End-to-End Encryption & How it Works in Video Conferencing

by in Tech Notes, WebRTC

Used across multiple communication platforms, end-to-end encryption has a reputation as the measure of security when cybersecurity really matters. But to really understand its importance in the modern workplace, let’s dive into what end-to-end encryption really means and how it factors into video conferencing.

What is end-to-end encryption?

End-to-end encryption (E2EE) is a system of secure communication between users that blocks third-parties from reading the messages. Data that is end-to-end encrypted ensures privacy between sender and recipient, mitigating risk and protecting sensitive data.

Online meetings that are end-to-end encrypted can only be accessed by the active participants, mitigating risk and protecting sensitive information from being publicized.

But really, why is end-to-end encryption important?

When it comes to digital packet transfer, end-to-end encryption is necessary for protecting your and your business’ privacy in a secure way. From internet service providers to application service providers and even the most complex hackers, encryption keys ensure that no one will snoop on your personal conversations. Here are a few reasons businesses value end-to-end encryption:

1. Earn trust from clients and partners

Data security is essential when it comes to protecting private information of customers and partners. While sharing credit card information and mailing addresses are common in email and messaging communications, intellectual property and proprietary product discussions are just as common via video conferencing. Associating your brand with poor security practices, breaches and vulnerabilities can create hesitancies in your partners’ and clients’ willingness to do business with you.

2. Protect sensitive information 

While consumer-based video chatting apps deal in day-to-day personal experiences, some of which can be quite private or embarrassing, business-critical communications are oftentimes centered around trade secrets, product and patent details and personnel records, and can have serious legal ramifications in the wrong hands. The increased sensitivity of the information is reason enough to prioritize cyber-security and end-to-end encrypted solutions.

3. Protect against cybercrime

The cybercrime protection market is expected to reach $6 trillion in the next three years. The damages incurred from a serious security breach are much more than just a bad round of press. Cyber insurance isn’t a multitrillion dollar industry for nothing. E2EE protects your information from big hacks and because video conferences are point in time events, they further reduce risk.

Types of communication where you can find E2EE 

All communication types introduce varying levels of risk. A face-to-face meeting can be recorded without consent, phone lines can be tapped with a $20 device, and insecure online communications have been confirmed to introduce vulnerabilities to embedded device cameras. Here are some common communication platforms where E2EE can help you stay secure. 

1. Email

Email is a common place to exchange private data. From social security numbers to home addresses, email accounts are high on the list for hacks and information leaks. Email providers that offer end-to-end encryption restrict access to only those who were a part of the original message transfer.

2. Messaging platforms

Like email, chat messaging platforms are vulnerable to malware and can benefit from the added security of end-to-end encryption. This ensures that only the sender and receiver can access sent messages, and not the bad guys. 

3. Video conferencing

Businesses that standardize on video-first communication use video conferencing to conduct their online meetings. End-to-end encryption can be implemented for all parties in a video conference to ensure that only parties present can send and receive data.

How does end-to-end encryption work in video conferencing?

Security is an important consideration when partnering with any technology vendor. Our recommendation is to prioritize your active in-flight video calls and at-rest recordings with a heightened level of data security, just as you would with a cloud record keeping or file sharing technology.

Security of foundation and architecture

Lifesize operates a shared security model with Amazon Web Services (AWS) data centers to leverage third-party security and privacy certifications such as SOC and ISO27001. Lifesize has chosen to use AWS, the premier public cloud offering, and to focus on optimizing our operational efforts around a single solution implementation and not a colocation or hybrid solution. 

Security of operation

The Lifesize production service operates separately and independently from the Lifesize corporate IT environment. The systems used for source control, build and continuous integration (CI) and the staging environment for quality assurance (QA) are each also maintained in separate independent environments. Read more about our processes and controls for source code management.

Security of conference room solutions and endpoints

Conference room camera security is prioritized in every solution we build. Our systems are engineered exclusively for video communications as opposed to component-based kits with general operating systems. The closed-box design does not allow others to use and/or add unsupported or malicious software.

Security of video calling

The Lifesize service, room systems and client software provide secure and encrypted video, audio, presentation (media) and call setup (signaling) in every call end to end. Encryption cannot be disabled by either administrator or user. All calls are encrypted with no trade-off in quality. By standardizing on WebRTC, encryption is a mandatory component and applies to both signaling (via DTLS) and media (via SRTP/AES-128).

Security of audio calling

The Lifesize cloud-based solution offers a dial-in audio conferencing capability (as an optional service) delivered in partnership with industry-leading providers, enabling PSTN-to-VoIP connectivity with dedicated routes directly to the Lifesize infrastructure. Audio calls originating from the PSTN dialed toward the Lifesize cloud-based service will remain unencrypted, similar to other voice conferencing services. 

Security of authentication 

 Lifesize supports single sign-on (SSO), and it is offered as an additional option for customers. SSO allows you to extend your own password retention, complexity and controls consistently to Lifesize. SSO also allows you to control which users have access to your Lifesize cloud-based subscription and which do not. More importantly, when using SSO with Lifesize, Lifesize authentication will occur directly between your users and your identity provider (IdP). Learn more about Lifesize SSO.

Lifesize Trust Center

For a complete overview of Lifesize privacy resources and collateral covering our availability, security, privacy, certifications and GDPR compliance, please visit the Lifesize Trust Center.

Conclusion

Whether you’re researching video conferencing for the first time or reevaluating vendors for the next phase of your conferencing and collaboration solution, security should always be a high priority component of your search. With the best security practices built into every element of the Lifesize solution and specialized features like one-time virtual meeting rooms and password protected meetings, Lifesize delivers on best-in-class quality for teams that are serious about security.