This article originally appeared in the May 2012 issue of INTERNET TELEPHONY magazine.
Videoconferencing has grown in popularity over the last several years as companies strive to lower their travel expenses while maintaining a high level of face-to-face availability with customers, partners and remote employees. As such, the delivery of video over IP has become a critical business asset that reduces costs, improves efficiency and creates more meaningful interactions with external personnel. Additionally, as video becomes more tightly integrated with unified communications systems, and as workers become increasingly mobile, it is more important than ever to apply standard corporate security and network policies to video communications to support users properly.
While it is true that most videoconferencing equipment does not store valuable corporate data, this equipment can nonetheless expose the organization to unnecessary risk. Denial of service attacks, remote control of endpoint and bridge resources for fraudulent or malicious activity, and discovery of an organization’s network topology are vulnerabilities that must be considered when deploying video over IP. A recent New York Times report detailed an example where an intruder gained access to the videoconferencing room systems at a dozen different companies, with the ability to control the camera and zoom in on information-laden white boards or documents on the conference room table.
However, some organizations do not perceive videoconferencing equipment as a viable gap in their network security and fail to extend their policies to encompass the devices. Others have implemented restrictive guidelines that require a videoconference be set up multiple days in advance to authenticate participants, eliminating the opportunity for the type of ad hoc communications required in today’s business world. To complicate matters, many firewalls do not support video traffic and video communications and are incompatible with popular network address translation techniques used at many corporate boundaries.
These challenges have contributed to the rapid growth of the enterprise session border controller market. ESBC devices now being offered by several vendors can mitigate risk and ensure interoperability for enterprise video. Various security policies can be implemented using an ESBC such as utilizing encryption between trusted boundaries, authenticating users, and restricting access to critical video infrastructure. Security policy can also be extended to the configuration of endpoints and video bridge equipment – for example, ensuring auto answer is turned off for endpoints installed in sensitive areas or restricting direct videoconferencing between endpoints and instead using a video bridge that can only initiate an outbound video call after properly authenticating a user. A multi-tiered security design can be implemented that compliments existing perimeter security for data and other applications while at the same time providing for the flexibility and efficiency of secure, ad hoc videoconferencing.
Ensuring a high quality user experience is another critical component for delivering videoconferencing services in a business environment. Network impairments such as packet loss, excessive jitter and latency can negatively impact the quality of video communications. To ensure high quality video communications, a comprehensive quality of service and bandwidth management design should be developed that includes prioritizing real-time IP-based video traffic over data, QoS policing, and traffic shaping of data. In the absence of any QoS policies, all voice, video and data traffic are considered to be equally important. In this scenario, videoconferencing sessions inevitably suffer during periods of congestion or in cases in which there is insufficient network bandwidth deployed to support all traffic.
Some ESBC systems provide voice- and video-aware traffic management that includes prioritization, traffic shaping and QoS policing. In addition to ensuring high quality videoconferencing calls, an ESBC can be used as a monitoring and troubleshooting point in the network to reduce problem resolution times.
To fully maximize the technological and business opportunities available with videoconferencing, organizations must design their infrastructure around it, applying the same policy standards as every other node on the network. Systems such as enterprise session border controllers simplify this process for organizations deploying converged voice, video and data applications.
Edited by Stefania Viscusi