The use of high-definition video conferencing is an area of growth for many federal agencies. With an increasing emphasis on budget-cutting and belt-tightening, federal executives have embraced the new technologies to help realize savings and boost productivity. Video conferencing, cloud computing, and teleworking are just some of the ways that federal agencies are taking advantage of technology to meet the demands of the changing work environment.
However, security still remains one of the major concerns for government executives charged with incorporating the new technology into the federal workspace. Since many agencies handle classified data, there is a need to ensure that the data remains secure and that privacy issues are addressed. Cloud computing and video conferencing offers new challenges in the security arena.
There are certain requirements that must be implemented when data storage is handled by cloud services. Providers of cloud services will have to ensure that the different components are handled securely. This data must be maintained in a data center located in the United States. Administrators granted authority to access records for a given deployment should have sole access to the data.
Secure video conferencing has several facets that should be incorporated into any plan to use the technology. How the calls are placed and how voice systems establish connections are key parameters that require secure storage. Other areas of consideration are firewall traversal, registering Session Initiation Protocol (SIP); optimizing relay functionality; and the manner in which the Multi-party control unit (MCU) will be implemented.
Firewall traversal is a crucial component in ensuring that networks are secure and that video conferencing is not vulnerable to outside attacks. It allows the interaction between remote locations and local users that are onsite. In order for peer-to-peer calls to work in a deeply-secured firewall, a relay function must perform its role and permit the interchange of media and signaling.
The MCU serves as a traffic cop that helps to combine multiple video streams into one stream that transmits the information during the call. Multiple feeds of video from different parties are combined, then reduced down to a stream that can be sent to the appropriate user. This information is encrypted to ensure that it is secured and only the intended parties receive the data. Encryption is implemented on all aspects of the voice and video calls once a video connection is made.
These are the minimum standards that are vital to ensuring that federal data is adequately secured when using cloud-based video conferencing:
Advanced Encryption Standard (AES) - Developed in 2002, by the National Institute of Standards and Technology (NIST), AES consists of three block ciphers that are used to sufficiently secure classified data. The ciphers may use a 128-bit, 192-bit or 256-bit key. The U.S. Government adopted the standard in 2003 and it has since become a global standard. Many financial institutions and large retailers use this standard.
Triple-DES (DES3) - This is an encryption standard that uses an algorithm to secure each block of data. It uses 112-bit key to encrypt the data.
Government agencies and military installations have special needs when it comes to security. The standards that apply to these entities are;
Federal Information Processing Standards (FIPS) - This encryption standard is based on other standards such as ANSI, ISO and IEEE. They are used by non-military federal agencies and contractors used by the government.
Joint Interoperability Test Command (JITC) - This standard uses a variety of testing and certification services to aid in the acquisition process used to support global war fighting. Cloud-based videoconferencing has not been implemented in this area yet.
Whether most federal agencies will embrace cloud-based video conferencing is yet to be seen. While convenient, the concerns about security will continue to be the main factor limiting the full implementation of cloud-based video conferencing by many federal agencies.
Click here to find out more about video conferencing.
No comments:
Post a Comment