Accreditations may seem like promotional mechanisms that appear on a vendor’s marketing material. Think again and take a closer look. As data compliance impacts organizations, enterprise leaders need to take vendors more seriously when standardizing on video conferencing solutions.
It’s time to start conducting some thorough checks.
ISO what?
Data protection is the bastion of business compliance. New privacy laws and international legislation have changed the way we all view personal identifiable information (PII). The General Data Protection Regulation (GDPR) dictates that organizations must implement robust data security controls across all aspects of the business to avoid vulnerable areas being exploited by cybercriminals.
While video conferencing systems may not have been the most obvious target for hackers in the past, this has perhaps generated a false sense of security among enterprises.
The risk posed by video conferencing solutions to enterprise cybersecurity is heightened by the architecture of many providers, which rely on laptops in meeting rooms. Not only is this far from the most effective way to support meetings, but it puts an additional cybersecurity and management burden on enterprise IT departments. Furthermore, video conferencing providers that use third-party servers may expose sensitive company data to potential vulnerabilities in their supplier’s infrastructure, introducing further risk into the network.
In November 2018, Tenable announced that its research team had discovered a serious vulnerability in the infrastructure of a US based video communications company that allowed a remote attacker to impersonate meeting attendees via chat messages. The potential for a staff member to exchange sensitive company or customer data over a collaboration platform with a hacker masquerading as one of their colleagues should give any IT or AV manager pause for thought.
So, why should video conferencing vendors have ISO 27001 today?
Vendors who achieve ISO 27001 certification demonstrate their commitment to the highest operational standards encompassing people, processes, suppliers, and IT systems. Video conferencing solutions that achieve this standard enable businesses to be more productive, reduce IT burdens, and give business and IT leaders peace of mind when users can experience intuitive real-time communications. However, global video communications network entirely owned and managed by the vendor provides a powerful, reliable platform without reliance on any third-party infrastructure for core services, which means the vendor is in a unique position to rapidly respond to users and continually evolve their service seamlessly to meet their demands.
Multiple data centers within each jurisdiction ensure data is stored with geographical redundancy, which signifies customers are always hosted in their designated jurisdiction, where all their PII is stored. In the event of a major outage, customers are migrated to an alternative data center within the same jurisdiction.
Ask yourself some vital questions that will help determine if your video conferencing solution is equipped to future-proof your enterprise collaboration:
- Does your video conferencing solution meet the highest security standards in data protection, operations, processes, and research and development?
- Has the vendor achieved ISO 27001 certification?
- Can they provide secure and reliable video conferencing with 99.999% uptime SLA?
- Will your data remain within the jurisdiction of your choice, especially if there is a network outage?
- Are there the right user authentication and data encryption services in place?
- Will you be fully secure to remain data compliant using the video conferencing solutions?
Whilst there is no binding regulation that stipulates that vendors must be ISO 27001 certified, it is a clear indication that they have the best-practices for information security management system and controls through effective risk management. Essentially, every element of a company’s operations must be optimized for security and reliability, from the architecture of its own technology to every employee’s expertise and the services they take from suppliers.
As large enterprises progress to standardizing on video conferencing and collaboration platforms, any disruption in service could have a serious impact on business activities and services. No AV or IT manager wants to take a call from the CEO when the video conferencing technology fails to work. However, the one call that no one wants to answer is “why have we had a data breach?”
ISO it matters!
ISO 27001 may not immediately jump out as the most important consideration when enterprises consider purchasing video conferencing systems, but it absolutely should be a factor in their decision-making. With video conferencing playing an increasingly important role in workforce collaboration and ever-tightening regulations around data protection, the ISO 27001 certification should be top criteria to reassure AV buyers that their chosen video conferencing solution will provide the business with the highest levels of security and reliability.
William MacDonald, CTO at StarLeaf
