How Vidyo protects your video communication
How Vidyo protects your video communication
Secure by Design
Security starts with sound processes. Vidyo maintains an information security governance policy that controls the way the confidentiality, integrity, and availability of information is handled, thereby preventing misuse and malicious damage that could impact Vidyo operations and ultimately our customers and partners.
For healthcare organizations, VidyoConnect is fully HIPAA compliant. Vidyo does not store or access protected health information (PHI) of users of our healthcare cloud services, and will sign HIPAA-compliant business associate agreements.
As an enterprise-class video meeting solution, VidyoConnect™ offers extensive protection for sensitive information you or your organization transmit, including files, text, screen sharing, video and audio. Click below to discover the complete details of Vidyo’s security policy and VidyoConnect security features that are designed to keep your communication and private information safe.
Key Security Features
- SRTP media encryption
- FIPS 140-2 certified libraries
- Secure HTTPS login utilizing industry-standard PKI
- TLS using strong encryption ciphers for signaling
- Password hashing in database
- Encrypted token technology for session security
- No login information retained on the client
User Login and Database Security
Protecting the login process from eavesdroppers and hackers is fundamental to securing the VidyoConnect service.
No login information is retained by the Vidyo soft clients. For organizations that use an external database for user account management, LDAP, SAML, and Active Directory (AD) are supported.
All Vidyo endpoints connect through the cloud and are not directly accessible from another endpoint. Even on public networks, Vidyo endpoints are protected from unauthorized direct access through an IP address. The architecture provides the endpoint with a built-in layer of security from third-party hacking and voyeurism.
HTTPS with certificate support on login
VidyoConnect always establishes an encrypted HTTPS channel with each Vidyo endpoint that attempts to access the system. Before transmitting any login information, the Vidyo endpoint or web browser validates the VidyoConnect certificate and verifies it was issued by a trusted third-party certifying authority. Once the certificate is verified, login and password information is transmitted securely to VidyoConnect over the same encrypted HTTPS channel.
Encrypted tokens for session security
For HTTPS connections, the ciphers and key exchange method used are dependent on what the end user’s browser can support. However, Vidyo infrastructure components prefer to use the strongest available ciphers and will reject the use of known weak ciphers.
Click below to discover all the details of Vidyo’s security policy and VidyoConnect security features designed to keep your communication and private information safe.
Signaling and Media Encryption
It is vital to secure from would-be hackers the signals that different components within the Vidyo architecture use to communicate with each other. Similar to the way online banking access is secured, VidyoConnect uses industry-standard public key infrastructure (PKI) to issue each component a digital certificate by a trusted third-party certifying authority, allowing endpoints to verify the identity of VidyoConnect and also helps prevent malicious users from eavesdropping on communication.
VidyoConnect uses AES encryption over Transport Layer Security (TLS) for Vidyo endpoint and server communications with certificate support. Vidyo supports Elliptic Curve Diffie-Hellman (ECDH), Diffie-Hellman (DH), or RSA for key exchanges.
To help protect the content of your Vidyo conferences from being intercepted and decoded without your knowledge, VidyoConnect also employs AES encryption over industry-standard SRTP for audio, video, and shared content.
Spoof Prevention, Component Authentication and Session Security
“Spoofing” is a tactic used by hackers to “steal” the identity of a trusted component of a network in order to gain access. Vidyo helps prevent spoofing through a rigorous component authentication scheme. Each server in the VidyoConnect network has a unique identifier that is communicated to the portal application over a secure link and is otherwise not accessible. New components added to the VidyoConnect network go to the portal application for configuration. If the portal application does not have a configuration defined for that machine’s specific ID, the machine is blocked from joining the network until the VidyoConnect administrator accepts the new ID and manually configures the component.
On the client side, a unique token is used to authenticate the endpoint to the portal application in lieu of the password, and the administrator of the portal application can define expiration rules requiring users to reauthenticate.
For complete details about how Vidyo protects sensitive information, including more specifics about its security policy and the features that help keep your communication safe, read our guide to VidyoConnect security.