Is Video Conferencing Secure Enough?

With mass remote working set to become the norm for many companies, how their staff securely communicate becomes critical. The UK government recently purchased 700 accounts from the video conferencing service provider Zoom, against the advice of its National Cyber Security Centre (NCSC) which raised concerns about the privacy and security of this platform.

The Guardian reported: “Government and parliament were told by the intelligence agencies last week not to use the videoconferencing service Zoom for confidential business, due to fears it could be vulnerable to Chinese surveillance.”

In a rush to set-up wide-spread video conferencing services, security seems to have been forgotten. “The Covid-19 crisis has seen millions of new users sign up to Zoom to host meetings and provide important updates to employees working remotely,” says Paul Farrington, EMEA, chief technology officer, Veracode “However, in recent weeks a series of security missteps and bugs have been discovered, which raise new questions about the cyber risks and privacy issues associated with online conference systems.

With Andy Harcup, VP, Absolute Software also stating: “The tidal wave of new device purchases, including tens of thousands of laptops, tablets and mobiles is essential for ensuring that government departments can operate effectively during the Coronavirus lockdown.

“However, the rush to implement new remote working models must be accompanied by a rigorous and robust approach to cybersecurity. Key to this is ensuring complete visibility into the device estate, so that IT chiefs can ensure every single user has that latest security updates, including checking that apps like Zoom are up to date and secure. It’s also critical to be able to wipe, track and freeze laptops which contain confidential data, in the event of theft or loss.”

For all businesses, the new normal will be extended remote working for their employees. The issue has been for many, using video conferencing services safely and securely has not been a core component of their skill sets. Scrambling to set-up these services at home has led to potentially damaging security breaches.

Conferencing evolves

According to research from LearnBonds in the US, the demands for VPNs has expanded by more than 40% as a direct result of the COVID-19 crisis.

The Global VPN Usage Report 2020 showed that 51% of people in the US and the UK use VPN to protect their privacy on public Wi-Fi networks. Another 44% of respondents named browsing the web anonymously as the main reason for using the VPN. Secure communication was the third most common reason, among 37% of VPN users. Statistics showed that more than 20% of Americans and Britons use virtual private networks to access better entertainment content or restricted download, stream, and torrent sites.

Services like Zoom have come under a great deal of criticism. The demands on its services have been immense: with a 535% rise in daily traffic. To meet the demand, the company recently announced a partnership with Oracle to provide the service with the cloud infrastructure it needs to meet what may continue to be expanding demand.

“We recently experienced the most significant growth our business has ever seen, requiring massive increases in our service capacity. We explored multiple platforms, and Oracle Cloud Infrastructure was instrumental in helping us quickly scale our capacity and meet the needs of our new users,” said Zoom CEO Eric S. Yuan. “We chose Oracle Cloud Infrastructure because of its industry-leading security, outstanding performance, an unmatched level of support.”

For businesses using these systems, which can often carry highly sensitive information, securing these connections of paramount. In their security predictions 2020 report, Trend Micro state: “Organizations will have to be wary of risks introduced by work-from-home arrangements and internet-connected home devices that blur the lines in enterprise security. After all, working in home environments is not as secure as being in the corporate network.

“Furthermore, weak Wi-Fi security compounds risks in remote work arrangements like shared or public workspaces. An open network leaves sensitive files and information exposed for snooping by other users in the same network.36 Remote devices can be infected with malware that can get into the corporate network and make off with valuable information.”

With Ingrid Ødegaard, Co-founder and chief product and technology officer at Whereby explaining to Silicon UK: “During this period of global lockdown, many have come to realize that video conferencing platforms can be a lifeline. As we look to the future of remote working, many more businesses will likely be relying on these solutions for both internal and external communication.

“We will likely see a huge transition away from traditional app-based platforms, towards web-based solutions that adapt to suit the needs of the fast-paced workforce. Platforms are also evolving, allowing for greater levels of integration for project management tools and file management systems, which will be crucial for productivity when remote working becomes the norm.”

Ødegaard concluded: “It is already true that more and more communication is moving to video and, increasingly, service providers are looking to integrate video into their existing products. As time goes on, we’ll be seeing many video conferencing solutions that currently offer easy-to-integrate APIs being utilized in products that want to implement video functionality but don’t have the time required to build it natively.”

Safe and secure

Silicon UK spoke with Andy Rawll, EMEA product marketing manager for 8×8 and began by asking with remote mass working now the norm, how have the current video conferencing systems coped?

“There have been some winners and some losers in video conferencing over the past few weeks. Those with established, robust solutions have been able to deliver the best experience – in particular, those with proven infrastructure which has been architected from the ground up to accommodate growth and flex to unexpected demands.

“For example, 8×8 Video Meetings is built on the proven code from the Jitsi open source community, guaranteeing security and scalability. The 8×8 platform has delivered consistent availability and performance throughout the past three months in the face of a twenty-fold increase in monthly active users. We’ve seen the number increase from one million in early March to now over 20million users worldwide.”

How will video conferencing have to change if businesses adopt more mass remote working as the ‘new normal’?

“While the first stage of remote working has meant IT teams quickly finding a solution to keep their business running, as this becomes the ‘new normal’ they will be looking for more robust, long-term solutions. Video conferencing service providers will need to evolve their offerings to be better attuned to the needs, expectations and flaws of the home-working environment.

“For example, while security is generally assured by IT policies, an office environment, home-based workers, particularly those in smaller organizations, may not have these established processes in place. Video conferencing solutions can help by ensuring system defaults err on the side of caution and that any inherent risks are prompted to an unsuspecting user.

“Traditionally, video meetings solutions have been one-size-fits-all, with the same settings and user interface for every user. Given the very different ways we are now using video conferencing technology, from distance learning to virtual GP appointments to company-wide meetings, vendors need to consider a more diverse set of system set-ups that can better match to the different ways their technology will be used.”

Are the security protocols currently in use strong enough to support what could be millions of more sensitive interactions over the networks?

“There is a multitude of security standards, specifications and protocols in place, but best-practice security policies must be adopted across the industry. This needs to go well beyond robust network access policies and encryption of communications as they traverse public internet services, to a point where end-to-end encryption is the norm. The challenge will be making the user experience secure while also making sure the technology is still easy to use.”

Are more education, training and equipment installations essential to ensure remote conferencing can be used as a useful and professional tool by users unaccustomed to using these systems?

“The best video conferencing solutions will be intuitive with the need for minimal training or to download software – this means native in-browser click-to-connect solutions will result in the broadest adoption, most extensive usage and highest customer satisfaction.

“Even if the solution is easy to use from a technical perspective, there are some best practice guides that would help users have the smoothest experience, for example on video etiquette, lighting and audio set-up to keep meetings productive.

“Once the basics have been mastered, it’s vital that users understand the advanced features available to make meetings even more productive. For example, we find in-meeting collaboration tools are often underused, with the latest generation systems supporting content sharing of full multimedia files (e.g. video playback) and multiple concurrent content streams.

“Having the latest generation video conferencing hardware with single-click set-up and sync can make a further difference, by no longer tethering meeting participants to their laptop, smartphone or tablet, e.g. the Jabra Panacast and Poly X30.”

What does the future of video conferencing look?

“In the short to mid-term, with social distancing and remote working the new norms, video will continue to be the defacto communications method for our personal and professional lives. While we won’t see the same exponential rates of uptake beyond 2020, the experience of recent months has made us all more comfortable using video conferencing technology, and we expect strong growth in adoption to continue.

“We’ll also see more integrations of video conferencing software into existing solutions – for example; we worked with Italy-based classroom collaboration platform WeSchool to integrate 8×8’s Jitsi.org open-source video conferencing solution, to connect Italy’s teachers and students.

“Transcription technologies will continue to evolve and benefit from the parallel, yet related developments in AI. This will lead to more sophisticated natural language translation, even to the point where the simultaneous live translation is possible to facilitate truly multilingual calls.

“The impact of 5G will make the highest quality video calls possible outside of the home or office – expect to see your fellow commuters video conferencing in HD on the train with wireless and cellular video quality reaching impressive levels of richness and depth.

“While the high bandwidth demands of 4K video will make it hard for mainstream adoption to become possible, in specific areas like the creative industries, healthcare or manufacturing, this will represent a further important evolution of video in the workplace, whether that’s a patient showing a detailed image of their symptoms or an engineer being able to troubleshoot a technical problem from a video call.”

As technology has developed, so could video conferencing. HTC recently announced its Vive Sync platform which the company describes as: “An intuitive VR collaboration tool where internal teams can meet in a virtual shared space, improving communication and productivity amongst organizations.

“Supporting up to 20 employees simultaneously, teams separated across the globe can meet to share materials, hold discussions, and make real-time collaborative decisions. With dynamic and customizable avatars, individuals will be able to have immersive and realistic interactions with their colleagues no matter where they are in the world.”

“Organizations everywhere are facing unprecedented challenges as millions of people are working from home, said Brad Brooks, CEO and president of OneLogin. “Remote work security is mission-critical for managing and securing digital identities for workforces and customers in this challenging environment.”

A closer look at how individual countries practice security highlights differences in password sharing, willingness to access high-risk websites and more. The study found the following:

Home networks: UK consumers are the worst in the world for Wi-Fi security, with 50% of them not having changed their Wi-Fi password in more than a year, compared to the global average of 36%.

Device security: Half (50%) of UK consumers did not change their work device’s password when they began remote working

Shadow IT: 10% of UK consumers have downloaded an application to help them with their work without their work’s permission, and 17% have accessed work applications from a non-work device.

Remote working: 60% of UK consumers expect a change in business culture towards remote working, compared to 73% in France and 50% in the US.

“This global remote work-study shines the light on the importance of ensuring the right people are accessing internal and customer data at all times. It underscores the importance of protecting employees and their entire organizations, aligning with privacy and security best practices around the world,” Brooks said.

Initiatives like Vive Sync will only proliferate. The key is to deploy these technologies across secure networks. With remote working now, the norm and video conferencing rapidly becoming a standard of communication, taking time and resources to understand this threat landscape are critical for all enterprises.

---

Photo by Julia M Cameron from Pexels.