What would have happened if the Covid-19 pandemic had broken out 3 or 10 years ago? Video conferencing was nowhere near as prevalent or accessible. Collaboration, as a market, was in its infancy. The concept of agile working was just that – a concept, and far from realisation. Availability of collaborative technology is almost universal, bur not without its problems, and with even the UK Cabinet conducting meetings via Zoom, the issue of security has leaped into the foreground.
Leading contenders
In the last few years, the number of solutions competing in the collaboration sector has escalated, but two have come to lead the current crop – Microsoft Teams and Zoom Video Communications. There are, of course, other platforms in contention including Google, LifeSize, Poly, Starleaf, Clevertouch Stage and Kramer Via. Bot with its ease-of-use and free or low-cost signup, Zoom was grabbing market share.
But Zoom, in particular. came under fresh high-level scrutiny as its popularity soared during the coronavirus pandemic. New York’s attorney general has written to the firm raising concerns over its ability to cope with the rise in user numbers. Zoom’s data security and privacy measures have been questioned.
The letter from the office of New York Attorney General, Letitia James, asked Zoom whether it had reviewed its security measures since its popularity surged. It also pointed out that in the past the app had been slow to address security issues.
A company spokesperson replied saying: “Zoom takes its users’ privacy, security, and trust extremely seriously. During the Covid-19 pandemic, we are working around-the-clock to ensure that hospitals, universities, schools, and other businesses across the world can stay connected and operational. We appreciate the New York Attorney General’s engagement on these issues and are happy to provide her with the requested information,”.
The BBC was one of those to take up the matter: “Zoom has had security flaws in the past, including a vulnerability which allowed an attacker to remove attendees from meetings, spoof messages from users and hijack shared screens. Another saw Mac users forced into calls without their knowledge.”
Zoom replied, saying: “Globally, 2,000 institutions ranging from the world’s largest financial services companies to leading telecommunications providers, government agencies, universities, healthcare and telemedicine practices have done exhaustive security reviews of our user, network and data centre layers confidently selecting Zoom for complete deployment.”
Sensitive content
In the last quarter of 2019, Zoom announced that HSBC, one of the world’s largest banking and financial services organisations, will standardize on Zoom. With licenses available for over 290,000 users and Conference Room Connectors to over 5,500 hardware endpoints, this enterprise-wide deployment represents both Zoom’s largest account sold by initial revenue and a new phase of modern communication and collaboration for HSBC. BT Group is acting as the integration partner.
HSBC agreed to consolidate all of its communications services onto Zoom’s video-first unified communications platform, including video conferencing, audio conferencing and screen sharing across mobile, desktop, and conference rooms, for both internal and external meetings. By standardizing on Zoom, HSBC will consolidate costs and create an enhanced, frictionless experience for end users.
“I am proud to welcome HSBC to the Zoom family,” said Eric S. Yuan, CEO of Zoom. “My team looks forward to continuing to work with HSBC to provide their users frictionless communications experiences, quickly innovate new features and functionality, and deliver them happiness every day.”
Such a large project confirms our conclusions that Zoom is a solid. stable and reliable platform. Most of all it is simple to use and we have had no hesitation in recommending it to those who have been forced into home working at short notice.
Security response
Zoom has been most people’s choice for video conferencing during the coronavirus but has been plagued by privacy and security issues since its boom in popularity. Fortunately, Zoom has fixed these issues. The new Zoom 5.0 update, introduces AES 256-bit GCM encryption, which the company says will offer “increased protection” of data in transit and resistance to tampering. although questions remain about whether this amounts end-to-end encryption.
Other security and privacy features include a new grouped security menu, default password-protected meetings, and the removal of meeting IDs from the Zoom interface so it’ll be harder for callers to hack them.
To combat the so-called “Zoom-bombing” phenomenon, which involves bad actors joining a meeting they weren’t invited to, Zoom has introduced some room control features, such as the ability to remove and ban participants, lock meetings, report users and enable waiting rooms when a meeting is underway.
