How to create a secure podcast channel for internal podcasting

lock.001

One of the things which are pretty crucial when you do internal podcasting and deal with sensitive information is the security level you implement in order to protect the sensitive information from unwanted eyes. In the early days when we implemented one of our first podcast series for a pharma company we were shocked to realize that all podcasts showed up in regular podcatch sites such as Odeo. Especially embarassing when Corporate Communications found out about it. Not good.

We learned a lot since. However, most knowledge we learned from trial and error. Surprisingly not a lot can be found on the internet about the process involved. Sure, there are many podcast hosting sites where you can upload your podcast, create a feed and submit it to iTunes. But when you do internal podcasting that is exactly what you do not want to do. Remember, when you use internal podcasting for business purposes two things are important:

1) You do not want your podcast to be found by the Googles in this world
2) You want to password protect your content

In addition, podcasters should in general consider the following as well:

3) You want to be flexible in your decision which hosting service you use
4) You do not want your feed to change since that will result in losing listeners

Regular podcast hosting services are aimed at obtaining an audience as large as possible, and create buzz wherever possible. Internal podcasting wants to stay below the radar, only accessable to selected members.

A few hosting companies have specialized themselves in this area. But not a lot. We have been using Podkive from Genetic Hosting for a while which provides easy creation of the feed through a simple web interface. However, lately they have been having some problems with their uptime, so I decided it was time to investigate other possibilities.

After half a day I think I have figured it out. It does require some logic thinking and I have to admit, it’s not for the technofobes. But it works. Until somebody comes up with an easy point and click system this is what we’ll be using. Let’s have a look.

The ten steps of creating a secure podcast channel:

  1. Take an account with a reliable hosting service which offers password protected directories. I’m not providing any ‘reliable hosting service-lists’ since you can find these plenty on the internet. Make sure that you have sufficient storage and bandwidth.
  2. In your home directory, create two folders: one for the files (video/audio) and one for the XML file.
  3. Password protect the folder with the files. Do not password protect the folder with the XML file.
  4. Upload your content via FTP to your files directory.
  5. Fire up your feed creation software. I use Feeder for that (Mac only, I’m sure Windows has similar programs too). Create your feed. This may require some setting and filling in the right paths where to find the content.
  6. Upload your XML feed via the software to the unprotected folder in your host directory.
  7. Check if your feed works. Copy and paste the feed address in your browser. If all went OK you should get a pop-up window asking for your username/password when you want to access the content.
  8. Now it’s time to make sure you will have the same feed till the end of days. Go to Feedburner.com and burn your just created feed into a Feedburner feed.
  9. Take this feedburner feed (starting with feeds2.feedburner.com/[feedname] and check if it works in your browser. Again you should see a pop-up window asking for your username/password. Fill in your credentials. You should be able to see your content
  10. Copy and paste the Feedburner feed into iTunes (Menu Advanced/Subscribe to podcast…). Hit OK. Fill in your username/password and off you go (remember to check ‘Remember Password’)

Because the folder with your content is password protected, Google spiders can not enter and hence can not find your data. If somebody finds the original path (which is difficult since it goes through Feedburner) they still can’t access your files without udername/password. If you want to change hosting services you just link a new feed to your Feedburner feed. End users won’t see the difference.

We think this is a nifty way of creating a secured channel. Is it 100% secure? Most probably not. Die-hard hackers will be able to hack into everything. And remember: the chain is as strong as the weakest link. Change username/password regularly, especially when people leave the company. And of course the morst important tip of the day: Don’t use sensitive information in your podcasts. We use no absolute figures when we talk about sales developments, only percentages. Treat this digital communication channel as any other. Cautiously.

10 Responses to How to create a secure podcast channel for internal podcasting

  1. Interesting article. I’ll have a try at this.

    Do you think this setup would work if you have your Site and Feed hosted in one place (on a web hosting account) and the actual media files in another place (LibSyn for example) ?

    Regards,

    Stefaan

  2. Pingback: Podcast Submit | Secure Podcasts | Podcast Marketing | Podcast Submission | Podcast Syndication

  3. Erik says:

    @Stefaan: If you look at safety I would be careful with Libsyn. My podcasts showed up in Google and other podcast aggregators when I used Libsyn (great service by the way, but not secure). If you place your site and feed on a seperate site they still may be able to find your media. Most importantly, if someone knows the url of the libsyn files (e.g. http://www.libsyn.com/username/podcastname/audio.mps) people can forward this url and have access to the media. This would not be the case if the media is protected.

  4. Hm, you have a point there Erik, never thought of it in that way. The would indeed need to find you username and the correct file name for that.

    I’ll have to try something different, still want to keep using LibSyn for my hobby podcast though. No way I could affored 500 downloads for each 30 minute video every month. Would cost me a fortune in Badwidth🙂

    Regards,

    Stefaan

  5. Erik says:

    Does your hobby podcast need to be secure? I agree Libsyn is a great concept: not pay more for bandwidth…

  6. Philip says:

    This is good for one username/password. What about 1000s? I want to create podcasts that are username/password protected, but that information is in a database.

    Any thoughts?

  7. Erik says:

    You need an entire platform for that. The one I know is Podkive but like I wrote, they do have their issues. I do not know any other solution currently.

  8. This is an interesting article and I like the focus on securing directories. What I like about this solution is it provides the technical know-how for people who want externally hosted solutions.

    While I was reading I was thinking of another option.

    Perhaps another solution might be to host the files internally on an internal networked file server that is web-enabled. The downside of this solution is the internal network traffic if everyone downloads the file at the same time, however a large positive upside is that the files are not hosted externally anywhere.

  9. digiredo says:

    @James Your assumption is correct. The most safest thing to do is hosting it internally. However, you then have to deal with corporate IT, and in my experience they are usually not so forward thinking. Moreover, they don’t like the extra bandwidth.

  10. Squatter says:

    anyone here happen to know how to password protect a Podcast Library hosted by Podcast Producer 2 on Snow Leopard Server (10.6)? it doesn’t seem to be protected by default and has the same issues you speak about here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: