Securityβs always a consideration when it comes to videoΒ conferencing,Β but users donβt like to consider it for any longer than they absolutely need to. This has given rise to common misconceptions around securing unified communications and the role of encryption in enabling security. Too often, people think that encryptionΒ equates toΒ the communicationΒ being entirelyΒ secure and over-rely on elastic terminology such as end-to-end encryption to assure themselves they are secure.Β
βEnd-to-end encryption is the most obvious misconception,β confirmed BobbyΒ Beckmann, Chief Technology Officer at Lifesize. βIt makes people think thereβs no way for bad actorsΒ to see whatβs going on in the middle,Β but in order to secure a video call,Β something in the middle has to be encrypted too, not just at each end.βΒ Β
As always,Β being secure is a function ofΒ howΒ much risk you face and what resources youβre able to devote to security. βItβs a threat model you have to figure outΒ for yourself,β addedΒ Beckmann. βIf youβre a book club,Β you probably donβt need security,Β but if youβre having a board meeting,Β you probablyΒ do. YouβreΒ likelyΒ fine 99% of the time but itβs thatΒ 1% that matters.βΒ
The idea that encryption is simply a black box that you buy and then have in place impedes user understanding of the strength and performance of encryption. βEveryone thinks encryption is easy and theyβre rightΒ βΒ itβs superΒ easy to encrypt something,βΒ BeckmannΒ said. βWhatβs hard is verifyingΒ whoΒ encryptedΒ it. Weβve tried to simplify this by showing a visual indicator so thatΒ a userΒ can confirm thatΒ the communicationΒ wasnβt intercepted.Β By matching aΒ visualΒ password embedded into the video stream with one thatΒ the userΒ knows,Β theyβre able to confirm that the session is encrypted without having to trust us, the video conferencing provider.βΒ
Thereβs littleΒ for organisations to choose fromΒ in the market inΒ betweenΒ theΒ insecure, free services and corporate IT-level encryption from a specialist vendor that is based on zero trust,Β but Lifesize thinks there should be other means to be assured of encryption.Β Β
βOur goal is to be the safeΒ video conferencingΒ and unified communicationsΒ provider,β saidΒ Beckmann. βThe issue really is about the authentication of encryption and the level of encryption provided. Itβs a question of what security is usedΒ β did I lick the envelope or padlock the box? Also, we need to take into account who touched it in the middle of transport.β
βThere is no Band-Aid of encryption. If you donβt have controlsΒ in place across the board,Β noneΒ of the individual points matterβΒ
Now, as the pandemic causes more people to work from home,Β the security models of large companies are being eroded. βThere are machines out there that are connected to corporate networks and they should not be,β addedΒ Beckmann. βYour kidβs laptop is probably not the most secure device to useβ¦Thereβs a level of loss of control that is happening outside the company that needs to be considered, and solutions like ours provide a means to easily authenticate that encryption is in place and help secure your communications.β
Β
