StrikeForce and Aite-Novarica develop a framework for secure video conferencing
StrikeForce Technologies announced the introduction of an alternative approach to video conferencing security built for modern organizations, government agencies and their sensitive collaboration needs.
StrikeForce and Aite-Novarica’s joint research-driven whitepaper proposes a more dynamic and secure approach than those available on the common video platforms of today. The whitepaper recommends new secure video classification guidelines to protect privacy and data on video conferencing calls based on the sensitivity of information discussed.
This whitepaper calls for data during video conferences to be handled with the same diligence and governance as information shared across other mediums. Data should be identified and classified based on its sensitivity and each should be protected by the appropriate security. The research and this unique approach were devised in accordance with the National Institute of Standards and Technology’s (NIST) cybersecurity framework, a collection of fundamental standards and best practices to assist companies in developing and improving their cybersecurity posture.
“As collaborative communications become more ubiquitous, it is imperative that all organizations, government and private sector, consider collaborative communication platforms as a primary focus of their cybersecurity initiatives and put protocols in place that can ensure they are fully protected,” said George Waller, EVP and cofounder of StrikeForce Technologies.
“It’s the Wild West in video conferencing and if a hacker wants sensitive information, a video call is a great place to get it as users are likely leaving a ‘door’ open. It is chiefly important in various sectors and critical industries that proprietary information is safeguarded. For example, financial institutions conducting video conferences pertaining to mergers and acquisitions cannot risk any data leakage. On the other hand, you don’t need the time and expense of total lockdown if you’re discussing the week’s sporting events. This is what we’re addressing. How does one know how to properly secure every call?”
Each of the four levels of classification can easily be mapped to established control frameworks (e.g., PCI, HIPAA, NIST, CISA, FIPS, GDPR) as well the organization’s policies, standards, and guidelines for protection of sensitive information.
“There are governance measures and best practices regarding how data should be handled across virtually every medium except video conferences – this makes no sense and must be addressed,” explained Joe Krull, Aite-Novarica.
Highly publicized security shortfalls associated with general-purpose video conferencing platforms underscore the need for levels of security and privacy beyond the current and planned capabilities of these products.
As remote work becomes the new norm across every business sector and industry, it has dramatically accelerated reliance on video conferencing tools. At the same time, privacy issues have come to the forefront. Organizations today lack assurance that sensitive data and conversations won’t be exposed during virtual meetings.
The newly proposed schema would mitigate these modern challenges, applying a new methodology around security controls based on four levels of sensitivity. This approach delineates guidelines for triaging video conferencing based on tiers of proprietary information, or levels of necessary privacy. It recommends individual actions pertaining to each conference priority level.