Collaboration Security

TrueConf is a reliable video conferencing platform that ensures complete security for your communications.

Deploy
Video conferencing solution with a threat protection system

They Trust Us

TrueConf solutions are used by hundreds of thousands of organizations worldwide. Among them are governments, private and public companies, banks, courts, clinics, and educational institutions.

More clients

Types of Video Conferencing Encryption

TLS

TLS (Transport Layer Security) is a cryptographic protocol that provides communication security and privacy over the Internet. It is used in applications such as web browsing, email, instant messaging, and VoIP (Voice over Internet Protocol).

SRTP

SRTP (Secure Real-time Transport Protocol) is a key component of secure voice and video communication, providing end-to-end security between two parties. It protects the confidentiality and integrity of voice and video data as it is transmitted over a network.

E2EE

E2EE (End-to-End Encryption) is a security system in which all data remains encrypted from the moment it is created until it is destroyed. If someone intercepts the data while it is in transit, they will not be able to read it without the proper encryption key. When looking for a video conferencing solution, be sure to ask if it offers end-to-end encryption. The above types of security measures are essential for any business or organization that wants to keep its data private. This is especially important for online meetings, which often involve the exchange of sensitive information.

Full Control Over Communications

TrueConf Server is deployed on your company's equipment and works autonomously inside a closed corporate network, which guarantees reliable protection of personal data from third parties.

Learn more
Full Control Over Communications

Legitimate Security

Video conferencing security is not only recommended for business communications: it is the law. Recent government regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR), require medical service providers, financial institutions, and other companies to protect all electronic data related to their clients and patients. That includes all electronic transmissions of customers' personal data, including video conferences.

GDPR Compliant

GDPR Compliant

HIPAA Ready

HIPAA Ready

ISO 27001 Certified

ISO 27001 Certified

Advantages of the On-premises TrueConf Solution

On-premises

Yes

The video conference server is deployed on your company's equipment, which guarantees full protection of your communications;

Yes

Administrators and employees do not have access to users' meetings or communications;

Yes

Each TrueConf Server instance serves only one company or organization and is therefore unlikely to be a target of hacker attacks;

Yes

Security services or law enforcement agencies cannot access your personal messages, even by sending a corresponding request.

Cloud-based

No

Information is stored on cloud servers, which may put at risk your corporate sensitive information.

No

Media streams arrive at the cloud provider's servers unencrypted, allowing service employees to access them.

No

Cloud service employees and third parties may gain access to your personal data.

No

Hackers on the Internet who intercept your username and password can access recordings of your conversations.

Complete Security of Communications

TrueConf respects your data privacy and provides transparency and control over your team communications.

Learn more
Mandatory authorization

Mandatory authorization

PIN codes for meetings

PIN codes for meetings

Limited access to conferences

Limited access to conferences

Access control for unauthorized users

Access control for unauthorized users

Media Data Security

AES-256, SRTP and H.235 encryption;

AES-256, SRTP and H.235 encryption;

TLS 1.3 protocol for protecting connections via third-party protocols

TLS 1.3 protocol for protecting connections via third-party protocols

TCP port 4307 for transmitting media streams and signal data between TrueConf Server and client applications

TCP port 4307 for transmitting media streams and signal data between TrueConf Server and client applications

Integration with corporate VPN gateways and support for end-to-end encryption

Integration with corporate VPN gateways and support for end-to-end encryption

Scalable Video Coding technology and VP8 video codec

Scalable Video Coding technology and VP8 video codec

Access Control

  • Restricting access to IP address ranges and server administrator accounts
  • Only computers on your local network have access to the control panel
  • User roles for managing conferences
  • TrueConf Security Admin role for viewing logs and reports
Learn more
Access Control

Single Sign-On

Integrate TrueConf Server with Active Directory to centralize user account management and restrict access rights to your corporate information.

