|Topic:||Keeping our customer’s data secure in a virtual world|
|Author:||Clive Sawkins & Dan Tanel|
Clive Sawkins is the CEO of London-based BCS Global Networks, Ltd, a cloud-based video and collaboration solutions provider. With extensive knowledge in technology and corporate strategy, Sawkins is recognized as an industry leader in unified communications, video networks, collaboration and digital media. He was instrumental in helping the company grow its revenue as well as transition from direct sales to a channel sales business model. As CEO, he oversaw BCS growth 25 percent each year for five years, and in 2010, he grew BCS’s revenues167 percent.
Building a new Go-to-Market model focused on global tier-two service providers, Sawkins signed partnerships with Shanghai Telecom, SingTel, Cable & Wireless, Telstra Europe and Lime Telecom. Focused on large enterprise and government applications, BCS manages one of the largest managed service government contracts in the UK for a highly integrated video solution with over 3,000 endpoints.
Sawkins held senior management and leadership roles with Cisco, Avaya & Nortel and drove four new start-up technology units and turning them into multi-million dollar businesses. Sawkins serves on the board of OVCC-USA and as a Non Exec to Mirage Technology Holdings. He was a finalist for Deloitte Fast Track 50; one Sunday Times Tech Track 100; and was a 2011 finalist for the Ernst & Young Entrepreneur of the Year.
As BCS Global’s chief technology officer, Dan Tanel drives the company’s global technological innovations and strategy. During his career, Tanel has led numerous initiatives involving the design and implementation of next generation networks and advanced IP-based communication and collaboration services for providers and enterprise customers.
Tanel is regarded for building an eco-system of partners, industry analysts and customers to better understand videoconferencing and telepresence technology requirements, constraints and challenges. His leadership also has provided customers with business models and strategies that have improved their productivity and profitability, while building BCS Global’s brand in the marketplace.
Tanel has served in senior management roles with NexInnovations, an IT consulting firm, and Netigy Corporation, providing consulting services to Cisco Systems. He also was a principal consultant to IBM Global Business Services and was co-founder of IPConvergence, a Canadian wholesale VoIP provider.
Even with new rules, regulations and guidelines, how can we protect information from the power of the Internet? There is a plethora of business-to-business and consumer video traffic that traverses the Internet every minute. Information is bouncing through global space without encryption, which can take sensitive traffic and business conversations down undesirable paths. Are we safe and is our customer's information safe?
When video conferencing was first introduced commercially 20 years ago, usage and adoption rates were low. Equipment and service were expensive, training was not supported and senior management was not convinced the cost was worth it. What a difference today makes. In 2015, video conferencing is a cornerstone of communications and collaboration, and has transformed the way companies, government and other enterprises conduct business.
The benefits of video conferencing are well documented: faster decision making, increased employee productivity and engagement, customer loyalty, competitive differentiator, cost savings, and perhaps above all, enriched relationships.
As video technology has evolved, so has its security and support accountability. Years ago, video conferencing was viewed as a rogue IT application. It was typically supported outside the organization yet used by the most senior managers in the business. Yet, at the same time, all of its former IT applications – from telephony, email, CRM, ERP, and front and back office applications -- were fully supported under a company's security umbrella policy. So, as security concerns escalate, where does video sit within this framework?
As more businesses leverage video conferencing as part of their communications strategies, security has become top of mind. Organizations are now comparing video to telephony because it represents a critical component of the unified communications and collaborations platform.
The effectiveness of the video conferencing solution depends on connecting more employees, co-workers, customers and partners. But that wider exposure also brings security risks and implications. There are many technical areas, including dial plans, access methods, endpoint spoofing and external war dialing software that organizations are addressing, however video applications may be unique because the technology is behavioral based.
One example of a security concern is that for years, this video technology had an auto-answer feature for incoming calls – one that many users were not aware of. Imagine a video call is set up in a room prior to the start of a strategic business meeting and the content is being shared with others, unknowingly. Today, this feature is no longer available in many of the new systems being deployed but it unfortunately may still exist in some older systems in the global marketplace. Businesses must introduce strict change management practices to make certain that configuration policies are not just being implemented, but more importantly, being enforced.
Another example can occur with hardware-based video systems from some major vendors. While many of these systems are locked down with a lower risk of being compromised, users are still asking, is the audio or the video on? And more importantly, as visual communications moves to the desktop and to mobile devices, how is IT ensuring that video conferences are not being recorded or streamed to people without authorization?
Companies should be asking if their HR policies have been updated to address the streaming and recording of conferences, and how do end users gain consent from individuals if they plan to record a session, such as a candidate interview for a new job?
Clearly, there are any number of relatively new business issues and challenges that businesses need to address. Here are some strategies that organizations should adopt to mitigate the security risk of having their meetings heard or watched by others without authorization.
- Encryption at the network level.
- Encryption at the video application level.
- Pin codes and dynamic changing of pin codes, and integrating them with customer's single sign-on.
- Auto-answer. This has long been discontinued in telephony but is still applicable in the video world.
It is imperative to create and implement new video conference security policies; enforce, measure and report on the performance of the policies; and determine how breaches to the policies are handled.
Virtually every type of business and industry is benefitting from video conferencing as a powerful, next-generation communication tool. Here are just a few examples of these applications:
The reduction of transportation costs, and increased efficiencies and productivity and public safety are saving millions in taxpayer dollars. Virtual judges are accessed across the judicial system; probation officers and their clients are now meeting over video deployed in their local police stations; and prisoners are no longer being transferred between prisons and courthouses for short court sessions.
Video conferencing delivers quality healthcare to remote communities, provides quicker access to medical specialists; and increases personal productivity by not having to travel to visit a doctor, and likewise, reduces the doctor’s travel.
Human resources will be conducting interviews, recruiting and employee training via video from remote locations; and banks of the future will be consolidated, serving communities through a virtual team of specialists accessible by face-to-face video kiosks.
All of these new business applications invite a new set of privacy and security considerations. Therefore, it is important to protect the information involving those individuals included in a video meeting. For example, a calendar invite that lists information about the doctor, the patient and the subject of the meeting contains sensitive data that must be protected in the U.S. under the Health Insurance Portability and Accountability Act (HIPPA). Also, organizations such as cloud providers that are supporting these applications and want to support customers in a video space are now governed by regulatory guidelines.
But even with new rules, regulations and guidelines, how can we protect information from the power of the Internet? There is a plethora of business-to-business and consumer video traffic that traverses the Internet every minute. Information is bouncing through global space without encryption, which can take sensitive traffic and business conversations down undesirable paths. Are we safe and is our customer's information safe?
Organizations must ask: What is the security posture of an end-to-end video conference? Is the security at the other end as safe as the security on my company's end? Is the cloud provider’s true multi-tenancy capability equipped to protect customer data?
As new start-ups and over-the-top providers gain momentum and market share, organizations must be diligent to ensure their customer’s data is protected and secure.
Video conferencing is here ... and here to stay. It is a central piece of the unified communications portfolio that has shaped the way we interact with each other every day and everywhere around the globe. Now, it is paramount to make sure that our business content is secure.
- Mobile – privacy or security, a balance we must get right
- Availability and reliability take priority
- Demystifying Cloud Computing: A secure environment for your business
- As satellite-enabled networks deliver critical connectivity around the world, cyber-security must be a priority
- Top five ways to increase business IT security