Vscene Security Overview
Vscene Security Overview
Cloud Architecture Security
The Vscene service is housed within 2 x Tier 3, government approved data centres within Scotland – Pulsant South Gyle & Newbridge – www.pulsant.com/compliance/
These data centres are ISO27001 certified with dedicated cages and racks for the Vscene service. The DC is protected by 24x7x365 security with multiple levels of biometric access controls. Access to the cages is restricted to Ajenta management personnel. Our application servers require SSH keys for access at all levels. Our database and management servers are on a separate private subnet accessed over SFTP.
All devices and infrastructure are protected behind dual redundant Juniper SRX 345 firewalls with dual fibre links directly into the JANET network. This allows us to protect from unauthorised access to the administrative interfaces. Access is protected by Secure VPN via the Ajenta office network.
Media Handling & Encryption
Vscene supports standards-based encryption (AES-128) that is available on most video endpoints today. Vscene connections using Vscene desktop or mobile client applications or web browsers for video are encrypted by default in Vscene scheduled meetings or VMR meetings. A padlock icon is displayed on-screen for both web clients and hardware systems when their leg of the call is encrypted.
Vscene does not record or capture any video or desktop-sharing streams without interaction and consent from customers. It is recommended that an organisation employ the proper steps to ensure that software-based video clients are secured on the desktop, and that no malware may intercept media at the hardware level.
If using room based video conferencing endpoints, such as Cisco, Polycom, Lifesize, etc. to connect to the Vscene service, they will encrypt upon connection to Vscene provided they have this feature enabled and the proper security licenses from those vendors. Most video room systems encrypt by default so long as both sides of the call support it. However, it is recommended that you check your system to force encryption for all calls.
The Vscene platform supports complete end to end encryption using the following methods:
- HTTPS, TLS, SRTP, H.235 AES 128 Encryption and LDAPS (LDAP over SSL
- AES-128-bit media encryption
- FIPS 140-2 cryptographic libraries
- SAML 2.0 SSO (Shibboleth)
- Secure HTTPS login utilising industry standard PKI
- TLS 1.0 & 1.2 using strong encryption ciphers for signalling
- Password hashing in database
- Component blocking for spoof prevention
- Hardened Linux-based appliances for component access control
- Encrypted token technology for session security
- No login information kept at the desktop
- Graphic indication for encrypted calls on the call screen
- 460.18/.19 secure call signalling and media transmission across secure traversal tunnels.
- Assent secure call signalling and media transmission across NAT and firewall.
- National GDS Call Policy for authentication of H.323/SIP call sources and destinations.
Recording and Video Content Storage
Vscene supports uploading and sharing content within video conferences, as well as the ability to record and stream your meetings. The recording and streaming feature is turned on or off by the organisation administrator. These videos are stored in secure containers on secure Vscene servers and are encrypted at rest (AES-256bit).
These stored videos are only accessible by the meeting organiser from within that organisation. All recordings within Vscene will be stored in the media library for 90 days post-recording. At 90 days, recordings will be deleted. Deleted recordings are stored by Ajenta for an additional 30 days and can be retrieved during this time. On expiry of the 30-day period, all recordings are deleted and cannot be retrieved. It is the responsibility of the organisation to ensure recordings with retention requirements are saved to another location.
Organisational Security Management
Ajenta are IS0 27001, 9001, 14001, 18001 & 23001 certified. We are active members of many online security forums and are party to many discussions on general information security risks. We meet internally once every month to discuss any potential security threats to our own infrastructure and that of our clients. We work rapidly to notify all parties of possible risk and any associated work required. Where we need to take action on client’s systems we work out of hours 24/7/365. This work is undertaken outside of any standard SLAs.
Our Product Management team considers security related implications for every proposed product modification. Ajenta uses resources such as NIST National Security Database, MITRE, OWASP, etc. to monitor third party software provider vulnerabilities and updates prior to their inclusion in Vscene products. The Software Development team also performs regular code reviews to identify potential security vulnerabilities.
Our Quality Assurance team utilises industry-leading security scanning tools such as Tenable’s Nessus, Rapid 7’s Nexpose, and a host of open-source OWASP tools. Ajenta also uses the third party Qualys’ SSL Labs utility to help qualify that its server-based solutions meet the highest level of security.
The highest levels of security and compliance already have been confirmed through extensive penetration testing and reviews by independent 3rd parties and repeated by end-customers notably from the financial and healthcare sectors. The Vscene platform is a highly secured platform designed for implementations of video services that require high level of security such as Government, Education, Research and Healthcare.
t: 0131 512 2000