Accreditations may
seem like promotional mechanisms that appear on a vendor’s marketing material.
Think again and take a closer look. As data compliance impacts organizations,
enterprise leaders need to take vendors more seriously when standardizing on
video conferencing solutions.It’s time to start
conducting some thorough checks.ISO what?
Data protection is the
bastion of business compliance. New privacy laws and international legislation
have changed the way we all view personal identifiable information (PII). The
General Data Protection Regulation (GDPR) dictates that organizations must
implement robust data security controls across all aspects of the business to
avoid vulnerable areas being exploited by cybercriminals.While video
conferencing systems may not have been the most obvious target for hackers in
the past, this has perhaps generated a false sense of security among
enterprises.The risk posed by
video conferencing solutions to enterprise cybersecurity is heightened by the
architecture of many providers, which rely on laptops in meeting rooms. Not
only is this far from the most effective way to support meetings, but it puts
an additional cybersecurity and management burden on enterprise IT departments.
Furthermore, video conferencing providers that use third-party servers may
expose sensitive company data to potential vulnerabilities in their supplier’s
infrastructure, introducing further risk into the network.In November 2018,
Tenable announced that its research team had discovered a serious vulnerability
in the infrastructure of a US based video communications company that allowed a
remote attacker to impersonate meeting attendees via chat messages. The
potential for a staff member to exchange sensitive company or customer data
over a collaboration platform with a hacker masquerading as one of their
colleagues should give any IT or AV manager pause for thought.So, why should video
conferencing vendors have ISO 27001 today?Vendors who achieve
ISO 27001 certification demonstrate their commitment to the highest operational
standards encompassing people, processes, suppliers, and IT systems. Video
conferencing solutions that achieve this standard enable businesses to be more
productive, reduce IT burdens, and give business and IT leaders peace of mind
when users can experience intuitive real-time communications. However, global
video communications network entirely owned and managed by the vendor provides
a powerful, reliable platform without reliance on any third-party
infrastructure for core services, which means the vendor is in a unique
position to rapidly respond to users and continually evolve their service
seamlessly to meet their demands.Multiple data centers
within each jurisdiction ensure data is stored with geographical redundancy,
which signifies customers are always hosted in their designated jurisdiction,
where all their PII is stored. In the event of a major outage, customers are
migrated to an alternative data center within the same jurisdiction.Ask yourself some
vital questions that will help determine if your video conferencing solution is
equipped to future-proof your enterprise collaboration:
Does your video conferencing solution meet the highest security
standards in data protection, operations, processes, and research and
development?
Has the vendor achieved ISO 27001 certification?
Can they provide secure and reliable video conferencing with
99.999% uptime SLA?
Will your data remain within the jurisdiction of your choice,
especially if there is a network outage?
Are there the right user authentication and data encryption
services in place?
Will you be fully secure to remain data compliant using the
video conferencing solutions?
Whilst there is no
binding regulation that stipulates that vendors must be ISO 27001 certified, it
is a clear indication that they have the best-practices for information
security management system and controls through effective risk management.
Essentially, every element of a company’s operations must be optimized for
security and reliability, from the architecture of its own technology to every
employee’s expertise and the services they take from suppliers.As large enterprises
progress to standardizing on video conferencing and collaboration platforms,
any disruption in service could have a serious impact on business activities
and services. No AV or IT manager wants to take a call from the CEO when the
video conferencing technology fails to work. However, the one call that no one
wants to answer is “why have we had a data breach?”ISO it matters!ISO 27001 may not
immediately jump out as the most important consideration when enterprises
consider purchasing video conferencing systems, but it absolutely should be a
factor in their decision-making. With video conferencing playing an
increasingly important role in workforce collaboration and ever-tightening
regulations around data protection, the ISO 27001 certification should be top
criteria to reassure AV buyers that their chosen video conferencing solution
will provide the business with the highest levels of security and reliability.William MacDonald, CTO at StarLeaf
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
