necessary watermarking system such as Digimarc for Images
  • Attach the watermarked image as one of the children of the original image (based on rules)

The DAM distribution workflow could be used to deploy the original or watermarked image based on a particular distribution channel such as public website, mobile, or intranet website. For example, Digimarc’s location services [7] could be used to find the illegal copies of the watermarked image floating around the Internet.

Irdeto, Microsoft, and Adobe are some of the other leading DRM technology providers for video, video on demand, movies, and other digital assets.


In this digital age, corporations produce a wide variety of digital assets for a wide variety of purposes. A corporation spends, on an average, 8.5% of its revenue in marketing efforts [5]. A majority of the marketing budget is spent in producing, acquiring, and distributing digital assets. Therefore, it makes total sense for an organization to have the ability to support confidentiality, integrity, and availability of these digital assets files. DAM systems could be employed by organizations to store, retrieve, and distribute assets in a consistent way. DAM systems help organizations realize the security goals in terms confidentiality, integrity, and availability [1] of digital assets by enforcing only authorized personnel to have access to viewing, modifying, and distributing digital assets. In addition to securing digital assets while they are in the confines of the enterprise, DRM techniques such as digital watermarking could be applied by organizations to communicate the ownership information to consumers of the digital assets.


[1]  Pfleeger, Charles P; & Shari L. Pfleeger. “Security in Computing, 4th Edition”. Upper Saddle River, NJ: Prentice Hall, 2008. Print.

[2]  Cummings, Adam; & Bandes, Ron. “Various 95-752 Lectures, Introduction to Information Security Management”, Carnegie Mellon University, 2011.

[3]  Raghavan, Narayanan. “Digital Asset Management and Cloud Computing”, Term Paper for Telecommunications Management, Carnegie Mellon University, 2011.

[4]  Parker, Pamela. “Study: Digital Marketing Spend Reached Nearly $16.6B in  (2012): 24 June 2012

[5]  KOMarketing Associates, LLC. “Duke Survey Respondents Predict Increased Social Media Spending in Years to (2012): 24 June 2012

[6]  Delp, Edward. J. “Multimedia Security Research at Purdue (unknown): 1 July 2012

[7]  Digimarc. “Digimarc for Images” (unknown) 1 July 2012





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: