Security in video communications

11/2020, 5 min read

How to ensure secure video meetings? Security requirements have to be taken into consideration in video collaboration as an operating principle. Read how to ensure that your business-critical information stays secure and learn the key platform considerations as well as the end-user best practices.

While remote working has rapidly increased, and the possibility to integrate various platforms, technologies and services has contributed to wider use of video communications both within and between organizations, the development has raised concerns as well. One of the most common matters is the overall security: with so many services and interfaces to be dealt with, how can anyone be certain that the things said and the materials shared in the virtual conference room actually stay there?

Eero Heikkilä, Elisa Videra's Head of Professional Services, says that in order to ensure the critical security requirements in video communications, they have to be taken into consideration from the very beginning. But the experts at Elisa Videra won't settle for just filling the requirements – they build the entire solution on security.

"Our information security management system follows the ISO/IEC 27001 requirements", Heikkilä emphasizes. "That ensures that all technical, operational and physical aspects are thoroughly dealt with."


Eero Heikkilä has a vast experience and expertise in security management
and
is currently the Head of Professional Services at Elisa Videra.


1. Use an accredited technology vendor and service provider

The role of the technology vendor is essential in making certain that the provided technology and equipment meet the user requirements. Pexip is one of Elisa Videra's technology partners that provides best-in-class industry security, interoperability, infinite scalability and a wide variety of ways to ensure high quality and easy-to-use video meeting solutions. 

Especially with government organizations, financial institutions, healthcare providers and others dealing with highly confidential information on a daily basis, the importance of screening and choosing a trusted provider of technology cannot be overemphasized. With video meetings, proprietary and sensitive information is shared frequently, and employers need to feel certain that no one else can access that data without permission. These types of customers typically prefer to run the entire meeting platform on-premises and inside their network, or in the private cloud of their choice, and Pexip offers flexible deployment options. 

"The entire solution has to be built so that it can provide the best possible support for both the pre-meeting and in-meeting phases, like support roster controls, using PIN codes and encoded phone calls", Heikkilä emphasizes. 

2. Ensure pre-meeting and in-meeting security

During the meeting, one of the best rules of thumb to ensure sufficient security is to act the same way as you would at a physical meeting.

"The user has to be able to control both the meeting space and the participants. The same way that you browse across a meeting room to see who is present, you can check the roster list to see that the right people have arrived", Heikkilä advises. "Then, just as you would close the door, you should lock the virtual room to prevent further entry."

Heikkilä refers to increasingly common "meeting bombing" incidents: if there is not even a simple PIN code required, an uninvited participant can enter a meeting just by randomly tapping in email-like URL-addresses or conference IDs. The organizer should be able to prevent this kind of incident from happening, or at the very least throw the unwanted participant out and prevent the re-entry.

In addition to PIN codes, pre-meeting security can be enhanced with virtual meeting rooms and IDs that are valid only for the duration of the meeting. The invitations play a role as well: they should only be sent to relevant recipients.

When the most sensitive issues are discussed, everyone has to be especially alert for any eavesdropping that might take place. And, as the meeting has been adjourned, just as you would turn off the lights in a conference room, in the same way you should end the virtual meeting.

3. Remember common sense and best practices

Even, and especially, when it comes to the devices that are used to attend virtual meetings, common sense prevails. Default passwords should never be used; instead, the administrators (not the end-users) should be given the opportunity to manage the devices. Signaling and media should be encrypted whenever possible, and centralized provisioning should be utilized for ensuring consistent settings.

In addition, only up-to-date devices with latest software versions should be used. Every now and then, a device that has no more active support shows up in video conferencing deployment and causes challenges from both operability and security points of view. 

These devices may not be covered by an active maintenance contract, but even worse, they may be completely end-of-sales, end-of-life and end-of-support by the vendors, meaning that the vendor will no longer provide security fixes, bug fixes or functionality updates for them. Added to the frustration that these devices cause for the end user, as they don’t work similarly as up-to-date devices, they also have interoperability flaws and may act as so-called backdoors to the customer network. 

4. Get a dedicated expert to take care of the platform

Especially during a pandemic, when even the most sensitive kinds of meetings are being held virtually, the collection and handling of data has become an essential security issue. The participants are interested in what kind of data will be collected, what will be done with it and where it will be stored. 

With so many alternatives at hand and so many viewpoints to consider, including all government and business-related regulations there might be, managing such a versatile service platform goes well beyond any in-house IT department's comfort zone. 

"With encrypted calls, on-premises services are not necessarily more secure", Eero Heikkilä states. "To ensure the best possible outcome from every angle, it often makes sense to let dedicated experts run these services."

As the needs of users become more versatile, the chosen video conferencing service is expected to be able to adapt quickly to required changes. This has led to organisations' growing interest towards moving their self-hosted infrastructure into a cloud environment, where, for example, capacity increase can take place promptly. While the flexibility of a cloud environment is undeniable, certain doubts exist, and issues like data security and control have slowed down this development.

Many of these obstacles were removed in December 2020 as Pexip, a leading provider of enterprise video conferencing and collaboration solutions, announced the launch of the Pexip Private Cloud – a deployment option for video conferencing that provides the ease and scalability of a shared cloud with the control, security and privacy of a self-hosted solution.

Heikkilä adds that with the modern solutions, added security does not have to contradict the functionality. Even in that sense, it is better to aim high.

Special integrators such as Elisa Videra, who deal with these kinds of issues every day, are the best way to ensure that for any given situation and circumstance, the best available security solution can be designed, implemented and maintained.


Pexip was founded by industry veterans with decades of experience of security best practices, resulting in security-first, enterprise-grade video conferencing solutions using industry-standard encryption and security protocols to maintain customers' privacy and security. It offers flexible deployment options, and institutions around the world rely on the Pexip platform for their most sensitive communication.  

Want to know more?

Watch a webinar recording about safe and scalable video conferencing:

Make the most of your virtual communications solutions.

Enhanced professional services

Get the resources to design and implement your communication solutions smoothly and efficiently. Our experts are at your service from solution planning and design to security assessment & optimization and architecture design.

Ease of use and anytime-access

Elisa Videra designs, delivers and maintains video conferencing and collaboration services empowered by the industry leading technology vendors including Microsoft, Pexip, Zoom and Cisco. Ease of use, anytime access, extensive endpoint compatibility, scalability, reliability, security and always available customer service.

Secure solutions with complementing hardware

Choose the most suitable video infrastructure deployment scheme for your needs: on-premise, private Cloud, shared Cloud or hybrid. Elisa Videra connects different vendor technologies, platforms and devices, offering you a full control and integration possibilities.

Global Managed​ Services & Monitoring 

Ensure video conference solutions availability and call quality and get peace of mind with our Managed Services; management of your hybrid work environments, emerging issues automatically fixed before they become problems and effortless monitoring.

Any cloud, any device – we make it work

Provide your people with freedom of choice wherever they meet and work. Elisa Videra designs, integrates, delivers and manages interoperable technology solutions with a can-do attitude.

Gear up for the new ways of working. Subscribe to our newsletter

Related articles