Security’s always a consideration when it comes to video conferencing, but users don’t like to consider it for any longer than they absolutely need to. This has given rise to common misconceptions around securing unified communications and the role of encryption in enabling security. Too often, people think that encryption equates to the communication being entirely secure and over-rely on elastic terminology such as end-to-end encryption to assure themselves they are secure.
“End-to-end encryption is the most obvious misconception,” confirmed Bobby Beckmann, Chief Technology Officer at Lifesize. “It makes people think there’s no way for bad actors to see what’s going on in the middle, but in order to secure a video call, something in the middle has to be encrypted too, not just at each end.”
As always, being secure is a function of how much risk you face and what resources you’re able to devote to security. “It’s a threat model you have to figure out for yourself,” added Beckmann. “If you’re a book club, you probably don’t need security, but if you’re having a board meeting, you probably do. You’re likely fine 99% of the time but it’s that 1% that matters.”
The idea that encryption is simply a black box that you buy and then have in place impedes user understanding of the strength and performance of encryption. “Everyone thinks encryption is easy and they’re right – it’s super easy to encrypt something,” Beckmann said. “What’s hard is verifying who encrypted it. We’ve tried to simplify this by showing a visual indicator so that a user can confirm that the communication wasn’t intercepted. By matching a visual password embedded into the video stream with one that the user knows, they’re able to confirm that the session is encrypted without having to trust us, the video conferencing provider.”
There’s little for organisations to choose from in the market in between the insecure, free services and corporate IT-level encryption from a specialist vendor that is based on zero trust, but Lifesize thinks there should be other means to be assured of encryption.
“Our goal is to be the safe video conferencing and unified communications provider,” said Beckmann. “The issue really is about the authentication of encryption and the level of encryption provided. It’s a question of what security is used – did I lick the envelope or padlock the box? Also, we need to take into account who touched it in the middle of transport.”
“There is no Band-Aid of encryption. If you don’t have controls in place across the board, none of the individual points matter”
Now, as the pandemic causes more people to work from home, the security models of large companies are being eroded. “There are machines out there that are connected to corporate networks and they should not be,” added Beckmann. “Your kid’s laptop is probably not the most secure device to use…There’s a level of loss of control that is happening outside the company that needs to be considered, and solutions like ours provide a means to easily authenticate that encryption is in place and help secure your communications.”
