Convenient video conferencing does not have to mean compromising security

Videoconferencing tools have played a vital role in keeping workers safe during the COVID-19 crisis, but they have not always performed well when it comes to securing the information they carry.

With the COVID-19 crisis forcing the closure of many offices, the world has witnessed a massive increase in people working from remote locations.

This has driven the rapid adoption of digital collaboration tools to help workers stay connected and productive, with the research website App Annie finding global downloads of videoconferencing apps hit 62 million during just one week in March -- a 90% increase on pre-COVID weekly averages.

And with social distancing likely to remain in place for the foreseeable future, videoconferencing will continue to play an important role in workers' lives.

But this rapid adoption has often seen tools being chosen based primarily on their cost and convenience.

According to the chief executive officer of the Australian communication and collaboration software company DekkoSecure, Jacqui Nelson, now is the time for organisations to consider how well these tools are securing the sensitive communications they carry.


"Prior to COVID, not enough people spent time thinking about the inherent risks in videoconferencing," Nelson says.

"All of a sudden now we are sharing a lot of really sensitive stuff on videoconferencing in meetings and presentations when we have no visibility of what can be happening with it."

Nelson says that while many platforms offer encryption, they might only encrypt data travelling between the media server and the users' devices, meaning the provider can still access the content of meetings on the server. Also, existing methods for inviting and verifying attendees can introduce risk through human complacency, such as the reuse of credentials and the opportunity for their interception by unauthorised parties.

Her company's DekkoLynx videoconferencing platform resolves these problems by providing full end-to-end encryption managed by a cloud-hosted service. When a host creates a meeting unique keys are generated and exchanged with authorised participants automatically, circumventing the need to send meeting invitations that include log-in credentials. And because encryption keys are exchanged between participants only, this eliminates the ability for someone to eavesdrop on the session at the media server.

Strict authentication and authorisation controls can be set by default, and the use of unique keys prevents participants joining subsequent sessions using the same credentials. Only a meeting organiser can add or remove people from the conference, and should they decide to remove a participant, their key is instantly invalidated.

Nelson says these attributes eliminate many of the human-driven risks in videoconferencing and enable DekkoLynx to offer full end-to-end security.

"We always start with security as a basis and then build tools that enhance productivity," Nelson says. "It is all about eliminating risk, and you can only do that by using tools that are secure by design."

Also, she says the use of industry-leading encryption protocols in combination with modern open web technology ensures that the encryption and decryption process has no discernible impact on the latency or quality of communication.

As DekkoLynx is hosted in Australia on both Microsoft Azure and high resiliency Oracle cloud infrastructure, data remains resident in Australia.

Dekko's solutions engineer Alex Lyons adds that because DekkoLynx is accessed entirely from within a browser there is no need to download a dedicated application. This eliminates the need for organisations to test and approve the use of an app and eliminates the risk of malware being installed on end points.

"And because DekkoLynx is a totally managed cloud service, it only takes a couple of minutes to be ready for a customer to use it," says Lyons. "And for organisations, it places all of that sensitive content and information on a system that is completely separate to what they are running themselves internally."

Lyons says this not only alleviates any burden on the organisation's IT systems, but also eliminates the possibility of local staff compromising its security.

DekkoLynx was developed in conjunction with clients in the law enforcement and legal sectors, and Dekko also elected to have the platform independently assessed by the verification and validation services company Enex TestLab. Chairman and managing director of Enex, Matt Tett, says this is a welcome sign of the company's confidence in its technology.

"With management meetings and board meetings, you want to make sure you have a system like that in place," says Tett.

Nelson says DekkoLynx also incorporates much of the functionality of popular videoconferencing applications, including screen sharing, group and private chat, and has now developed additional and critical functionality in recording, which makes DekkoLynx the first platform that has built end-to end encrypted videoconference recording.

"DekkoLynx makes sophisticated communication security simple to use and universally accessible. " Nelson says.