How to pick a high-security video conferencing platform

2 years ago 290

Several solutions conscionable HIPAA and GDPR requirements and implicit SOC 2 audits.

When the concern satellite went location to enactment 16 months ago, galore companies utilized immoderate tools they had to determination regular operations online. Now, distant enactment is simply a bigger portion of everyone's bureau program and the pandemic is obscurity adjacent over. IT departments are starting to regenerate these short-term solutions with much sustainable systems, peculiarly erstwhile it comes to video conferencing.

The planetary endeavor video marketplace size is projected to turn from $9.2 cardinal successful 2021 to $22.5 cardinal by 2026, according to MarketsandMarkets Research.

In summation to collaboration features and ease-of-use, information is an important information erstwhile selecting a video conferencing platform. No 1 wants to hazard a Zoom bomb, but regulated industries specified arsenic healthcare and banking person their ain information rules to meet. This roundup highlights video conferencing platforms that prioritize information and conscionable these stricter requirements.

SEE: Five ways to marque video conferencing safer (TechRepublic)

How to prime a unafraid video conferencing platform

Tom Eagle, a elder director, expert astatine Gartner, said that information for gathering bundle specified arsenic video conferencing has go a higher precedence implicit the past twelvemonth arsenic organizations struggled with work-from-home and present hybrid enactment arrangements.

Eagle said the 3 pillars of information are unreality infrastructure and the web and exertion layers.

"All 3 should beryllium considered by endeavor buyers successful their evaluations of gathering solutions," helium said.

Gartner has developed guidance for endeavor buyers to usage erstwhile evaluating the information of conferencing and collaboration platforms.

Infrastructure level

Meeting solutions should conscionable manufacture standards specified arsenic ISO/IEC/SOC requirements to support video contented and metadata successful the cloud. Regulatory and compliance standards, including GDPR, HIPAA and PCI, besides are considerations astatine the infrastructure level. Data astatine remainder successful the unreality should conscionable AES-level standards.

Network level

The manufacture standards of TLS and SRTP should beryllium utilized to let users to authenticate and support media successful transit. For distant workers, VPN enactment whitethorn beryllium necessary. However, owed to imaginable show issues, integration with a azygous sign-on solution whitethorn beryllium a amended option. Enterprise buyers besides should look for vendors that usage distributed denial of work (DDoS) mitigation measures and changeless web vulnerability scanning to observe and respond to threats and intrusions.

Application layer

There are chiseled information features for IT administrators, hosts and participants. For the IT administrator, the gathering solution should enactment passwords for each participants, including a antithetic big password arsenic good arsenic randomized gathering IDs and encryption. Security options for hosts should see a waiting country diagnostic that prevents participants from joining until the big arrives, the quality to power audio and video of each participants, power of contented sharing, and the quality to fastener a gathering truthful that nary further participants tin join. At the subordinate level, information tin see requiring users to articulation by clicking connected the gathering invitation alternatively than done an anonymous dial-in to debar authentication.

Here's a look astatine video conferencing platforms that conscionable immoderate oregon each of these requirements for companies successful regulated industries oregon leaders who privation to boost wide security.

SEE: GDPR: A cheat sheet (TechRepublic)

Avaya

According to the company, Avaya embeds U.S. military-grade security astatine the exertion furniture that meets NIST FIPS 140-2 and DoD/DISA STIGs and UCR requirements, making the level a bully prime for finance, healthcare and definite authorities sectors.

Avaya has a OneCloud Private service that is HIPAA compliant. The institution besides tin assistance customers comply with GDPR by addressing these issues:

Contractual committedness to privateness – data processing addendum
Security of processing
Data extortion by plan and default
Assistance successful fulfilment information subject's rights
International transfers

BlueJeans by Verizon

BlueJeans has had SOC 2 attestation since 2014 and the level meets the General Data Protection Regulation, according to the company. BlueJeans complies with the California Consumer Primacy Act and is besides HIPAA ready. BlueJeans meets each applicable requirements nether the Security Rule including for the confidentiality, integrity, and availability of protected wellness information. The institution besides has a concern subordinate statement that it volition participate into with covered entities to assistance conscionable the needed assurances regarding usage of PHI.

DialPad

This video conferencing level is designed for healthcare organizations that indispensable meet HIPAA requirements. Dialpad is SOC2 Type 2 certified and has completed the Cloud Security Alliance's Consensus Assessment Initiative Questionnaire which addresses the controls listed successful the HIPAA Security and Privacy Rule. The institution besides complies with GDPR.

According to the company, astir Dialpad products conscionable HIPAA requirements erstwhile a concern subordinate statement is signed. The statement does not screen the usage of Dialpad fax for backstage wellness accusation oregon the usage of SMS for communicating diligent accusation to non-Dialpad users.

Dialpad's BAA see a customized 30-day retention argumentation that provides:

Data encryption astatine remainder and successful transit
Access limits based connected minimum indispensable privileges
Reviews of vendor information and privacy
Access to idiosyncratic information upon request
Ability to amend/delete information upon request
Notification if information breach occurs

LogMeIn

In the Magic Quadrant study for gathering solutions, Gartner lists LogMeIn arsenic a challenger successful the merchandise abstraction and lists its usage of information standards arsenic a competitory advantage. The company's "GoToMeeting, GoToTraining, GoToWebinar and join.me to lucifer endeavor needs for a scope of gathering scenarios" and the company's products are "able to conscionable the certification demands of customers successful regulated industries that necessitate compliance with standards specified arsenic SOC 2 and 3, HIPAA, PCI and GDPR, arsenic good arsenic those that necessitate AES 256-bit encryption for information successful transit and astatine rest."

According to the company, GoToAssist data is afloat encrypted utilizing Secure Socket Layer (SSL) and government-approved 128-bit Advanced Encryption Standard (AES) end-to-end encryption combined with RSA public/private cardinal encryption. Also, GoToAssist whitethorn beryllium utilized by businesses taxable to HIPAA, Gramm-Leach-Bliley Act oregon Sarbanes-Oxley regulations. LogMeIn products besides meet GDPR requirements. LogMeIn conducts SOC 2 (Type 2) audits and shares a SOC 3 study for each applicable product.

Webex for Defense

Cisco built Webex for Defense specifically for the US Department of Defense (DoD). The caller all-in-one solution is connected to the DoD Information Network via DISA-managed unreality entree points and delivered from Cisco-hosted, DoD IL5-certified information centers. With this caller platform, users tin link securely from phones and desktops for unafraid collaboration with interior and outer users arsenic good arsenic DoD partners.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays