Most enterprises have strict guidelines around document and email management but lack the same type of security and privacy controls for cloud-based real-time communications platforms. With most meetings using a UCaaS platform and being recorded and transcribed, enterprises need to ensure the appropriate levels of security and privacy controls are in place. What you say and share with whom is being captured, and sometimes, that information is being leaked outside of the enterprise.
To find out which provider handles these concerns the best, I recently evaluated Cisco Webex, Microsoft Teams, and Zoom in seven categories with 50 sub-criteria points on UCaaS security and privacy. The categories were:
- Secure virtual meetings: Granular administrator, host, and participant security and privacy controls
- Data residency and privacy: Ability to geo-fence all content and meta-data for virtual meetings
- End-to-end encryption (E2EE): Encrypting every virtual meeting with a unique key across all channels between all end-user participants
- Identity and access management integration: Including multi-factor authentication and secure dial-in access
- Data loss prevention: Content tagging and classification with eDiscovery, retention, search controls
- Operational: Monitoring and managing security risks, including malware insertion and user behavior
- Certifications: FedRAMP, GDPR, CCPA, and EDPS
Cisco Webex is the only major UCaaS platform that met the criteria of providing ultra-secure communication and collaboration, and it had the most security and privacy controls. Some highlights include:
- Control Hub: Operational control for enterprise administers to control security and privacy, including data residency
- Best met the 50 criteria: E2EE, geo-fencing of content and metadata, and certifications such as EDPS approval
Microsoft does a very good job of content security and privacy, but it lacks some critical real-time voice/video communication features, including:
- No E2EE: E2EE protects the meetings from malicious actors seeing or hearing the content of the meeting.
- No geofencing of PII or metadata: The conferencing metadata includes the participants, their email and phone number, time/date, and duration of the meeting, etc., which is all then sent back to the U.S.
Zoom is in the process of settling a class-action lawsuit for 85 million dollars for sharing certain user information with third parties, and it failed to prevent unwanted meeting disruptions, according to
TechRadar. Zoom is investing heavily in security and privacy and has rectified most of its gaps.
Enterprises need to include security and privacy controls when selecting a UCaaS platform. UCaaS security and privacy will continue to evolve, but one thing is for sure, that requirements will only get stricter. For instance, some enterprises are now mandating that all video conferences participants have a corporate-approved background turned on. At
Enterprise Connect in March, I will be hosting a session on
UC Privacy: Where are the New Pitfalls.
