Security Measures – Telephone, Web and Video Conferencing | Peace of Mind
Redback Conferencing is at the forefront of the industry in terms of security for your conferencing services. We use Equinix Sydney IBX Data Centres which are strategically located with close proximity to the Central Business District and access to Southern Cross Cable Head. The Data Centers are ideal for reaching a diverse ecosystem of network, enterprise and cloud companies. Backed by state of the art security, network connectivity and redundant power, Equinix is the ideal location for your co-located equipment. Servers Australia has secured a private suite, only our customers have access to Servers Australia’s racks. The suite is secured by a biometric scanner and our suite is actively monitored internally for camera motion, door status (open/closed) as well as temperature and humidity.
Redback employs a Cisco network infrastructure protected from failure by a multihomed redundant networks and redundant network devices. Cisco firewalls, Intrusion detection devices, and virus detection software protect the data infrastructure. All data is backed up to offsite locations on a daily basis. Web, Application, and Database services are hosted on hybrid cloud infrastructure based on Citrix and Amazon Web Services. Active Directory is used to mange permissions to resources. At the file level NTFS is used to ensure only those authorized to view data can access it. Database access is secured by only allowing limited views of data by the application and web servers and further secured by limiting access to other functions of the database servers by blocking unauthorized access by web and application servers. This is accomplished by deploying the web and application servers within a Demilitarized Zone (DMZ) of the network. All servers in the DMZ are monitored and are limited to the access they are granted to secured servers such as the database server.
Teleconferencing and Web Conferencing
Web Conferencing Users have password protected Online Access to their Library Content (their pre-cached files stored on our Web Servers) 24/7. They are fully in control of exactly what gets stored on the servers and what/when content is permanently removed. Access to that content is controlled by password access and those passwords may be changed at any time by the individual end user that originally uploaded the content. Redback Conferencing offers a complex web conferencing service that is much more than a simple software application running on a computer. Providing Redback Web Conferencing as a SaaS (Software as a Service) entails a large number of modules and processes that form the system. Securing every link of the chain is the challenge to overcome since the entire system is only as secure as its weakest link.
Creating the most locked-down software with 1024-bit encryption would not make it any more secure if the providers’ employees were not trained to protect customers’ passwords. Defining adequate processes is also critical. Imagine customers’ documents such as Microsoft PowerPoint files were to be copied from one server to another. Implementing a procedure that ensures these files follow a path that will never expose them to prying eyes during the transfer is as important as requiring strong password authentication to access conference rooms. Redback Conferencing enforces a variety of strict rules when it comes to processes and has implemented a comprehensive testing and monitoring methodology to ensure their effectiveness. A number of features have been built into the Redback Web Conference platform since its inception to provide full protection for Redback customers and their end-users.
Authentication and Authorisation
One of the most important factors is securing access to web conference rooms. Redback offers different levels of password protection to meet different businessrelated requirements. As an example, a sales and marketing webinar for which you would like to have as many viewers as possible would not require the same level of access restriction as a closed meeting between C level executives of a public company. You can set group passwords, individual passwords as well as temporary passwords for specific events. SSL encryption ensures passwords are never sent in clear through the network. Beyond password protection, Redback provides strong two or three-factor authentication capabilities. Access may be controlled by verifying digital certificates (holding employees’ digital ID including public and private keys) stored on a physical smart card and/or by validating biometric credentials such as fingerprint or retina scan. One of the most practical features also provides a more secure environment and reduces the risk of external intrusions: SSO or Single Sign On is an API (Application Programming Interface) that allows full integration of the Redback Web Conference with your web based members page or with your internal LDAP or Active Directory. By implementing SSO, your attendees would login to your members area (or internal portal) using their usual username and password, then click a button to access your conference room without having to remember yet another password. It provides easier access for your attendees while simplifying user management on your side. Studies show that lower number of passwords to remember inherently leads to more security as users will not expose their passwords in emails, files or even post-it notes. On the other hand, a terminated employee for instance, would no longer be able to enter your conference rooms as soon as you cut his/her access to your members/employee portal. Faithful to the “Technology, Process, People” methodology, we have also put in place strict rules for our employees not to provide any passwords online or on the phone. In fact, Redback employees do not see any passwords in clear as they are encrypted in our databases. This brings us to database protection.
There are two different angles to consider when it comes to database protection: data stealing and data loss. Protection against hackers trying to compromise databases is a serious threat against which Redback employs the latest techniques to prevent unwanted access. Additionally, Redback uses data encryption for sensitive information and never stores end-users credit card information. Data loss can result not only from malicious attacks, but from inadequate processes in the software or from human error. Redback uses advanced, secure and frequent backups to ensure the integrity of customer data.
Eavesdropping on web conference sessions by listening to the audio, reading chat messages or viewing the live or recorded media can be considered as fundamental threats to any web conference session. Although direct access to a room might be protected, there may be ways to eavesdrop on the network without being actually inside the virtual room. Redback employs 128-bit SSL encryption for secure rooms in all client-to-server or server-to-server communications including but not limited to chat, voice, video, application sharing, PowerPoint content and file sharing.
If communication channels were protected without restricting access to voice and content servers, we would only be shifting the weak link. Redback servers are hosted locally in environments with the ultimate physical and logical security. These facilities are secured by onsite staff and under video surveillance 24 hours a day x 365 days a year. To enter the facilities you must be pre-screened by live security personnel, provide photo ID, sign the Security Register and use a unique magnetic pass card to enter For customers requiring an extra level of security, dedicated servers are used for heightened security and performance.
While we have taken extra measures to ensure the highest level of protection for our customers, we understand that security is an ongoing endeavour and requires daily efforts to maintain and enhance the protection level. Redback Conferencing has made a choice to focus on high quality and custom web conferencing. This means that we will work closely with our customers to adapt our solutions to their needs.