Multi-layered Security for Virtual Meetings, Trainings and Classrooms
by Peter Ryce
posted on 04-17-2020
With all that is happening in the world today, we are spending more time online than ever before. For many of us that means participating in online meetings instead of gathering in an office or conference room or a classroom. We still need to collaborate and share, which may include confidential information about ourselves, our organizations, our activities, and our future — but instead of a projector, we use a virtual conference room. We share our screens or upload our slides to be seen by all in the “virtual” room. We speak through our microphones or integrated telephone lines, and share our cameras, files, and web links, and chat in online rooms. Yet, without physical walls and doors, how do we keep our information from reaching the hands of the wrong people?
There has been a lot of news lately with concerns over the security of virtual conferencing products and organizations want to ensure that their solutions are secure enough to entrust their most critical data to.
At Adobe, we believe that defense needs to be built in layers and often requires more than just adding a password to a room or basic encryption. That’s perhaps why Adobe Connect has been the solution of choice, for more than 15 years, for some of the most highly regulated industries such as government, financial services and healthcare, running mission-critical operations online.
Let me describe what I mean by layered security for defense in depth.
1. Secure code design
Through the Adobe Secure Product Lifecycle (SPLC) we start with a set of development guidelines that our programmers use when writing our code keeping security as a high priority.
2. Secured connection
Next, our servers, and how we communicate over the internet, use industry-standard encryption practices — communicating over HTTPS employing Transport Layer Security (TLS) cipher suite to help secure your data in transit using AES-256. We add additional encryption for the most critical data, using SHA-256 hashing for passwords.
3. Least privilege principle as a default
Administrators can enforce appropriate restrictions for all users. Using our years of product design experience aligned to toughest customer use cases in most regulated industries, we have created user interfaces and configuration settings that follow a Least Privilege Principle, which essentially means that as a default the meeting host has the greatest control, and others join with the least privilege. Meeting hosts control not only who can enter a meeting but also the assignment of role-based privileges to co-presenters and participants.
Each organization has their own set of unique requirements — we offer the flexibility to tailor each account to match those needs. Account administrators can choose secure two-factor authentication and Single Sign-On (SSO) for IT-controlled logins. Applications can be whitelisted for approved application sharing or blacklisted to be always hidden. Meetings can be permanently blocked against “guest” access, so that only employees and pre-registered users attend. Read Frank Derienzo’s post for an in-depth overview of these extensive configuration options designed for a security first approach.
4. Deployment flexibility with managed services
Our customers can choose from a variety of deployment options ranging from a hosted service on Adobe managed infrastructure, leveraging industry best practices for secure design. Or a private cloud deployment by certified cloud infrastructure providers to operate and manage their services. Or even an on-premise deployment behind an organization’s own firewall.
Perhaps, one of the reasons for being the trusted solution of choice for the most “locked down” regulated environments is the gamut of validations from industry compliance and regulatory bodies. Depending on deployment model, Connect meets various regulated industry security standards and has received a number of certifications attesting to its security as suited to the needs of specific industries such as financial institutions by being GLBA-ready, U.S. federal government with FedRAMP certification, healthcare and non-profit organizations by being HIPAA-ready, and universities and K12 institutions, by being FERPA-ready for protection of U.S. students’ education records and personal information.
We all are already working hard enough to adapt to this new world, we shouldn’t have to worry about the security of our meeting solution too — particularly when Adobe has spent years building it.
If you aren’t already using Adobe Connect you can Request for a Demo** **and we’d be happy to assist.
Learn more about Adobe Connect Security
Topics: Future of Work