Teams security
What about security in the favourite of many corporates, Microsoft Teams? Jared Spataro, Corporate Vice President for Microsoft 365 comments: “Almost overnight, video conferencing has become a big part of our daily life and work. A few weeks in, my team and I at Microsoft have adjusted to the new reality of seeing each other’s homes, complete with dogs, cats, and other family members. Everyone around the world is now working, learning, and connecting with colleagues, friends, and family through the power of technology. From kitchen tables to living room couches, and from home offices doubling as home schools—people are relying on Microsoft Teams to work and learn.”
“Now more than ever, people need to know that their virtual conversations are private and secure,” he continues. “At Microsoft, privacy and security are never an afterthought. It’s our commitment to you—not only during this challenging time, but always. Here’s how we’re working to earn your trust every day with Microsoft Teams. We provide privacy and security controls for video conferences in Teams. We offer a variety of privacy and security controls to allow you to manage who participates in your meetings and who has access to meeting information.”
“For example, you decide who from outside your organization can join your meetings directly, and who should wait in the lobby for someone to let them in. You can also remove participants during a meeting, designate “presenters” and “attendees,” and control which meeting participants can present content. And with guest access, you can add people from outside your organization but still retain control over your data. Moderation allows you to control who is and isn’t allowed to post and share content. And advanced artificial intelligence (AI) monitors chats to help prevent negative behaviours like bullying and harassment.”
When recording a meeting, all participants are notified when a recording starts, and online participants can access our privacy notice directly. Recordings are only available to the people on the call or people invited to the meeting. And recordings are stored in a controlled repository that is protected by permissions and encryption.
Do’s and don’ts
Microsoft has a security checklist
- We never use your Teams data to serve you ads.
- We do not track participant attention or multi-tasking in Teams meetings.
- Your data is deleted after the termination or expiration of your subscription.
- We take strong measures to ensure access to your data is restricted and carefully define requirements for responding to government requests for data.
- You can access your own customer data at any time and for any reason.
- We offer regular transparency reports on the Transparency Hub, detailing how we have responded to third-party requests for data.
- We protect your identity and account information
- Multi-factor authentication (MFA), a feature turned on by your IT administrator, protects your username and password by requiring you to provide a second form of verification to prove your identity..
- We protect your data and defend against cybersecurity threats
Microsoft processes more than 8 trillion security signals every day and uses them to proactively protect you from security threats. In Teams, we encrypt data in transit and at rest, storing your data in our secure network of datacentres and using Secure Real-time Transport Protocol (SRTP) for video, audio, and desktop sharing.
“We meet more than 90 regulatory and industry standards”
Security built-in
Some rival solutions are designed around different architectures that offer security integral features. Starleaf comments: “organisations need to ensure that when they engage with a video services vendor, they are absolutely sure it is one that they can trust with their data. Security is of paramount importance to StarLeaf, and we have invested heavily in it. Our robust security measures have enabled us to achieve ISO/IEC 27001 certification. This is the most respected and internationally-recognised information security and compliance standard.”
“Organisations need assurance that the data they share with a service provider will be processed in compliance with data protection regulations in their own jurisdiction. The StarLeaf data jurisdiction guarantee assures our customers that their data remains under their control and in their own territory. There is only one way to deliver an enterprise-grade communications service and that is through end-to-end platform ownership. Total platform ownership means that StarLeaf can mitigate against, identify, and respond to risk much more quickly and effectively than other vendors and is the key reason that we can assure service availability.”
“StarLeaf has multiple Points of Presence (PoPs), strategically located all around the world to ensure unparalleled connectivity and efficient call routing with low latency as well as the ability to offer our customers a choice of data jurisdiction. The platform is also fully redundant and duplicated at each of our PoPs. Therefore, in the exceptional case of failure at any one of our data centres, we will automatically redirect connections to an alternative PoP
Checklist.
William MacDonald, CTO of StarLeaf recommends a checklist of requirements for those concerned about security: “We encourage all organisations that are choosing a video conferencing provider to consider the following security criteria when making their decision:
- Where is the company based and where is the engineering developed?
- What 3rd party security certifications has the provider achieved?
- What data jurisdiction, if any, does the organisation offer?
- What is the provider’s privacy policy?”