Learn more
Single Sign-On

OAuth 2.0 Secure Authorization

TrueConf Server provides a wide set of API tools for integrating a video conferencing server with third-party software. At the same time, the OAuth 2.0 mechanism is employed, offering several advantages:

  • Working with the secure HTTPS protocol
  • Limiting API access for applications based on configured roles and permissions
  • Authorization of the application using a complex short-lived access token, eliminating the need to explicitly transfer usernames and passwords
Learn more
OAuth 2.0 Secure Authorization

TrueConf
Google MeetCompare
JitsiCompare
Skype for BusinessCompare
WebexCompare
Pexip
ZoomCompare
Deployment scenario

On-premises, cloud or hybrid

Cloud

Cloud, on-premises and hybrid

On-premises or cloud

Cloud

On-premises

Cloud or hybrid

All-in-one infrastructure

Deploying new servers is required

Requires additional subscriptions or virtual machines

Maximum number of participants

1,500

250

75

250

200

100

1000

Maximum number of on screen participants

49

49

12

6

25

34

49

Team messenger and file sharing

Only group chat is available

Only during the conference

Authorization and security

According to H.235 and SRTP standards

Single sign-on & NTLM

Google Cloud Directory Sync (GCDS) utility is required

Additional software installation required

Command line tools are required

Free version

1,000 online users

Up to 100 participants in a conference lasting 60 minutes

180 days trial period

Only in the cloud with 1 presenter and up to 100 participants, lasting no more than 50 minutes

Only in the cloud with 1 presenter and up to 100 participants, lasting no more than 40 minutes

Google Meet

Google Meet (Hangouts)

Google Meet is a secure cloud-based solution that allows users to organize both individual and group video conferences. The platform offers many opportunities for collaboration, such as the well-known Jumpboard. Google Meet allows even unregistered guests to join the conference using the meeting code.

Security

Google initially created the solution as a business tool in the Google Workspace suite, but eventually made it available for non-commercial use. To protect personal data, the online meeting platform adheres to TLS and SSL standards for encryption during data transmission. Registered users can enable two-factor authentication using FIDO-compatible text messages, authentication apps, or security keys.

Vulnerabilities

Google Meet does not support end-to-end encryption: instead, it uses DTLS-S to protect connections. However, some may find it unpleasant to discover that the solution's vendor stores data on delays and performance. Such «collectible» information includes the data transfer rate, estimated bandwidth, names of conference organizers, participant IDs, IP addresses, as well as the meeting's date and calendar ID.

Security researchers recently highlighted a vulnerability in Google Meet's URL redirection feature, which could lead users to counterfeit domains and make them vulnerable to cybercriminals. Furthermore, when joining a meeting from a smartphone, the audio transmits over the telephone network and may not be encrypted.

Slack

Slack

Slack is a corporate messaging platform that supports video chats for up to 15 users. This solution, like other vendor services, requires mandatory account login and uses a secure system to protect confidential data. Slack supports integration with nearly 100 third-party services, including Dropbox, Google Drive, and Twitter, which explains its versatility.

Security

Data transfer between the messenger and the service uses reliable encryption protocols and signatures, such as TLS 1.2, AES-256, and SHA2. Notably, this protection system only works with the user's consent, who must approve the processing of their personal information. Confidential data at rest in the Slack production network is encrypted according to FIPS 140-2 standards, including relational databases and file storage. Simultaneously, all encryption keys are stored on a secure server with restricted access.

Vulnerabilities

If you plan to use Slack for business purposes, you should be aware of the associated risks. In 2015, hackers breached Slack, exposing vulnerabilities in the messenger's security system. The company announced that hackers had breached its system, gaining access to the database for four days and jeopardizing user privacy.

After the cyberattack, Slack experts discovered suspicious activity from several accounts that had clearly been compromised by criminals. In 2019, Tenable specialists discovered a vulnerability in the Windows version of Slack. The client application allowed users to change the download destination, potentially enabling them to steal, modify, or add malware to files.

The critical vulnerability also allowed for remote code execution (RCE). Hackers could gain full remote control over the Slack desktop application through a successful exploit, thereby accessing private channels, conversations, passwords, tokens, and keys.

Skype

Skype

Skype, created by Microsoft, is a free software for making video calls. The «‎Meet Now»‎ option allows presenters to invite both registered participants and anyone else to a virtual meeting, without requiring an account. Regarding commercial purposes, it is worth noting that Skype for Business will cease operations on July 31, 2021.

Security

Skype uses AES, also known as Rijndael, which the US government employs to safeguard confidential information. At the same time, the encryption itself is 256-bit and has proven to be reliable. Skype server uses 1536- or 2048-bit RSA certificates to certify users' public keys.

