Multilingual online meeting? Lock the doors, turn the key and mind security!
There are many arguments in favour of the new online communication technologies. No travel, no time lost, and the luxury of choosing the language you prefer talking. Our webinar platform with live simultaneous interpretation, Presence Webtalk, is steadily securing its place in this brave new world of online meetings. More and more organisations are finding themselves ready to let go of their two Biggest Fears: data leaks and security breaches.
However, the massive cyberattack that hit big multinationals like TNT and DLA Piper last summer, has reignited the security debate, and the fear of security breaches. Because if large multinationals with dedicated IT departments can get hacked, so can we, right? The question about security understandably pops up every time we present our platform, and we want to take the time to explain how we protect your data. For this post we have taken IT professionals’ technical input, and ‘translated’ it into layman’s terms. Translation is after all our core business.
First, let’s brace ourselves for the security statement of our WebTalk platform. Promise me not to panic on first sight. I in turn promise to help you understand the various technical terms below.
Presence WebTalk is fully encrypted end-to-end with the following specifications:
· Browser web traffic is encrypted with TSL/SSL: 2048-bit RSA key, using AES-CBC with 256-bit key for encryption and HMAC-SHA1 for authentication.
· Browser media traffic (WebRTC) is encrypted with SRTP for secure real-time communication.
Feel free to take a deep breath now, before we move on to explaining the different elements contained in this statement.
1. TSL/SSL: 2048-bit RSA key
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are both frequently referred to as “SSL”. They are cryptographic protocols that provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP). Websites use TLS to secure all communications between their servers and web browsers.
When secured by TLS, connections between a ‘client’ (e.g. a web browser) and a server have one or more of the following properties:
· The connection is private (or secure) because the data are encrypted. The server and client negotiate which encryption algorithm and cryptographic keys to use before the first byte of data is transmitted. This means no attacker can modify the communications without being detected.
· The identity of the communicating parties can be authenticated.
· The connection ensures integrity because each message transmitted includes a message integrity check. A message authentication code prevents undetected loss or alteration of the data during transmission.
2. SSL (Secure Sockets Layer)
SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
3. HMAC-SHA1 for authentication
In cryptography, a keyed-Hash Message Authentication Code (HMAC) is a specific type of message authentication code, involving a cryptographic hash function and a secret cryptographic key. It may be used to simultaneously verify both the data integrity and the authentication of a message.
A cryptographic hash function is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash function). It is designed to be a function which cannot be inverted or decoded.
4. AES-CBC with 256-bit key for encryption
The Advanced Encryption Standard (AES) is also known by its original name Rijndael.
AES is the first and only publicly accessible encryption algorithm approved by the National Security Agency (NSA) for top secret information.
In June 2003, the U.S. Government announced that AES could be used to protect classified information
“256-bit” has to do with SSL. In SSL, the server key is used only to transmit a random 256-bit key (a bunch of bits, really). Roughly speaking, this means that the client application generates a random 256-bit key, encrypts it and sends the result to the server.
WebRTC is a free, open project that provides browsers and mobile applications with Real-Time Communications (RTC) capabilities via simple APIs.
The Secure Real-time Transport Protocol (or SRTP) defines a profile of Real-time Transport Protocol (RTP), intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both one-to-one applications and multicast applications used by a group.
Even in non-technical terms, these security protocols remain hard to grasp. Online security is indeed less ‘hands-on’ than closing the door to lock unwanted participants out. Nonetheless, it is essentially the same thing: participants can only connect if they have received the code to do so, and the virtual meeting room is guarded by encryption and protocols. This means that whatever is said in the virtual room, stays in that room and cannot be overheard by anyone outside of it. And of course, we continuously update our security protocols and apply the latest encryption technologies, to make sure that our Presence WebTalk platform is not only secure now, but remains so in the future.
So, are online meetings 100% leak-free?
Well, there is still the human component to consider. People are the trickiest link in the whole system. This is why we recommend that even when the data protection is as good as it can be from a technical perspective, customers take the time to make sure that their information is also protected by legal tools.
We completely guarantee the confidentiality of the information shared during your Presence WebTalk meeting:
1) As an agency we sign an NDA with your organisation.
2) All our crew members (interpreters, technicians, moderators,…) have signed individual NDAs and a code of ethics where the use of confidential information is strictly defined and regulated.
3) We check that all your meeting participants have signed an NDA with your organisation so that we can remind you that this should also be covered on your end.
If you are interested in knowing more about the technical specifics of our Presence WebTalk platform or if you want to save a lot of cost on live meetings, give us a call or drop us a line.
+352 26 19 60 54