Being reliable makes collaboration viable. When video conferencing is backed by a secure cloud architecture and rigorous control processes, the ability to effectively manage risk and avoid service outage makes enterprise communications seamless in today’s ‘always-on’ economy.
With the rapidly changing and unpredictable nature of global business, it is vital for those wishing to lead industries, that they build their enterprises on robust communication tools.
Cloud-based video conferencing solutions enable enterprises to be more productive and reduce the burden of IT infrastructure. However, business leaders also need assurances that they and their employees’ data remain secure when using these solutions. Only those vendors that operate their own global cloud network can provide a consistent service to businesses.
Avoiding an outage
A reliable and secure cloud service requires a robust architectural design, defense-in-depth security controls, and fully redundant, secure hardware and networking. The service needs to be a dedicated cloud that runs solely on internally developed software, which must be designed with security in mind from the outset. All components need to be owned, maintained, and thoroughly scrutinized by the vendor and independent software security experts. This limits instances of downtime caused by hardware failures, issues with third-parties or cybersecurity threats, such as malicious code or malware. It is important that core services are not provided using third-party shared computers, which eliminates the starkly real threat of being affected by any data via vulnerabilities, such as Spectre or Meltdown.
The six pillars that constitute a strong cloud architecture to deliver reliable and secure video conferencing are as follows:
- Dedicated data centers
Rather than relying on third-party public clouds, having global points of presence (i.e. data centres around the world) is a requirement for multiple reasons. It allows delivery of the best possible user experience, so the vendor can fully support their customers without relying on others and it also ensures redundancy of the service. Being fully compliant today is a prerequisite for industry and EU regulations, including the General Data Protection Regulation (GDPR). Those vendors that meet the highest standards, such as ISO 27001 certifications, can be trusted to offer the best authorisation, access, process, and management controls.
- Data jurisdiction
A well thought out cloud architectural design ensures that customer data can be isolated to nominated locations, thereby retaining data within appropriate regional legal boundaries. Multiple data centres within each jurisdiction ensure data is stored with geographical redundancy. Enterprise customers should always be hosted in their designated jurisdiction, where all their personally identifiable information (PII) is stored. In the event of a major outage, customers can be migrated to an alternative data centre within the same jurisdiction. Importantly, this ensures that customers retain control of their data because it is not subject to third-party control by the nature of where it is hosted.
- Upgrades
A key advantage of cloud services compared to more traditional services is how new features and functionality can be provided by the vendors to their customers on an ongoing basis. However, it is important that customers do not become the beta testers as is often the case with consumer cloud services. This means that vendors must ensure that upgrades are deployed across their service in a consistent and controlled manner having already undergone the most rigorous of testing regimes.
Regular and continuous upgrades to cloud systems can include new features, fixes, and security improvements. Crucially, all code changes should be thoroughly tested in an isolated environment to ensure reliability and that full coverage regression tests are passed. Vendors need be able to update and upgrade all parts of their service, including the core infrastructure, the software applications used by users on their mobiles, laptops and dedicated meeting rooms hardware. To avoid disruption to video conferencing and meeting room services, upgrades must happen automatically without user or IT personnel interventions out of hours in an organisation’s time zone. Vendor-controlled upgrades mean enterprises can always guarantee every individual and meeting room system has the most up to date and secure software.
- Customer data security
Data security is critical in today’s digitally dynamic world. Access to live cloud data needs to be restricted to certain groups who perform a specific action. All data access needs a personal login and only users who are authorised members should be granted access to cloud and user data. In addition, data in transit or at rest, whether media streams or instant messages, must remain encrypted with approved, secure and always up to date cryptographic methods.
- Reliability
It is good practice to check service level agreements, which should guarantee not less than 99.999% availability. Not many vendors offer rigorous and thorough continuous monitoring of all services, so it is vital to ensure they provide full reliability and security. Monitoring tools should also be provided to customers to help them isolate any issues local to themselves before it affects their business. In the event of an emergency, a strong disaster recovery policy is essential to maintaining service and reliability needs to be a high priority when selecting a vendor.
- Security by design and vulnerability monitoring
Cloud services need to be robust and designed with security in mind to defend against bad actors. As important as the software design, having a defined security incident monitoring and reporting process is essential in order to act upon reported issues quickly. Access rights should be meticulously defined, and the development and operations teams need comprehensive and ongoing security training. Operations teams must have access to automated security monitoring and real-time status dashboards in order to be proactive in ensuring the service remains secure at all times. As well as regular testing by the in-house security team on all new software and hardware releases, external penetration testing should be carried out by industry experts. World class vendors will also engage in bug bounty programmes.
Conclusion
Reliability is the gateway to effective meeting room collaboration. Working with the right vendor, enterprises can implement and maintain a robust video collaboration service across the globe. By choosing a service set up to withstand potential outages, enterprise users can ensure consistency of service knowing that their cloud-based video conferencing solutions are intelligently engineered to deliver meetings they can trust.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.