Security is an important consideration when buying any type of cloud-based service, including video as a service (VaaS). There are a number of risks to be considered from the security of the network connection, to the security of the video conference sessions, to the risk of malware attacks from equipment or websites operated by the VaaS provider. Mitigating these risks depends on a lot of factors, and it is impossible to secure VaaS with 100% certainty. However, it is highly likely that VaaS will be just as secure, or more secure, than video services operated in-house.
VaaS providers will have specific expertise in their equipment, communication protocols and the network aspects of cloud computing. They will also have dedicated resources that focus solely on operating and securing their equipment and applications. In comparing security of VaaS to in-house capabilities, consider if the business will have the expertise and committed manpower to secure the video network, or if the resources will be spread across a broad range of services. For many businesses, especially small and medium-sized businesses, the answer will likely be that resources are spread thin.
Typically, cloud-based providers have thought through the security issues of their architecture in a comprehensive manner, and thoughtfully endeavored to close the security gaps. VaaS providers are dependent on their reputation for ongoing and future business, and are likely to work hard to avoid a high-profile intrusion incident.
There is always the possibility that a security flaw will be discovered in a network protocol or in some piece of video conferencing equipment or software. It is perhaps more likely that PCs and mobile devices may be compromised on the user side, especially in a BYOD environment, where, for example, some conference attendees will participate from unsecured public Wi-Fi sites like coffeehouses or hotels. There are many possible attack vectors, and it is difficult to completely secure systems in today's environment.
There are measures enterprises can take to reduce the risk that video calls or their network will be subject to intrusion or attack:
- Ask potential VaaS providers about their security policies and measures. Do they provide any guarantees or cancellation clauses in the event of intrusion? Have they had any incidents? Is it their policy to notify customers if they experience an intrusion? These questions will convey to the provider that security is an important consideration in rewarding any contracts.
- Proactively monitor the network connections to VaaS providers, looking for unusual or unexpected traffic and protocols.
- Maintain an effective BYOD security program to minimize the probability of a device being compromised.
- Develop an effective means of securing devices when connecting through unsecured Wi-Fi access points, or disallow its use.
- Secure important video calls -- executive staff meetings, product design sessions or financially sensitive meetings -- with meeting invitations using unique meeting numbers and one-time PIN numbers. There is a high probability that "standing" meeting numbers and security codes will become known. Executives often consider it a bother to have codes that change for every meeting, but failing to change the code invites intrusion.
- Use administrative monitoring tools to show and identify all call participants. Be aware that audio callers or video callers with no webcam could join a call anonymously and eavesdrop or record the session if each caller is not accounted for. It is important to check the roll against who is logged into the call.
Maintaining a secure environment requires ongoing diligence. While there are many technical attack risks to any type of electronic communications, one of the biggest risks for video conferencing is that uninvited attendees will snoop on high-level calls and gain access to sensitive information.
Do you have a question for Stephen Campbell or any of our other experts? Ask your enterprise-specific questions today! (All questions are treated anonymously.)
What to look for in a video as a service vendor
Keeping video meetings private
Dig Deeper on Business Video Conferencing and Telepresence Technology
Related Q&A from Stephen Campbell
Can VaaS be integrated into an on-premises environment? Expert Stephen K. Campbell says it can and explains how. Continue Reading
What key features should you consider when choosing a video as a service vendor? Video conferencing expert Stephen Campbell explains how to evaluate ... Continue Reading
Skype and Lync integration provides new flexibility, but is it the right platform for all organizations? Continue Reading