A New York Times technology article asserts that many video conferencing systems are open, and that unauthorized users can drop in undetected because the systems are on public IPs and are set to autoanswer. We should begin by pointing out that the article is wildly alarmist regarding the liklihood of a silent snooper entering your board room undetected, but it does highlight a key difference between VeaMea's model of secure collaboration and most traditional videoconferencing vendors.
The traditional model (in our admittedly biased view) includes a lot of expensive hardware, is set up on a public IP address, and is set to auto answer because few users run video calls often enough for it to become second nature. This creates a vicious cycle of less use, less experience, less desire to use...thus a dedicated person, or service, is often hired to make sure all the calls happen, with the correct participants being called.
What the Times misses is that all major vendors offer many layers of security and allow you to lock down the room, or individual parts of the system, put it behind a firewall, have a separate gatekeeper box, etc. What traditional videoconferencing vendors "miss" is that all of that adds cost and complexity that make the communication network harder to manage and harder to train users to operate. If you go beyond simple audio and video to include desktop sharing, or any other collaboration feature, there are separate "plug-in" tools that run on different hardware, with a different environment, different connections, etc. Dilbert might say that the evil videoconferencing vendors seek to profit from a "Confusopoly."
How is VeaMea's model different?
In a VeaMea environment, users (people, not IP numbers) are registered on the system. They can log in directly, or be authenticated through an organization's existing directory systems like Microsoft's Active Directory. Those people appear in a buddy list (we call it a presence window) just like Skype, AIM, MSN Messenger, etc.
When you want to call someone, you check in the presence window to see if they are online and available, click on them and press the call button. Since all users register with the server through an encrypted channel before being "present" and available to call, interlopers would need not only the server address, but login credentials.
Since calls go from registered user to registered user over standard http and https ports, firewall traversal is simple. All data flows are encrypted with AES 256 keys (a fresh key for each meeting) for security against true hacking, rather than the "prank call" methodology described in the Times article. You can also pull our server behind a firewall with a secure channel to a paired public server, so you have highly secure internal communication yet retain the ability to reach external contacts as needed.
You can dial OUT from VeaMea to a traditional videoconferencing system or a SIP phone system through a gateway, or send an email link for a one-off video meeting (the recipient downloads our software client, establishes a secure connection with our server, and the call auto-initiates).
So no one can accidentally, or purposefully, dial IN to a VeaMea system. Those in the system can pull outside destinations in when it makes sense. If they WERE able to dial in, the system rings and does not auto-answer (it can be set to do so if desired), and when it does answer there is no doubt that a call has been initiated as the operating system/desktop vanishes and our immersive conferencing environment appears complete with near-end and far end videos.
But the larger points are these:
- VeaMea is a unified interface that people use DAILY for chat, audio, video, desktop sharing, whiteboard sharing and more
- It is the same interface in the boardroom as on the desktop so users quickly get the hang of it and know what they are doing whether at their desks, running a board meeting or on the road using 3G
There have been more than a few responses from video conferencing industry vendors and professionals to the Times piece. You can read a few more here.
To see if VeaMea is the right solution for you, click below:
(for the moment) Clouds won the philosophical discussion about whether software applications should reside in a centrally managed source that people connect to, or on zillions of devices scattered around the organization and around the world.
Conceptually, the original IBM Mainframes have won, as they were the epitome of a brain in the center with "light clients" (it is no longer acceptable to call a terminal "dumb"!) connecting to it. Though a lot has changed in what the brain, the clients and the network look like over the last 40 years.
In retrospect the decision seems obvious. Of course you would want the control and security of central mangement, freedom from the hassle of figuring out how to install and update and manage the user experience across tens or tens of thousands of endpoints.
But this model brings with it two giant potential failure points:
- The Network
- The Cloud
Networks have become dramatically faster, more reliable and easier to manage over the years. Self-healing, error correcting, intrusion detecting, and highly reliable. The question when migrating to a cloud becomes do you have sufficient bandwidth in the network to allow the number of users you want, to use the applications you want?
One client told us about a video deployment they had tried with another vendor which had gone out of control. Everyone had access to video, and used it, and brought the network to standstill. VeaMea includes management controls that allow you to set levels of privileges, by user, user group and by domain so you can plan for, and control, the rollout and utilization of network capacity.
The other option is to let the network "throttle" traffic of different types. For many applications, the delays would go unnoticed, but for real-time communication applications like video collaboration, even small delays are not only noticed, but significantly detract from the user's perception of the quality. Our eyes and ears are remarkably adept at discerning changes, flickers, crackles, and drops.
There has been plenty written about the recent cloud outages from Amazon and other service providers. A similar danger is present for private clouds, intranets, extranets, eCommerce-nets, EDI and other integrated systems. Any time we place our faith in a system to be there when we need it, we need to plan for what happens when it isn't there, and how to minimize the amount of time it is unavailable.
Solid planning and execution of strategies for redundancy, failover and load balancing should mitigate the risk that a Cloud will simply evaporate, but having a centralized brain does present a level of risk that is greater than a distributed processing model.
As technology marches forward, there will undoubtedly be continuing tension along a number of battle lines such as autonomy vs. control, flexibility vs. standardization and "consumerized" vs. "business grade."
The right answer will differ based on the needs, skills and capabilities of each organization.
My instinct is that the trend will be toward consumer grade products that are more "enterprise ready" (perhaps I should trademark that!), so that when you bring your iPad or Dell Laptop to the office, it will be able to quickly and easily "assimilate" in a corporate network.
The network, security and data transport layers will be driven by enterprise standards, while the user presentation layers will be driven by consumer-grade standards rather than the clunky stuff enterprise users are often forced to wrestle with today.
A vendor we met recently reported that despite all the buzz about iPad use among physicians (some reports say up to 27% already own one), they are not likely to be usable as clinical tools.
The Pros are obvious:
- Doctor's have them
- They are easy to use
- Easy to transport
- Very flexible
- With each new version they are gaining in processing power
But the CONs are not trivial:
- Patient data (protected health information) might accidentally go home with the doctor and be viewed by someone who picks it up to play Angry Birds
- Not part of the hospital's security architecture
- Not FDA approved as a "medical device" so despite the ability to USB medical instruments, it would violate standards
- Open ports and slots for germs to hide in and be transferred
- If you apply typical hospital grade cleaning products to an iPad, it melts
VeaMea has not yet melted an iPad to test this statement, but it came from a pretty reliable source.
Let us know if you have any experience that would prove this wrong.