Technology is deeply integrated into the lives of every worker to maintain connectivity and engagement while working from home. Much of the workforce experienced digital transformation seemingly overnight, and we’re seeing enterprises place a bigger emphasis on communications and collaboration tools to ease feelings of distance and keep workers connected. However, with these new tools, organizations must also emphasize the importance of enterprise communication security.
At Fuze, we believe that online meeting security is a team sport that requires much more than just a list of certifications. Fuze understands the important role that sound internal practices and controls, independent security researchers, and partners all play in keeping solutions secure. Security measures must reach for a level of transparency, honesty and accountability to earn and maintain enterprise trust while working with more — and sometimes brand new — technology.
To us, information security, and the safeguarding of customer data are at the forefront of our operational and developmental processes and are purpose-built into every checkpoint of the Fuze platform.
Here are four security best practices that should lay the foundation for every enterprise solution:
1. Security By Design
It is vital that security best practices are integrated across the development lifecycle of a solution — from design through build and deployment. Often security is assumed. Many organizations don’t look at security up front, and instead, they assume every vendor has strong security built into the offering. This can lead to massive issues when vendors may be over-reliant on virality or integrations with other apps for authentication.
With remote work on the rise, it’s imperative that video conferencing security rigor is being applied. Otherwise, the risk of exposure and unwelcome circumstances is heightened. Web conferencing security exploits, as an example, can be injected via malicious links in a web chat and, once clicked, open the door to information leakage or theft. Security must be a core pillar at each step of the developmental process in order to ensure a solution is enterprise-ready.
2. Penetration Testing and Threat Monitoring
Communication and collaboration platforms and the larger systems on which they sit must be regularly tested against the latest security threats, using both internal security teams and resources and independent security researchers. In today’s workforce climate, with increased workers on home networks, it is especially critical to be diligent about threat monitoring, staying alert for new attack vectors, and developing well-defined countermeasures to prevent and mitigate against campaigns that put your service and proprietary information at risk.
3. Vulnerability and Risk Management
Risk identification and management must be highly prioritized and approached with complete transparency. As a best practice, vulnerability management should include proactively hunting for bugs and weaknesses with automated software scanning. Further, injecting peer reviews of source code, ensuring your SDLC processes include adherence to the OWASP Top 10 list, and contracting third parties to regularly test the solution and ensure that proper security measures are in place are all disciplines that should be ingrained across solution development and delivery teams. Proper governance of risk management and vulnerability status should come in the form of formal executive-level security review on at least a quarterly rhythm.
4. Encryption and Data Protection
Encryption-in-transit must be standard for all endpoints, without requiring a VPN connection, and encryption-at-rest ought to be in place for data stored in the platform. Customer data should be retained based on defined retention periods or only as required to deliver services. There should be no uncertainty that customer data is logically isolated, subject to role-based access control and the principle of least privilege, and that multi-factor authentication is employed.
Across the world, workers are leveraging video calls, screen sharing, and chatting like never before to continue driving business forward. Yet, this rapid shift cannot leave security as a second or third priority. At Fuze, we believe enterprise organizations deserve full transparency, honesty, and a clear focus on security efficacy and constant improvement and monitoring — now and in the future.
To learn more about enterprise security best practices in the age of remote work, click here.