Security questions to consider when choosing an enterprise grade video platform
With COVID-19 shifting all enterprise business models to remote working overnight, and now for 12+ months consecutively, the popularity of video software has exploded. Not only have all sensitive one-to-one conversations had to shift to the online domain, but virtual meetings for socialising and team happy hours have also surged in popularity as employees need to feel connected in ways that phone calls and text messages simply can’t provide.
Of course, this rapid popularity brings with it a spotlight. Given that many online meetings involve confidential company information and potentially information about customers, it’s natural that enterprises need to ensure that their meetings software is secure from unwanted participants, hacking and unfavourable activity.
Options do exist to mitigate these security threats. Many of these options center on two key themes: finding a video meeting solution with the security features necessary to safely moderate confidential meetings, and using best practices for hosting and conducting meetings. Let’s take a closer look at a few important questions to ask that help ensure your organisation keeps its video conferences secure.
1. How do you prevent unwanted attendees in video meetings?
Given the confidential nature of many business meetings, it’s important to have confidence that unwanted guests can’t attend these sessions . Here are some mechanisms that will help to protect your meetings from unwanted visitors:
- Use a password for your video conference, which remains the single most effective way to prevent intruders. Be sure your video conferencing solution includes the ability to create passwords for your meetings. Unless you specifically want your meeting to work otherwise, make passwords mandatory for all attendees.
Learn how to set up a meeting password on Unify Office by RingCentral.
- Only send meeting links to people you want to attend the meeting and don’t publish meeting links on social media.
- Some meeting solutions offer an option to allow participants to join the meeting before the host. Use this option cautiously.
- Lock meetings after all participants have arrived.
Learn how to lock Unify Office by RingCentral video meetings to join after host.
- After participants have joined, take a moment to verify your attendees on the call. To be safe, if you don’t recognize a name or a caller ID, just ask.
2. What are your provider’s data encryption standards?
Ensure you’ve carefully examined your provider’s data encryption standards. In particular, look at how their solution encrypts data both in transit and at rest. For data in transit, key protocols include Transit Layer Security (TLS), Session Initiation Protocol (SIP) over TLS, Secure Real-Time Transit Protocol (SRTP), and WebRTC (Real-Time Communications). For data at rest, look for Advanced Encryption Standard (AES) with 256-bit keys.
Unify Office by RingCentral offers data encryption in transit and at rest. Unify Office employs WebRTC as a foundational element. As a browser technology, WebRTC requires applications to employ encrypted signaling transport protocols; data streams are encrypted using Datagram Transport Layer Security (DTLS), and media streams are encrypted using Secure Real-time Transport Protocol (SRTP).
3. Has your video meeting solution been audited for security?
Third-party audits are an indication of a company’s security maturity, their commitment to verifying security controls, and their transparency with customers. There are several third-party audits to look for when evaluating video meeting solutions:
- SOC2 and SOC3: These validate that service operations controls regarding security, availability, and confidentiality are operating effectively.
- GDPR: The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
Learn about Unify Office by RingCentral’s GDPR compliance.
- HIPAA, FINRA, and HITRUST: Highly regulated industries, such as healthcare and finance, have specific regulatory requirements when it comes to security. HIPAA, FINRA, and HITRUST audits help customers understand how their provider addresses these requirements. These types of audits are a good indication that a provider understands customer needs in these specific areas.
To learn more about Unify Office by RingCentral’s data security practice, please click here.
4. How is your provider handling its cloud security?
Cloud security refers to how your provider protects its cloud infrastructure, back-end communications platform, service environments, and service operations. Transparency from your provider is a must. Key components of a strong cloud security posture include:
- Multi-layered security that consists of border defenses, multi-factor access controls, cloud security infrastructure, host-level defenses, security telemetry, and monitoring
- Operational security practices that your provider audits regularly
- Dedicated security personnel. Does the provider have dedicated teams for a variety of security roles, such as security infrastructure, application security, security data analytics, and detection and response?
- Learn about Unify Office by RingCentral’s cloud security practices
5. How are security measures built into your video meeting solution?
In addition to the security of its cloud infrastructure, providers need to build strong security measures into their applications, as well. Here’s what to look for:
- Internal and external expertise: Your provider should have strong internal and external expertise evaluating each release of its product, with testing that uses both automated and manual methods.
- Secure software development practices: A strong provider will use multiple secure software development practices throughout different phases of software development.
- Penetration testing: External perspectives by qualified testing firms are an important product security testing activity.
6. What is your provider’s security culture?
More than any of the specific technologies and processes described above, the mark of a secure software provider is best reflected in how embedded security is in the culture of the company. That can be a difficult attribute to measure, but consider these elements:
- How long has your provider been building secure cloud products? More experience often leads to better results.
- Ask your provider to describe their security philosophy, then listen for how passionately the company describes its approach to the following:
- Embedding security principles into product development activities, infrastructure, and service operations
- Engaging with independent third-party experts to test security measures and recommend best practices
Unify Office by RingCentral’s vision for video security emphasizes the importance of both internal and external perspectives. We undergo frequent and proactive testing, assessments, and third-party security audits throughout the year to give our customers assurance that controls are operating effectively for various environments.
Unify Video, our latest video conferencing solution, is built with security in mind, leveraging open standards such as WebRTC and supporting meeting attendance without the need to install any software. You can learn more about Unify Video by reaching out to your Atos Account Manager.Request a demo today