In today’s work-from-home environment, video collaboration security has never been more important. IT professionals must provide the right tools, training and support to users from the C-suite to the call center.
Security is a constant challenge because collaboration creates a relatively open environment that can be accessed by people inside and outside the organization. “Your security program should protect the confidentiality, integrity and availability of data without hampering organization productivity,” said John Bartlett, principal, Bartlett Consulting, in a recent Enterprise Connect virtual session, “Video Collaboration Security: How to Collaborate Broadly & Safely.”
Looking at the “big picture,” Bartlett said security professionals should identify the confidential information that should be kept within the organization, and protect that data. Security also involves ensuring the integrity of the video session by keeping out unauthorized participants.
Availability is another issue, since users need to be able to access the video collaboration service. “You have to enable firewall traversal to some degree, and monitor your firewall or SBC settings, bandwidth capacity and quality,” Bartlett said. “When things get busy, you don’t want your line-of-business users to be knocked off their sessions.”
The Security Process
In today’s work-from-home environment, physical security issues regarding access to on-premises equipment and data centers are less challenging than other steps in the process, said Bartlett. That includes authenticating participants, ensuring content security during the call and protecting content and recordings after the call.
First of all, it’s essential to ensure that only authorized participants take part in a video collaboration session. That means authenticating individuals using names, titles, faces or voices, Bartlett said. “Session hosts should think about their meeting settings regarding who can participate or share content,” he added. “You don’t want an authorized person sneaking in from the outside.”
Bartlett said session hosts should also capture attendee information. Knowing who was on the call can be important in determining the direction of future discussions and decisions. “At the same time, you may need to protect individual data to comply with privacy regulations. That includes call data records (CDRs) as well as transcriptions of the session,” he added.
Encryption of communications during the session is essential for preventing a “man-in-the-middle attack,” Bartlett said. Fortunately, the risks are relatively low, as encryption tools have long been incorporated into on-premises and cloud platforms.
A higher priority should be educating users about cybersecurity threats, including innocent-appearing or deceptive email or text messages that contain malware. Hackers may also attempt to gain passwords or other personal information in online or real-world settings, said Bartlett.
In an apartment or condominium, for instance, a hacker could listen in through thin walls or ceilings. Even with social distancing, a neighbor in a coffee shop or cafe might be able to listen in to the session – or try to steal the user’s security credentials. Within the organization, an empty conference room can provide an inviting opportunity for an employe or visitor to listen to the call, creating a potential security breach, Bartlett added.
Video collaboration security concerns don’t end with when the session is over. Any recordings, transcriptions or other content needs to be archived in a secure repository, and tagged for future retrieval, Bartlett said. For instance, material may need to be stored for several years to meet legal holding requirements.
Summarizing the key points of his talk, Bartlett said, “Security is a moving target and a constant challenge. So, you should focus on achieving the highest level of security, while still supporting the needs of the business.”