Changing requirements
When the use of collaborative technology was predominantly social. sacrifices in levels of privacy and data security were perhaps tolerable. Now, collaboration provides the framework for work, financial data exchange and even healthcare. Those offering collaborative solutions realise the vital role their technology could play in the crisis. Take Clevertouch as an example:
“The way we work and learn is changing, and we want to make the transition as easy as possible for you, your colleagues, and your family. That’s why we’ve created some new initiatives to make life a little bit easier. For those of you either working from home or with customers trying to work from home, we are giving away 60-day licences to STAGE. This platform allows you to video chat with groups of people, screenshare and annotate in real-time. Ideal for virtual meetings, or for group hangouts, STAGE enables face-to-face meetings without needing to leave home”. You can get your 60-day licence here: https://www.clevertouch.com/work-and-learn-anywhere .
“Of course, we haven’t forgotten those of you still at work. We have the upmost respect and gratitude to the key workers who are continuing to keep the country safe and moving. For those companies or schools with digital signage or CleverMessage enabled displays, we have created a selection of templates that are free for you to download via the SedaoLive.com platform. These templates are to encourage safe working measures during difficult times. We hope you are staying safe and keeping healthy, and that our new initiatives go some way towards making your lives easier”
Weekly meeting minutes, percentage change: Starleaf
The coronavirus crisis is truly global as all countries listed have seen a significant surge in video conferencing usage on the StarLeaf platform. Italy, which was the first European country to enforce lockdowns in its response to the crisis, sees its usage growth start earlier.
Average meeting duration, in minutes: Starleaf
Before coronavirus, average meeting duration varies by nearly 100%, with some countries living up to their stereotypes with gusto: the average Italian meeting, for example, lasts nearly twice as long as meetings in countries considered to be more reserved and direct, like the UK and Germany. Post-coronavirus, meeting durations become closer, with a dip in duration occurring as countries are put into lockdown, causing them to experience a short period of widespread disruption.
Third party security solutions
Giacom has added Webroot SecureAnywhere, the cybersecurity product favoured by the top 500 MSPs. Webroot delivers real-time protection and prevents malware, viruses and ransomware infections from taking root. As the number of cyberattacks increases year-on-year, Webroot SecureAnywhere has DNS protection which automatically blocks inbound threats giving customers 360° security, covering both users and their devices.
Giacom, the UK’s fastest-growing reseller-only Cloud Services Provider (CSP), has added Webroot SecureAnywhere to their portfolio of industry-leading security cloud solutions. “The number of cyber-attacks has been increasing year-on-year and this trend will only carry on going up – we’ve already seen an increase in attacks in 2020.” Hal Lonas, Senior Vice President and CTO at OpenText, Webroot’s 2020 Threat Report interview with Information Security Media Group.
Webroot delivers real-time protection and prevents malware, viruses and ransomware infections from taking root. Its DNS protection automatically blocks inbound threats giving customers 360° security, covering both users and their devices. Webroot also includes a Security Awareness Training module to help the end user be ready for potential threats when they come.
Steve Law, CTO, Giacom, comments; “Cyber security threats have been continuously increasing, and now with the uncertainty created by COVID-19, people are at more risk than ever while working remotely. That’s why it’s fantastic to be adding Webroot SecureAnywhere to Giacom’s security portfolio. As one of the world’s leading cyber security vendors, Webroot is a known and trusted brand, that will help our partners through leading security technology, offering Endpoint and DNS Security, and a world class training module. Our partners have made clear their interests, so it’s great to be able to offer them a service they want.”
Selling Webroot through Giacom means MSPs will benefit from the simple-to-use management portal, with no minimum users and one monthly bill. Migration or deployment through the portal can be done in seconds and with Webroot’s Security Awareness Training module, MSPs can enhance their support offering with a provider they know and trust.
“I can’t recommend Webroot (both endpoint and mobile) protection highly enough. This has literally been a gamechanger for our business and has allowed my IT department to finally get to a lot of big projects that we never had time to do before. If you’re not using Webroot, you are wasting company money, time and resources that far outweigh the yearly cost of this product. It’s simply the best.” Steve Bryant, Manager of Information Services, Arkansas Hospice.
