Jason Chan

Netflix’s security challenges go far beyond your payment information

Jason Chan, the company’s former VP of Information Security, spoke to CTech about issues streaming services face when delivering content around the world

For the average consumer, the biggest problem with Netflix is what to watch. Between new episodes of ‘Stranger Things’ and a different Hollywood-type movie dropping each week, there are 221 million users - 75 million in the U.S. alone - who turn to the streaming giant each night and depend on it for entertainment.
For others, the problem with Netflix symbolizes a giant headache of IP protection, actor privacy and safety, and regulatory guidance that must be adhered to in each and every region it enters. It is a problem not just for Netflix but for Disney Plus, HBO Max, and any other platform that is currently taking part in the streaming wars.
1 View gallery
Jason Chan Netflix
Jason Chan Netflix
Jason Chan
(Photo: N/A)
“If you think about Netflix as it ultimately came to be, there were two main issues,” explained Jason Chan. Chan, who was at Netflix for 10 years before his retirement last year, headed the company’s security efforts first as a Cloud Security Architect, then Director of Engineering for Cloud security, and finally as VP of Information Security. “One is that you're operating the world's largest subscription video platform, so you've got hundreds of millions of users with all of their private data, payment infrastructure, and all that… The other side of the business was the studio side. Netflix originally started as a distributor of other studios' content, and then around 2013 or so, we started creating our own studio. So thinking about building a studio, a tech-forward studio.”
Netflix’s turn to original programming - debuting with the data-designed ‘House of Cards’ starring Kevin Spacey - brought the company an entirely new set of security challenges aside from payment infrastructure, a problem that Chan had called “not an easy problem, but a little more well understood.” All of a sudden, the streaming service was pivoting from a distributor to an online streaming studio, meaning that the company faced a barrage of concurrent changes. “How do you keep the business moving, how do you not slow things down through a security perspective,” Chan mused.
It’s hard to remember today, but Netflix’s first 10 years operated as a platform that would physically mail its users a DVD for them to watch. The pivot to online streaming helped the company conquer the global playing field, but suddenly Netflix also had to tackle international broadcasting laws, regulations, and regional bureaucracy. Suddenly, payment infrastructure seemed like a walk in the park.
“That tech was in place to drive bigger volume than what any studio had created before,” Chan said. Being at the company during its pivot from a national mailing service to an international streaming giant meant he was there for most of its transformation. “That was an interesting problem because it brought in a bunch of other topics around content protection. When you think about producing movies and TV shows, there are celebrities involved. People want access to those celebrities, people want to know what happens, so you have people seeking spoilers. You're trying to do IP Protection, you're trying to do Plot Protection, you're trying to do personal protection, so that was much more varied and on a different scale. It brought together most of those problems.”
Chan no longer works at Netflix, but he acts as a consultant for a variety of Israeli cyber companies due to a connection to Bessemer Venture Partners. When speaking to CTech, he was in Israel for the first time to attend Cyber Week and share the stage with Asaf Kochan, Co-Founder and President of Sentra. Together, the two of them discussed cloud security, data, and the overall security landscape. Chan acts as an advisor to the company and was introduced to it by its investor Bessemer, as well as others in the space.
Today, new streaming services are expected to tackle the challenges that were first identified by Netflix in its early days of streaming around the world. Distribution has changed, content consumption has changed, and our expectations for how secure platforms are have changed.
“I guess if I think about my time at Netflix, a lot of it was defined by change,” Chan concluded.