Ten to fifteen years ago, the products and services on the corporate network were well-defined, controlled, and kept secure by the IT department. For the past five years or more, a myriad of AV over IP control systems, appliances, and devices, coupled with Bring Your Own Device, had IT directors attempting to standardize on devices, software, and platforms to mitigate security risks.
Today, the demands of the new hybrid office with an increasingly mobile workforce accessing the network, as well as the explosion of video conferencing and other cloud solutions, is placing the enterprise network at a greater risk than ever.
We recently discussed how companies could mitigate cybersecurity risks in today’s meeting room with Barco’s product security architect, David Martens.
As the hybrid office is becoming the norm, so too are video conference meetings in nearly every workspace. Solutions that enable collaboration must be easy to use and secure.
When employees access content from the enterprise network and use screen sharing via a cloud platform to share with remote participants, they are most often unaware they could be creating a security vulnerability. Whether data is being shared locally or via the cloud, it should be continuously secured and encrypted, and user authentication and authorization should be in place.
But it’s not enough to take precautions to ensure internal data and network security; it’s critical to know that you can trust that the manufacturers of devices and cloud solutions being used are also serious about security.
Secure by Design
Martens explained that when developing new products, security needs to be thought of at the beginning of the process. In the case of embedded devices, it could be impossible to mitigate risk once the product has deployed because there is a link with the hardware. It’s essential to think about abuse cases and scenarios and mitigate them during the design and implementation.
For this reason, Barco uses the ISO/IEC 27001:2013 standard, which covers the full product life cycle. It is in place during the design, implementation, and testing process—defining secure-by-design. The standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization.
ISO 27001 is the most comprehensive program for information security standard that addresses:
Organization: Have clear information security objectives been defined in the organization, and is a structured framework in place to report status back to management?
People: How aware is the organization’s staff of their role in preventing and reducing cyber threats—whether handling sensitive data or understanding how to spot phishing emails?
Processes: What roles, documentation, and processes does the organization have in place to mitigate cyber security risks?
Infrastructure: How are IT assets managed? Is access control well-managed by the organization?
For Barco ClickShare to receive ISO 27001 certification for its overall security management in January 2019, Barco was submitted to a third-party audit to ensure that all processes were in place and followed related to development, sales, deployment, and support of ClickShare. The audit examined everything from information security management in the development processes to checking physical security aspects like badging and door procedures. The security controls were implemented based on an extensive risk assessment.
ISO 27001 audits are run every year—enabling Barco to work on continuous improvement and keep ClickShare as safe as possible for all its users based on the latest evolutions in cyber security.
Ease of Use, and Peace(?) of Mind
The most crucial feature of ClickShare is that it's easy to use and to share content. With ClickShare Conference, the capability to connect video, speakers, and a microphone is added to extend the local meeting room experience to remote participants.
It's important to remember that no matter what system is used, content has to be securely managed. Equally important is having trust that the cloud conferencing platform has the right security controls in place to share content to remote participants.
Even though ClickShare is a physical device, Barco has put all relevant security controls in place to protect the firmware on the device and to prevent anyone that is capable of disturbing the shared content.
Barco is building trust and confidence that using ClickShare is and will continue to be a secure option.