One of the things which are pretty crucial when you do internal podcasting and deal with sensitive information is the security level you implement in order to protect the sensitive information from unwanted eyes. In the early days when we implemented one of our first podcast series for a pharma company we were shocked to realize that all podcasts showed up in regular podcatch sites such as Odeo. Especially embarassing when Corporate Communications found out about it. Not good.
We learned a lot since. However, most knowledge we learned from trial and error. Surprisingly not a lot can be found on the internet about the process involved. Sure, there are many podcast hosting sites where you can upload your podcast, create a feed and submit it to iTunes. But when you do internal podcasting that is exactly what you do not want to do. Remember, when you use internal podcasting for business purposes two things are important:
1) You do not want your podcast to be found by the Googles in this world
2) You want to password protect your content
In addition, podcasters should in general consider the following as well:
3) You want to be flexible in your decision which hosting service you use
4) You do not want your feed to change since that will result in losing listeners
Regular podcast hosting services are aimed at obtaining an audience as large as possible, and create buzz wherever possible. Internal podcasting wants to stay below the radar, only accessable to selected members.
A few hosting companies have specialized themselves in this area. But not a lot. We have been using Podkive from Genetic Hosting for a while which provides easy creation of the feed through a simple web interface. However, lately they have been having some problems with their uptime, so I decided it was time to investigate other possibilities.
After half a day I think I have figured it out. It does require some logic thinking and I have to admit, it’s not for the technofobes. But it works. Until somebody comes up with an easy point and click system this is what we’ll be using. Let’s have a look.
The ten steps of creating a secure podcast channel:
- Take an account with a reliable hosting service which offers password protected directories. I’m not providing any ‘reliable hosting service-lists’ since you can find these plenty on the internet. Make sure that you have sufficient storage and bandwidth.
- In your home directory, create two folders: one for the files (video/audio) and one for the XML file.
- Password protect the folder with the files. Do not password protect the folder with the XML file.
- Upload your content via FTP to your files directory.
- Fire up your feed creation software. I use Feeder for that (Mac only, I’m sure Windows has similar programs too). Create your feed. This may require some setting and filling in the right paths where to find the content.
- Upload your XML feed via the software to the unprotected folder in your host directory.
- Check if your feed works. Copy and paste the feed address in your browser. If all went OK you should get a pop-up window asking for your username/password when you want to access the content.
- Now it’s time to make sure you will have the same feed till the end of days. Go to Feedburner.com and burn your just created feed into a Feedburner feed.
- Take this feedburner feed (starting with feeds2.feedburner.com/[feedname] and check if it works in your browser. Again you should see a pop-up window asking for your username/password. Fill in your credentials. You should be able to see your content
- Copy and paste the Feedburner feed into iTunes (Menu Advanced/Subscribe to podcast…). Hit OK. Fill in your username/password and off you go (remember to check ‘Remember Password’)
Because the folder with your content is password protected, Google spiders can not enter and hence can not find your data. If somebody finds the original path (which is difficult since it goes through Feedburner) they still can’t access your files without udername/password. If you want to change hosting services you just link a new feed to your Feedburner feed. End users won’t see the difference.
We think this is a nifty way of creating a secured channel. Is it 100% secure? Most probably not. Die-hard hackers will be able to hack into everything. And remember: the chain is as strong as the weakest link. Change username/password regularly, especially when people leave the company. And of course the morst important tip of the day: Don’t use sensitive information in your podcasts. We use no absolute figures when we talk about sales developments, only percentages. Treat this digital communication channel as any other. Cautiously.
Interesting article. I’ll have a try at this.
Do you think this setup would work if you have your Site and Feed hosted in one place (on a web hosting account) and the actual media files in another place (LibSyn for example) ?
Regards,
Stefaan
[...] May 14, 2009 by A Podcasting Blog from Podcasting Tools – Daily Podcasting News and Information for Podcasters and Listeners. Filed under Podcasting Tips One of the things which are pretty crucial when you do internal podcasting and deal with sensitive information is the security level you implement in order to protect the sensitive information from unwanted eyes. In the early days when we implemented one of our first podcast series for a pharma company we were shocked to realize that all podcasts showed up in regular podcatch sites such as Odeo. Especially embarassing when Corporate Communications found out about it. Not good. Secure Podcasts [...]
@Stefaan: If you look at safety I would be careful with Libsyn. My podcasts showed up in Google and other podcast aggregators when I used Libsyn (great service by the way, but not secure). If you place your site and feed on a seperate site they still may be able to find your media. Most importantly, if someone knows the url of the libsyn files (e.g. http://www.libsyn.com/username/podcastname/audio.mps) people can forward this url and have access to the media. This would not be the case if the media is protected.
Hm, you have a point there Erik, never thought of it in that way. The would indeed need to find you username and the correct file name for that.
I’ll have to try something different, still want to keep using LibSyn for my hobby podcast though. No way I could affored 500 downloads for each 30 minute video every month. Would cost me a fortune in Badwidth
Regards,
Stefaan
Does your hobby podcast need to be secure? I agree Libsyn is a great concept: not pay more for bandwidth…
This is good for one username/password. What about 1000s? I want to create podcasts that are username/password protected, but that information is in a database.
Any thoughts?
You need an entire platform for that. The one I know is Podkive but like I wrote, they do have their issues. I do not know any other solution currently.