Businesses large and small have turned to VoiP, Videoconferencing and many other IP enabled communications platforms to enhance collaboration and speed the decision making process. However, few consider the security implications of conducting meetings over internet connected devices and may be leaving themselves open to eavesdroppers at best, corporate espionage at worst.
Those technologies, which include, VoIP, Videoconferencing, hosted webinars, and IP based communications platforms have transformed the way businesses communicate; Creating a paradigm shift that has resulted in the creation of the virtual meeting place / virtual conference room. Yet, for all of the productivity created, a deep dark secret lingers in the shadows – a secret that can be summed up simply as who can eavesdrop on those virtual meetings, or intercept the data shared.
That secret culminates in to a real world threat, where the specter of corporate espionage, powered by IP based communications, can result in loss revenue and failed projects. Simply put, securing all forms of communication should a major concern for any business entity looking to share confidential data or discuss intellectual property across the unfettered packets flying across the internet.
After all, businesses spend countless dollars on firewalls, security appliances and other InfoSec technologies to protect files and prevent unauthorized access to corporate systems, yet it seems little thought is put into securing technologies that have become all too common, such as videoconferencing and hosted IP based conferencing platforms.
To be effective, IP based conferencing has to be easy to use, easy to access and flexible enough to be reconfigured on the fly. What’s more, conferencing must be able to work across several different devices, ranging from smart phones to desktop PCs to dedicated IP conference room appliances. Simply put, if the platform makes things difficult for users, those users will attempt to go another route, such as an open or “free” system, further complicating the security picture.
Therein lies the security conundrum of virtual meetings. How can IT professionals make it both easy to use and secure from data leakage?
The answer to that conundrum lies with rethinking how users engage with their meeting platforms of choice. In other words, a conferencing system has to be both easy to use and easy to secure, two elements are normally at polar opposites of the communications equation.
To that end, Video Conferencing Solutions Vendor pexip has launched Infinity, a hosted platform that combines ease of use with policy based enforcement to create secure virtual meeting rooms. The product accomplishes that by leveraging an external policy server, which allows administrators to define policies that enforce security rules based upon multiple factors, such as user identity, location, device and so forth.
Of course, establishing identity is only the first part of the security equation. Here, pexip brings to the table some additional capabilities, such as assigning a temporary PIN to a particular meeting and then delivering that PIN via an RSA token, SMS, or other methodology so that two factor authentication becomes the norm for any conference.
For example, with SMS, each time the policy server receives a meeting request, a dynamic PIN is generated (which is stored for 60 seconds), that PIN is then delivered to the meeting attendee using their assigned phone number, which the policy server can loop up in the directory. The attendee uses that pin as a part of the authentication to enter the meeting.
There is a lesson to be learned here, security ideologies must flow down to even the most basic of corporate communications.