Vulnerabilities

By default, Skype does not use end-to-end encryption, which means Microsoft can view all messages, calls, and files. In addition, the vendor records people's interactions on their platform, including, but not limited to:

  • Chat history
  • Activity status
  • Telephone numbers
  • Files sent and received
  • Time and duration of calls

Microsoft claims that it also collects user data from third parties, including data brokers. The corporation uses personal information for targeted advertising, personalization, research and development, and product improvement. Microsoft shares personal data with its affiliates, subsidiaries, and suppliers.

Cisco Webex

Cisco Webex

WebEx, the video conferencing platform, has existed since 1995 and is widely used by privacy-conscious companies in the healthcare, information technology, and financial services industries. This is partly because all three sectors had adopted virtual meetings long before the COVID-19 pandemic, but mostly due to the solution's reputation for maintaining strong cybersecurity. Cisco, WebEx's parent company, has long established itself as a reliable and secure vendor for corporate interactions.

Security

By default, WebEx makes user data readable by the server, but it also offers additional end-to-end encryption for up to 200 users, which exceeds the capacity of many competitors. Free account holders can contact customer support for additional protection measures. Despite considering the possibility of hosting an on-premises solution, the vendor offers a Cisco Meeting Server for this purpose.

Vulnerabilities

In 2020, Cisco engineers prepared fixes for three vulnerabilities that hackers could exploit during WebEx conferences. IBM discovered security breaches that allowed attackers to join online meetings as ghost users and gain access to personal data. Therefore, a cybercriminal could discover the full names, email addresses, and IP addresses of conference participants.

WhatsApp

WhatsApp

It is highly likely that you have friends or relatives on WhatsApp, as this messenger already has over two billion users. The solution was created in 2009, but it reached peak popularity in 2015, even becoming the primary means of communication in several countries, particularly in Latin America. WhatsApp enables users to organize personal and group chats, make audio and video calls, share files and locations, and even create polls.

Security

To ensure privacy, the solution supports end-to-end encryption, preventing even company employees from viewing your messages or listening to conversations. WhatsApp allows users to enable two-step verification to further protect their personal data and send disappearing messages.

Vulnerabilities

In January 2021, Meta announced an update to its privacy policy, stating that WhatsApp would store personal metadata and share it with Facebook and its «family of companies» (including Facebook Messenger, Instagram) starting in February of that year. Users could previously refuse to transfer information in the settings, but this feature is no longer available. Cyber awareness is something you need to keep in mind at all times while using WhatsApp.

In 2022, the leak resulted in the release of nearly 500 million users' personal data onto the internet. Meta had been storing users' confidential information in a nearly unencrypted form for years, allowing hackers to easily bypass the security system and gain access to it. In the following years, residents of 84 countries, including the United States, Italy, and France, suffered from the actions of fraudsters and criminals.

Zoom

Zoom

Zoom is a video communication platform that offers a wide range of collaborative tools. The solution gained the most popularity in 2020 during the pandemic, as many companies and organizations adopted it for remote work. Many enterprises continued using Zoom even after the lockdown was lifted, demonstrating its ongoing high demand.

Security

When using a Zoom client, video, audio, and screen sharing are protected in transit with AES-256 encryption and a one-time key for that specific session. To further protect your privacy, the solution enables additional end-to-end encryption.

Vulnerabilities

«Zoombombing» remains a significant stain on the company's reputation regarding security. The occurrence of intruders appearing in conferences and subsequently using profanity has become one of the most significant hacker attacks in the history of video communication. Attackers could send, edit, and remove chat messages, as well as remove other participants from online meetings.

Ready for secure video meetings?

Security is an important issue to consider when organizing virtual meetings. We recommend ensuring the safety of your video calls and recordings by hosting your video communications platform on your own premises.

Whether you are researching video conferencing for the first time or re-evaluating vendors for the next phase of your conferencing and collaboration solution, security should always be your highest priority. With the industry's best security practices, TrueConf video collaboration platform is the most suitable choice for security-conscious companies.

Try the secure video conferencing solution TrueConf Server!

Deploy

Useful links:

How TrueConf protects user dataDownload(1 MB, PDF)
TrueConf Server system requirements
TrueConf case studies
Video Conferencing Software
»
Features of video conferencing
»
Video Conferencing Architecture
»
Encrypted video conferencing