InfoComm Asia on July 17-19 in Bangkok

Collaborate with security you can trust

We’ve built TrueConf to protect your privacy and give you full control over your information. When you choose TrueConf, you’re getting the most secure platform for all your communications and video meetings.

secure video conferencing

Types of Video Conferencing Encryption

There are a few different ways to encrypt your video conferencing traffic. The most popular options are TLS and SRTP.

TLS (transport layer security)

TLS (transport layer security) is a cryptographic protocol that provides communication security and privacy over the Internet. It is used in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). TLS is widely used to protect online transactions such as credit card purchases and bank transfers.

SRTP (Secure Real-time Transport Protocol)

Secure Real-time Transport Protocol (SRTP) is a key component of secure voice and video communication, providing end-to-end security between two parties. SRTP is used to protect the confidentiality and integrity of voice and video data as it is transmitted over a network.

Video conferencing for privacy

E2EE (end-to-end encryption)

The term is used to describe a security system in which all data is encrypted at all times, from the moment it is created to the moment it is destroyed. This means that even if someone intercepts the data while it is in transit, they will not be able to read it without the proper encryption key.

This level of security is essential for any business or organization that wants to keep their data private. This is especially important for videoconferencing, which may involve the exchange of sensitive information.

When looking for a video conferencing solution, be sure to ask if it offers end-to-end encryption. If so, it means that your data will be safe every time you use it.

You are in control

Imagine being able to control all your corporate communications and store them on your own servers. With TrueConf, you don’t have to share your corporate data with cloud services or anyone else. Run the entire meeting platform on-premises and inside your network.

server platform software

TrueConf

Video conferencing security is not only recommended for business communications, it is the law. Recent government regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) or the GDPR, require that medical service providers, financial institutions and other companies protect all electronic data related to their clients and patients. That includes all electronic transmissions of customer personal data, including video conferences.

GDPR Compliant

GDPR Compliant

HIPAA Ready

HIPAA Ready

ISO 27001 Certified

ISO 27001 Certified

Check the benefits of on-premises deployment with TrueConf:

On-premises

Yes

All communications are hosted on customer’s premises with no third-party access.

Yes

TrueConf administrators, employees or representatives do not have any access to customer’s meetings or communications.

Yes

Each TrueConf Server instance serves only one company or organization and therefore is hardly likely to be a subject of hacker attacks.

Yes

It is impossible to get access to your private communications by security or law enforcement agencies by sending a corresponding request to TrueConf.

Cloud-based

No

Information is stored on cloud servers, which may put at risk your corporate sensitive information.

No

During meetings, video and audio data are processed unencrypted on the servers of cloud providers and can be accessed by service employees.

No

Personal data can be leaked due to cloud service vulnerabilities. Cloud service employees can also have access to the databases.

No

Recordings of your conversations can be available to any hacker in the Internet who has intercepted username and password from your account.

100% Secure Communications

TrueConf respects your data privacy, gives you transparency and control over your communications with your team.

Mandatory authorization

Mandatory authorization

PINs for every meeting

PINs for every meeting

Lock your meeting from uninvited participants

Lock your meeting from uninvited participants

Provide unauthorized users with limited guest access

Provide unauthorized users with limited guest access

Industry’s best protection

AES-256, SRTP and H.235 encryption

AES-256, SRTP and H.235 encryption

TCP port 4307 for transmitting media streams and signal data between TrueConf Server and client applications

TCP port 4307 for transmitting media streams and signal data between TrueConf Server and client applications

Scalable Video Coding technology and VP8 video codec

Scalable Video Coding technology and VP8 video codec

TLS 1.3 protocol for protecting connections via third-party protocols

TLS 1.3 protocol for protecting connections via third-party protocols

Integration with corporate VPN gateways and support for end-to-end encryption

Integration with corporate VPN gateways and support for end-to-end encryption

Permission policies

  • Limited access with IP address range or separate admin accounts
  • Provide access to the control panel only to the computers within your corporate LAN
  • Different user roles for managing meetings
  • TrueConf Security Admin role for viewing logs and reports
Video conferencing for security

Single sign on

Integrate TrueConf Server with Active Directory to centralize user account management and restrict access rights to your corporate information.

