I’ve been asked: Which of these services is most suitable for collaboration and videoconferencing? Several times in the last days because we have to communicate with colleagues, business partners and customers when we work remotely.
Just as there is no better car, there is no better collaboration, but here are a few security and privacy suggestions you should take into account when deciding which services you want to maintain and use in your organization. Don’t forget that your employees also receive requests from your business partners to join their services. Therefore, it would be a good idea not only to identify your approved services, but also to inform your users about other services they may encounter.
I’ve just reviewed the MVISION Cloud Registry, where we’ve identified and evaluated over 250 different online meeting services. While some may offer online sessions as part of a wider range of applications, there are many options.
I will not go into the features of this blog – there are many places where you can find these comparisons, instead I will focus on the information you need to check for security and privacy. Also, don’t forget to teach your employees that they’ll never know if someone else is watching a visitor, and that they’ll treat every online conversation as if it’s taking place in a bar and can be eavesdropped on.
Let’s look at some of the potential security and privacy issues. Only you can decide whether it is a concern based on the context of your company and the data you have published.
Recording. Many applications allow notes to be taken within the application – but some will alert all participants when a recording is made. Regardless of the security the service provides, remind your users that anyone they are connected to can record screens and sound outside the application, so all calls should be made unless you have complete security. Please also note that local laws vary depending on whether the consent of all users must be obtained prior to registration. Consult with your teams to verify this legally, but ask visitors for their consent before setting a record.
The logbook. On the other hand, you must ensure that no registration takes place, so that the cloud service does not lose this data in case of hacking.
methods of exchange. You may prefer to use a service that allows you to share only voice and data, not video, or that supports video in only one direction, especially if it is in a learning environment.
Intellectual property title. Surprisingly, some services claim intellectual property in every communication – although the recent increased attention to this issue has led to the modification of some licensing agreements to remove this clause. Read the fine print!
The encryption. To avoid data interception, you may prefer services that encrypt all transmitted data – although it is useful to check the encryption methods used (SSL versions, TLS, etc.).
Confidentiality. Does the service itself track each user and share some of this information with third parties (some from Facebook, Google and other services)?
You may decide to support just one service, even if you decide one service doesn’t meet all your needs – perhaps a different service than general team updates and collaboration will be used for more sensitive discussions.
To go into more detail, I recommend that you look at each of the attributes below and, based on your priorities, decide on the importance of each of the services on this list, and then examine each of the services. This is possible in the MVISION cloud, where we keep track of each of these attributes (and many others) and where administrators can change the weighting of the attributes to compare different services. Without MVISION Cloud or a similar service, this is probably a manual process.
- Encryption of the transmitted data (yes/no and SSL methodology, TLS and versions)
- Encryption of data in idle state during service (e.g. records) and key strength
- Enable encryption with your own keys
- Does the service allow anonymous use?
- We offer support for multi-factor authentication
- Suggest the combination of identification data (e.g. SAML and OAUTH) for integration into your authentication systems.
- Registration of administrator, user and data access
- Hosting locations (if you are concerned about the country where the data will be stored)
- There are cyber-vulnerabilities like Freak, Poodle or Heartbeat.
- Publication of the results of the penetration test
- Protection against security breaches in applications (WAFirewalls)
- Compliance with global certificates of conformity (ISO27018, SOC2, FedRAMP, etc.).
- Publication of reports on infrastructure and operating time.
- Any known malicious use of the service
- All offences previously identified
- Published General Vulnerability and Exposure Vulnerability (VEC)
- Data breaches in Darknet
- Intellectual Property Policy
- Court of jurisdiction
- Domestic Headquarters
- Risk assessment for PAGR, CCAC or other regulations
Once you have decided which services are suitable for your organization, contact your employees and business partners and consider blocking services you do not trust. This can be achieved by using CASB to evaluate and fix the cloud in a closed loop by integrating it into proxies, firewalls or endpoint proxies. Consider screensavers for users to guide them to the best services and best practices.
This is a rapidly evolving area, as many of these services are now being monitored more closely than ever before. Stay up to date with the news – in recent days there have been many cases where lawyers have reviewed the privacy policies and end user license agreements for the service or where vulnerabilities in applications or services have been found. Application developers release new versions on a regular basis, so employees should be encouraged to keep their applications up-to-date to minimize these concerns.
Finally, not sharing images from social networking discussions appears to be best security practice – attackers can learn usernames or session identifiers, and if these are static identifiers, they may try to hack into the session in the future.
For more information about MVISION Cloud, McAfee Web Gateway and our DLP solutions, please follow the link below or contact a partner or your local McAfee office. https://www.mcafee.com/enterprise/en-us/solutions/cloud-security.html.
x3Cimg height=1 width=1 style=display:no src=https://www.facebook.com/tr?id=766537420057144&ev=PageView&noscript=1 />x3C/noscript>’) ;video conferencing services,best video conferencing for family,best free video conferencing,software for video conferencing,best video conferencing app,best video conferencing equipment,zoom video conferencing,video conferencing system