Vscene Security Overview – Vscene

Vscene Security Overview

This document relates only to architectural and application security. For information on our data protection security & privacy policy – please refer to the footer on our website – Ajenta.net

Cloud Architecture Security

The Vscene service is housed within 2 x Tier 3, government approved data centres within Scotland – Pulsant South Gyle & Newbridge – Pulsant.com – compliance

These data centres are ISO27001 certified with dedicated cages and racks for the Vscene service. The DC is protected by 24x7x365 security with multiple levels of biometric access controls. Access to the cages
is restricted to Ajenta management personnel. Our application servers require SSH keys for access at all levels. Our database and management servers are on a separate private subnet accessed over SFTP.

All devices and infrastructure are protected behind dual redundant Juniper SRX 345 firewalls with dual fibre links directly into the JANET network. This allows us to protect from unauthorised access to the administrative interfaces. Access is protected by Secure VPN via the Ajenta office network.

Media Handling & Encryption

Vscene supports standards-based encryption (AES-128) that is available on most video endpoints today. Vscene connections using Vscene desktop or mobile client applications or web browsers for video are encrypted by default in Vscene scheduled meetings or VMR meetings. A padlock icon is displayed on-screen for both web clients and hardware systems when their leg of the call is encrypted.

Vscene does not record or capture any video or desktop-sharing streams without interaction and consent from customers. It is recommended that an organisation employ the proper steps to ensure that software-based video clients are secured on the desktop, and that no malware may intercept media at the hardware level.

If using room based video conferencing endpoints, such as Cisco, Polycom, Lifesize, etc. to connect to the Vscene service, they will encrypt upon connection to Vscene provided they have this feature enabled and the proper security licenses from those vendors. Most video room systems encrypt by default so long as both sides of the call support it. However, it is recommended that you check your system to force encryption for all calls.

The Vscene platform supports complete end to end encryption using the following methods:

  • HTTPS, TLS, SRTP, H.235 AES 128 Encryption and LDAPS (LDAP over SSL)
  •  AES-128-bit media encryption
  • FIPS 140-2 cryptographic libraries
  • SAML 2.0 SSO (Shibboleth)
  • Secure HTTPS login utilising industry standard PKI
  • TLS 1.0 & 1.2 using strong encryption ciphers for signalling
  • Password hashing in database
  • Component blocking for spoof prevention
  • Hardened Linux-based appliances for component access control
  • Encrypted token technology for session security
  • No login information kept at the desktop
  • Graphic indication for encrypted calls on the call screen
  • H.460.18/.19 secure call signalling and media transmission across secure traversal tunnels.
  • Assent secure call signalling and media transmission across NAT and firewall.
  • National GDS Call Policy for authentication of H.323/SIP call sources and destinations.

Recording and Video Content Storage

Vscene supports uploading and sharing content within video conferences, as well as the ability to record and stream your meetings. The recording and streaming feature is turned on or off by the organisation administrator. These videos are stored in secure containers on secure Vscene servers and are encrypted at rest (AES-256bit).

These stored videos are only accessible by the meeting organiser from within that organisation. All recording within Vscene have a default 14 day retention policy, where recordings are deleted upon expiry of the 14 day period. It is the responsibility of the organisation to manage storage of their own videos after that.

Organisational Security Management

Ajenta are IS0 27001, 9001, 14001, 18001 & 23001 certified. We are active members of many online security forums and are party to many discussions on general information security risks. We meet internally once every month to discuss any potential security threats to our own infrastructure and that of our clients. We work rapidly to notify all parties of possible risk and any associated work required. Where we need to take action on client’s systems we work out of hours 24/7/365. This work is undertaken outside of any standard SLAs.

Our Product Management team considers security related implications for every proposed product modification. Ajenta uses resources such as NIST National Security Database, MITRE, OWASP, etc. to monitor third party software provider vulnerabilities and updates prior to their inclusion in Vscene products. The Software Development team also performs regular code reviews to identify potential security vulnerabilities.

Our Quality Assurance team utilises industry-leading security scanning tools such as Tenable’s Nessus, Rapid 7’s Nexpose, and a host of open-source OWASP tools. Ajenta also uses the third party Qualys’ SSL Labs utility to help qualify that its server-based solutions meet the highest level of security.

The highest levels of security and compliance already have been confirmed through extensive penetration testing and reviews by independent 3rd parties and repeated by end-customers notably from the financial and healthcare sectors. The Vscene platform is a highly secured platform designed for implementations of video services that require high level of security such as Government, Education, Research and Healthcare.

Key Contacts

t: 0131 512 2000 e: security@ajenta.net