This post originally appeared in UCToday. To read the full post, please click here.
Remote working has skyrocketed in response to COVID-19, with IT leaders fast-tracking purchases of collaboration tools to keep their employees connected during this time. But in the rush to implement video conferencing at scale, many didn’t have time to properly evaluate how providers handled data security and privacy, leaving themselves vulnerable to risk.
As your organisation adjusts to this “new normal,” here are a few key considerations to evaluate the security of a cloud video conferencing service for your remote workers.
1 – Data Privacy
It’s important to understand how a video conferencing provider manages customer data. By necessity, some data will need to be shared with the provider, so make sure you ask about the provider’s policies with respect to that data.
What kinds of user data are collected?
Any video conferencing service will need to collect some user data. This might include basic information submitted by users such as a username and email address to establish a video account. Other information that might include a phone number, an avatar image used for an account profile photo, a self-described location, or a self-described time zone.
Information that would be collected without direct input from the individual would be generated by conducting video calls: IP addresses, device types, platform operating system, called/calling party video addresses, and the like.
What is done with this information?
Ideally, the data should only be used to provide the ability to conduct video calls, to provide on-demand usage history and analytics, to enable billing, and to be used in aggregate with whole-service usage statistics. While this may involve sharing data with authorised third parties, the purpose is only to maintain and grow the service so it can meet and anticipate the capacity needs of the entire user population.
At no time should the user data be shared with any unauthorised outside parties. Users of the video conferencing service should be confident that their data is private and secure, and should be able to request information about how their video service provider uses their data, how long it is retained, and under what regulatory standards it handles such user data.
Where is my data stored? How is it stored and handled? Over what geographies does my data traverse?
Data at rest has to be stored somewhere, and data in motion needs to traverse from Point A to Point B. Enterprises should consider both where data is stored and where it traverses to and from, as well as who has access to the data and how they have been vetted. Even if the data is encrypted and not human-readable, there may be requirements that the data reside within a certain geography, or at least predictably so the majority of the time. Various video conferencing services have the ability to geofence data; it may be worthwhile to inquire.
To read the rest of the article, please visit UC Today.
To learn more about the security and privacy of Pexip's solutions, please click here.