How Web Conferencing Security Works

Network Security for Web Conferencing

Confidential information needs to be encrypted to keep it out of the wrong hands.
Confidential information needs to be encrypted to keep it out of the wrong hands.
Photo courtesy State of Tennessee

During a Web conference, data is temporarily stored on a shared Internet server. The primary risk of Web conferencing is the possibility that this data will leak beyond the realm of the conference and become accessible to hostile parties.

That's why measures such as Secure Socket Layer (SSL) encryption, non-persistent data flow and intrusion control are essential to protecting data transmitted during a Web conference. Using this three-pronged approach dramatically minimizes the likelihood of an information leak.

First, the data itself is encrypted with SSL technology, ensuring that it'll be unreadable by anyone other than the intended recipients should it fall into the wrong hands.

To prevent its falling into the wrong hands in the first place, the encrypted data can be placed in a constant state of migration, or switching, from the conference host's computer to the attendees' computers, rather than being persistently stored on one server. This non-persistent data transfer is similar to a telephone network, where data originates on the network but doesn't remain there [source: WebEx].

Finally, intrusion control works like a security guard with his search light, who constantly scans the network for non-authorized users and denies access to these users by shutting down a transfer port.

More than a dozen companies currently provide Web-conference-hosting services. While each company has its own version of a security architecture, they have more commonalities than they do differences.

It's standard in the Web-conferencing industry to view security architecture as a stack that has user controls on the top and data storage on the bottom, with meeting controls in the middle. Here's how WebEx, a leading provider of Web conferencing services, models its security architecture:

  • Site Security
  • Meeting Security
  • Network Security
  • Physical Security
  • Third-party audits.

[source: WebEx]

Microsoft's Live Meeting illustrates its security model as a building with three vertical pillars of equal value:

  • Access Controls
  • Content Storage
  • Data Transmission

Next, we'll give you some tips on ensuring security during Web conferences.