Shonan Noronha, EdD of Sound & Communications, “asked professionals in various roles within the AV industry to share their insights on protecting corporate and institutional end users from data theft, interruption of service and other intrusions”. SM&W’s Associate Principal of Unified Communications & Corporate Market Leader, Mark Peterson gives his response below.
Patching a security threat preempts all other research and development in an enterprise. Timely closure to open-SSL bugs like Heartbleed is challenging for network and, now, AV engineers. Additionally, manufacturers rushing to release security fixes often overlook product bugs, forcing AV/IT managers to implement versions that impact the end-user experience.
In the enterprise environment, privacy concerns do not stop at the firewall. Inverse-Risk Law applies: For every increase in information sharing, there is an equal and opposite impact to security vulnerability. Any networked device that allows personal interaction is a risk. All devices should support external authentication and single sign-on (SSO), and logging must be captured for all activities.
Just because a device can be secured does not mean that it will meet a company’s compliance concerns, such as recording and archiving. Before being added onto the enterprise network, hardware and software alike must be vetted in a lab space, with rigorous security evaluation between the product engineers and security professionals who know the types of questions to ask about a vendor’s architecture.
Getting an appliance or software approved to run on a network is a 60-day process at best. When product models change, the evaluation repeats. The fewer changes to the network components the manufacturers make, the easier it will be to get through the network acceptance again.
We need to see SSO integrated into all AV/IT systems. Many devices require username/password for admin access, but neither using generic accounts nor maintaining a password list is secure. All devices should integrate with Active Directory or Lightweight Directory Access Protocol (LDAP).
Authentication concerns are not limited to administration. Multipoint bridges provide interoperability between traditional videoconferencing and Skype for Business, but sharing content with an anonymous user in a conference room breaks the barrier of an authenticated desktop, even if the company intended to restrict access by using an employee’s credentials.
When enterprises are able resolve the challenges around guest user accounts, the bright side to authentication is a customized experience and increased productivity. Consistency across all types of conference systems and collaboration technologies is achievable. Control systems can be predictive, and metrics become much more relevant for workplace strategic planning.
To read the full article visit Viewpoint in Sound & Communications.
