Project: Secure Videoconferencing Communications
Question: You have been appointed the deputy chief information security officer at one of the subsidiaries of the media company you work for. As the company continues to expand geographically, the CEO wants to manage travel costs by using real-time low cost commercial video conferencing systems for meetings and collaboration. However, such systems come with security issues.
There have been disturbing reports of malicious actors stealing emails, videos, and sensitive data from other media companies. The company’s chief information officer, or CIO, and chief technology officer, or CTO, say that video conferencing systems will integrate with the current enterprise networks. But they did not assess system options.
They, along with the chief information security officer, or CISO, have asked you to recommend a modernization strategy for the company’s video conferencing while maintaining the security of the sensitive information discussed by the users. Business communications between subject matter experts, engineers, and executive leaders must be protected. Your task is to provide a proposal for a secure video conferencing system.
You need to analyze the features of three videoconferencing systems and provide an overview of each system. After you complete the overview of the systems, you’ll recommend a system which best meets the business functionality and security requirements. You will also prepare a set of high-level executive briefing slides to give the CEO and CIO an overview of your study. Your study and recommendation will be critical to the company’s success.
- Executive briefing: This is a 10- to 15-slide visual narrated presentation for business executives and board members. Limit of 15 minutes of narration/total length.
Step 1: Develop Functional Requirements for Videoconferencing
The first step in your proposal for a secure videoconferencing system is to develop a set of functional requirements for videoconferencing that you believe the media company will need based on its geographic dispersion and business needs.
In developing those requirements, research three videoconferencing solutions such as Zoom, Skype, GotoMeeting, Polycom, and Cisco WebEx and explain their capabilities, advantages, and disadvantages. Identify costs as well as implementation and support requirements.
The functional requirements and the three possible solutions will be a section of your proposal. In the next step, you will review the challenges of implementing those solutions.
Step 2: Discuss Implementation Challenges
In the previous step, you outlined the requirements for secure videoconferencing for the company and outlined three potential solutions. Part of your final proposal should also include the advantages and disadvantages of the implementation options for the three systems you selected. This section of the proposal also must include the changes the media company will need to make to implement the systems.
Additionally, explain how system administration or privileged identity management will operate with these systems. You will also need to examine how data exfiltration will occur with each of the new systems.
The changes to the systems and challenges for the implementation of these potential solutions will be an important section of your proposal. In the next step, you will take a closer look at each of the potential videoconferencing vendors.
Step 3: Identify Vendor Risks
You’ve finished outlining the pros and cons of three videoconferencing systems. Now, it’s time to take a close look at how they serve their clients. This will take some research. Look at the systems’ known vulnerabilities and exploits. Examine and explain the past history of each vendor with normal notification timelines, release of patches, or work-arounds (solutions within the system without using a patch). Your goal is to know the timeliness of response with each company in helping customers stay secure.
This step will be a section of your proposal.
In the next step, you will outline best practices for secure videoconferencing that will be part of your overall proposal.
Step 4: Develop Best Practices for Secure Videoconferencing
The last few steps have been devoted to analyzing potential videoconferencing solutions. But obtaining a trusted vendor is just part of the security efforts. Another important step is to ensure that users and system administrators conduct the company’s videoconferencing in a secure manner. In this step, outline security best practices for videoconferencing that you would like users and systems administrators to follow. Discuss how these best practices will improve security and minimize risks of data exfiltration as well as snooping.
This “best practices” section will be part of the overall proposal.
In the next step, you will develop system integrity checks within a virtual lab environment.