The news related to Zoom has been astounding in recent weeks. No doubt you’ve heard about the meetings hijacked by some loon who goes on to share pornographic images or videos. There are also issues with some groups getting invites for sessions they aren’t supposed to attend. All of this while they struggle to keep up with demand.
Webex has been caught up in a phishing scam, and GoToMeeting has had its struggles.
What we should take away from this is the importance of conferencing security. While we want to talk about 1080p webcams and if emojis are available for chats, it’s just as important to discuss security needs.
In the rest of the blog, we’ll evaluate the security related to our solutions.
At MeetingOne, we have long prioritized security. We’ve factored it into the products we develop, the carriers we use, and who our partners are.
Let’s start with our most important partner: Adobe Connect.
Adobe Connect is the premier web conferencing platform on the market. It’s known for the ease with which rooms can be customized; the persistence of rooms and content after a room is closed; the immersive experience individuals enjoy when they participate in Connect.
While all these factors are fantastic, Adobe is also committed to security. Heck, security might be one of its strongest points.
First and foremost, Adobe Connect is FedRAMP compliant. Here’s a quick run-down on what you need to know about FedRAMP:
Being FedRAMP compliant makes Adobe Connect one of the few platforms available to government agencies with the highest conferencing security needs.
Adobe just put out a blog talking to the strengths of Adobe Connect security. Here were some of the most interesting excerpts regarding their approach to security:
Through the Adobe Secure Product Lifecycle (SPLC), we start with a set of development guidelines that our programmers use when writing our code, keeping security as a high priority.
Next, our servers, and how we communicate over the internet, use industry-standard encryption practices – communicating over HTTPS employing Transport Layer Security (TLS) cipher suite to help secure your data in transit using AES-256. We add additional encryption for the most critical data, using SHA-256 hashing for passwords.
Administrators can enforce appropriate restrictions for all users. Using our years of product design experience aligned to the toughest customer use cases in most regulated industries, we have created user interfaces and configuration settings that follow a ‘Least Privilege Principle.’ This essentially means that as a default meeting host has the greatest control, and others join with the least level of privilege. Meeting hosts control not only who can enter a meeting but also the assignment of role-based privileges to co-presenters and participants.
Each organization has its own set of unique requirements – we offer the flexibility to tailor each account to match those needs. Account Administrators can choose secure two-factor authentication and Single Sign-On (SSO) for IT-controlled logins. Applications can be whitelisted for approved application sharing or blacklisted to be always be hidden. Meetings can be permanently blocked against ‘guest’ access so that only employees and pre-registered users attend.
Our customers can choose from a variety of deployment options ranging from a hosted service on Adobe managed infrastructure leveraging industry best practices for secure design. Or a private cloud deployment by certified cloud infrastructure providers to operate and manage their services. Or even an on-premise deployment behind an organization’s firewall.
Perhaps, one of the reasons for being the trusted solution of choice for the most’ locked down’ regulated environments is the gamut of validations from industry compliance and regulatory bodies. Depending on the deployment model, Connect meets various regulated industry security standards and has received many certifications attesting to its security. This makes it suitable for specific industries’ needs. These cover financial institutions by being GLBA-ready, US federal government with FedRAMP certification, healthcare and non-profit organizations by being HIPAA-ready, and universities and K12 institutions, by being FERPA-ready.
Adobe’s attention to security has made Connect a great platform for most agencies around the country – and the world – to use!
Get more ideas for what makes a web conferencing platform secure here.
Our bridge has evolved over the years to meet conferencing security needs. Earlier iterations covered intrusion and fraud detection. Encrypting communications has also been addressed. All communication over our bridge is encrypted with AES-256 bit, and we utilize SSL.
After calls, we layer symmetric & asymmetric encryption to protect the keys used to get recordings. The “computational complexity” of this approach ensures recordings are always secure.
We also put conferencing security controls in the hands of our users. With Click&Meet and OAM, people are ready every day to host secure calls – or use our audio integration to support Connect events, trainings, and meetings.
Let’s look at a few examples where these tools help.
Establishing conferencing parameters, such as maximum numbers of participants, sub-conference rooms, and inactive time, help you keep track of participant movement.
Click&Meet provides hosts four easy ways to define access:
Whatever mode you choose, there’s no denying the power of access modes.
Providing conference codes is likely the most crucial step in preparing the security of an audio conference. Using codes helps limit two potential threats: outside conference hackers, and unwanted internal leaks.
Security isn’t limited to event prep. In-call features are important, too. Here are some we like to highlight:
Get more ideas for what makes an audio conferencing platform secure here.
Through and through, our conferencing solutions are geared toward the highest security needs!
Pairing Adobe Connect & MeetingOne ensures you can meet or train safely.
Zoom is in a catch-22. They wanted their platform to be easy to use and accessible. These factors make their platform vulnerable. To address security, they will likely have to make their platform harder to use and access.
Some credit is due. Their 90-day security plan is good. But I worry about their broader perspective on security.
In July of 2019, Zoom was notified they had a security hole that made it easy for hackers to join random Zoom meetings! IN 2019!!!
They said they patched this problem, but here we are, discussing Zoom-bombing and their security vulnerabilities. These are indications about the value they place on a secure platform.
Zoom isn’t going to cut it for organizations with pressing security needs. Could you imagine the DoD getting Zoom-bombed? It won’t happen because they rely on Adobe Connect and MeetingOne audio.
We’re proud to stand behind our commitment to conferencing security. If you’d like more information about our commitment to conferencing security, check out this page.
Otherwise, I’d invite you to start a conversation with our team.