Accreditations may seem like promotional mechanisms that appear on a vendor’s marketing material, but think again and take a closer look. As data compliance impacts organisations, enterprise leaders need to take vendors more seriously when standardising on videoconferencing solutions.
Data protection is the bastion of business compliance. New privacy laws and international legislation have changed the way we all view personal identifiable information (PII). GDPR dictates that organisations must implement robust data security controls across all aspects of the business to avoid vulnerable areas being exploited by cybercriminals.
While videoconferencing systems may not have been the most obvious target for hackers in the past, this has perhaps generated a false sense of security among enterprises.
Heightened risk
The risk posed by videoconferencing solutions to enterprise cybersecurity is heightened by the architecture of many providers, which rely on laptops in meeting rooms. Not only is this far from the most effective way to support meetings, but it puts an additional cybersecurity and management burden on enterprise IT departments. Furthermore, videoconferencing providers that use third-party servers may expose sensitive company data to potential vulnerabilities in their supplier’s infrastructure, introducing further risk into the network.
“Vendors who achieve ISO 27001 certification demonstrate their commitment to the highest operational standards”
So, why should videoconferencing vendors have ISO 27001 today? Vendors who achieve ISO 27001 certification demonstrate their commitment to the highest operational standards encompassing people, processes, suppliers and IT systems. Videoconferencing solutions that achieve this standard enable businesses to be more productive, reduce IT burdens, and give business and IT leaders peace of mind when users can experience intuitive real-time communications. However, a global video communications network entirely owned and managed by the vendor provides a powerful, reliable platform without reliance on any third-party infrastructure for core services, which means the vendor is in a unique position to rapidly respond to users and continually evolve their service seamlessly to meet their demands.
Multiple data centres within each jurisdiction ensure data is stored with geographical redundancy, which signifies customers are always hosted in their designated jurisdiction, where all their PII is stored. In the event of a major outage, customers are migrated to an alternative data centre within the same jurisdiction.
Best practices
While there is no binding regulation that stipulates that vendors must be ISO 27001 certified, it is a clear indication that they have the best practices for information security management system and controls through effective risk management. Essentially, every element of a company’s operations must be optimised for security and reliability, from the architecture of its own technology to every employee’s expertise and the services they take from suppliers.
As large enterprises progress to standardising on videoconferencing and collaboration platforms, any disruption in service could have a serious impact on business activities and services. No AV or IT manager wants to take a call from the CEO when the videoconferencing technology fails to work. However, the one call that no one wants to answer is “why have we had a data breach?”
ISO 27001 may not immediately jump out as the most important consideration when enterprises consider purchasing videoconferencing systems, but it absolutely should be a factor in their decision-making. With videoconferencing playing an increasingly important role in workforce collaboration and ever-tightening regulations around data protection, the ISO 27001 certification should be top criteria to reassure AV buyers that their chosen videoconferencing solution will provide the business with the highest levels of security and reliability.
