Monday, December 6, 2010

FIPS 140-2 Level 1 CERTIFIED Web-Based Video Conferencing Is Here!

A FIPS 140-2, Level 1 CERTIFIED web-based video conferencing tool is available for use with a laptop or a desktop, with a simple webcam, and can be used anywhere in the world? Absolutely!

There are so many web-based conferencing vendors entering the field today, that it is becoming more and more difficult to determine what differentiates one from the rest of the pack.

Security should be at the very core of the selection of any video conferencing system. As with any installation that requires some level of security, you can easily begin your search by choosing from products that have met the strict standards set forth by NIST for FIPS 140-2, Level 1 Certification. If a vendor has not done so, they will talk a great deal about their Compliance to the FIPS standards and attempt to assure you that this is "good enough" for your organization.

Some of the assurances will revolve around security passwords and privileges based on the role(s) of a presenter and/or attendee(s). Others will revolve around the use of 128 Bit SSL encryption. In truth, this alone, does not provide true end-to-end encryption. SSL takes the user’s web browser and creates a secure line of communication to the web conference vendor’s web server, thus using SSL to verify the log-on credentials, only. Once the user has been verified, communication should then be accepted by the vendor’s own software to begin its own transmission of data at 1024 Bit AES Encryption.

The real question then becomes whether or not compliance, versus actual certification, meets the standards of your organization. Additionally, if compliance is acceptable today, are you prepared to switch out your web conferencing vendor, if your organization/client eventually requires a FIPS 140-2, Level 1 CERTIFIED web conferencing tool? Will you have the manpower and the budget to support that effort?

If a web-based conferencing tool is available that has met the FIPS stringent requirements for CERTIFICATION, is highly affordable with unlimited usage per month, feature rich, and is easily installed with a single download.....why not give that product your most serious consideration?

BTW, Some vendors provide end-to-end security only on certain products in their family of products, such as their “on premises” solution. Regardless of how long your current web based conferencing system has been in place, it pays to continue to probe your vendor about the security of the product you actually have installed in your organization!

(Reprinted from http://www.govloop.com/)