Is your video conferencing solution really secure?
Whether it’s a weekly team meeting, or a quarterly board meeting — video conferencing has become one of those ubiquitous technologies that we all take for granted.
However, while many enterprises have large-scale deployments of conferencing tools (such as Cisco Webex), many still default to desktop apps like Skype, Slack, or even Whatsapp for real-time, ad-hoc video calls between employees (and even their clients).
I can understand why. Convenience.
There’s no lengthy invitation or sign-in process, just a couple of clicks and you’re done.
Unfortunately, while they may be the convenient choice for ad-hoc video conferencing, it’s unlikely that they can offer the security you need to adequately protect your video chats.
It’s even more likely that they won’t include the end-to-end encryption that you need to ensure you meet your GDPR requirements, and ensure sensitive information isn’t compromised by a malicious attack.
Are you sharing sensitive information on your video conferences?
When organizations think about information security, it’s often email that first comes to mind. However, your video calls and web conferencing calls are equally important. One recent survey found that 70% of business professionals said it was normal to discuss company confidential information on calls.
That’s why it’s vital that your organization’s IT department understands which tools are being used, and how.
Microsoft / Skype
Allows multi-user video chats, but doesn’t (at the time of writing) support end-to-end encryption on voice or video calls. This puts any information you disclose over a Skype call at risk from eavesdropping or a man-in-the-middle attack.
Much like Skype, Slack allows multi-user video chats, but doesn’t encrypt them end-to-end. This puts any information you disclose over a Slack call at risk. There’s also anecdotal evidence that Slack is able to access your chat history according to this report from Gizmodo.
WhatsApp is one of the few popular messengers to offer end-to-end encryption (although the code isn’t open source and thus not auditable), however, it’s a consumer tool that lacks enterprise featurs and control. We’ve also seen enterprises ban Whatsapp altogether as it can access users’ ”personal and potentially confidential data, such as contacts, and thus the information of third parties”, and therefore violate GDPR’s terms for the processing and storing of personal data.
The established, enterprise choice for more structured web conferencing. However, for many, the lengthy invitation and sign-in process makes Webex a poor choice for ad-hoc video calling. Did you also know that while Webex offers end-to-end encryption — it isn’t enabled by default! Your site admin will need to manually configure E2EE, leaving your users unclear as to the level of protection being offered. If you do enable E2EE encryption on Webex, be aware of the limitations.
Secure video conferencing with Wire
Wire was the first open-source collaboration provider to offer end-to-end-encryption on video conference calls; with the video stream for each participant separately encrypted with its own unique encryption key.
More importantly, we understand that the technology you give to your employees needs to be accessible and easy to use; that’s why Wire is built to fit around the way you work.
- Start a secure video conference with one-click.
- Invite clients to join the call, even if they don’t have their own Wire account. There’s no complex sign-in process — just create a secure guest room.
- The most extensively publicly audited solution available.
- Screen sharing covered by the same end-to-end encryption security features.
- Works across all of your devices. Windows PCs, Apple Mac, and your Android and iPhone / iPad mobile devices. Unlike almost all other enterprise-grade solutions, Wire even works with Linux.
To guarantee an excellent experience we’ve limited the maximum number of participants to four for now while we continue to invest in optimizing performance to increase the limit. Group video calls are end-to-end encrypted, use the VP8 codec, QVGA at 15 fps. Calls requires up to 1Mbit/s bandwidth for optimal performance.
Video conferencing is available for the business accounts at no extra cost.
Alan Duric, co-founder, CTO/COO
Originally published at wire.com.