Single sign on

OAuth 2.0 secure authorization

TrueConf Server APIs use the OAuth 2.0 protocol for authentication and authorization. OAuth 2.0 provides a number of advantages:

  • Working over the secure HTTPS Protocol
  • Delimiting application access to the API according to the role and configured permissions
  • Authorization using a complex short-lived access token without the need to visibly enter a username and password
OAuth 2.0

TrueConf
Google MeetCompare
JitsiCompare
Skype for BusinessCompare
WebexCompare
Pexip
Market vision
Software server for use within a corporate network.
Cloud-based video conferencing service.
Open source WebRTC engine demo developed by 8X8 Inc.
Software server for use within a corporate network.
Cloud-based video conferencing service.
Software server for use within a corporate network. There is a cloud solution Pexip Service, available by subscription.
Cloud-based video conferencing service.
Deployment scenario
On-premises, cloud or hybrid.
Cloud.
Cloud, on-premises and hybrid.
On-premises or cloud.
Cloud.
On-premises.
Cloud or hybrid.
All-in-one infrastructure
Requires deploying new servers for additional server roles.
Requires purchasing additional subscriptions in the cloud or installing additional virtual machines.
Maximum number of participants in a meeting
1,500
250
100
250
1,000
100
1,000
Maximum number of on-screen participants
49
49
12
6
25
34
Up to 49. Up to 25 over H.323/SIP gateway.
Messaging and file sharing
No. Only group chat is available.
Only during the conference.
Authorization and security
According to H.235 and SRTP standards.
Single sign-on & NTLM
Single sign-on & NTLM
Using a separate Google Cloud Directory Sync (GCDS) utility when using Google Workspace.
Additional software installation required.
Requires command line tools.
Free version
50 online users
Limited. Up to 100 participants in a conference lasting no more than 60 minutes.
180 days trial period.
Only in the cloud with 1 presenter and up to 100 participants, lasting no more than 50 minutes.
Only in the cloud with 1 presenter and up to 100 participants, lasting no more than 40 minutes.

Google Meet

Google Meet (Hangouts)

Google Meet is a secure cloud solution that enables you to organize both individual and group video conferences. The platform offers many opportunities for collaboration, such as the well-known Jumpboard. As for the participants, Google Meet allows even unregistered guests to join the conference using the meeting code.

Security

The solution was initially created as a business tool in the Google Workspace suite, but eventually became available for non-commercial use. To protect personal data, the online meeting platform adheres to TLS and SSL standards for encryption at the transit level. Registered Google users also have the option to enable two-factor authentication using FIDO-compatible text messages, authentication apps, or security keys.

Vulnerabilities

Google Meet does not support end-to-end encryption: instead, it uses DTLS-S RTPto protect connections. However, it may be an unpleasant discovery for some that the vendor of the solution stores data on delays and performance. Such “collectible” information includes the data transfer rate, estimated bandwidth, names of conference organizers, IDs of participants, IP addresses, as well as the date and calendar ID of the meeting.

Security researchers recently highlighted a vulnerability in Google Meet’s URL redirection feature, which could lead users to counterfeit domains and make them victims of cybercriminals. Furthermore, if you join a meeting from a smartphone, the audio is transmitted over the telephone network and may not be encrypted.

Slack

Slack

Slack is a corporate messenger that can support video chats for up to 15 users. As with other vendor services, this solution requires mandatory login to your account and uses a secure system to protect confidential data. This is explained by the fact that Slack supports integration with almost 100 third-party services, such as Dropbox, Google Drive, and even Twitter.

Security

Data transfer between the messenger and the Black service is carried out using reliable encryption protocols and signatures, such as TLS 1.2, AES-256 and SHA2. It is noteworthy that such a protection system only works with the consent of the user, who must approve the processing of his or her personal information. Confidential data at rest in the Slack production network is encrypted in accordance with FIPS 140-2 standards, including relational databases and file storage. At the same time, all encryption keys are stored on a secure server with restricted access.

Vulnerabilities

If you are going to use Slack for business purposes, you need to be aware of the associated risks.

In 2015, Slack was hacked, revealing flaws in the messenger’s security system. The company announced that its system had been hacked, and the attackers had access to the database for four days, jeopardizing the privacy of its users. After the cyberattack, Slack experts also discovered suspicious activity from some accounts that had been clearly compromised by criminals.

In 2019, Tenable specialists also discovered a vulnerability in the Windows version of Slack. The client application provided an opportunity to change the download destination and steal, modify, or add malware to files. The critical vulnerability also allowed for remote code execution (RCE). Hackers could gain full remote control over the Slack desktop application with a successful exploit, thereby gaining access to private channels, conversations, passwords, tokens, and keys.

Skype

Skype

Skype, created by Microsoft, is a free software for making video calls. The “Meet Now” option allows presenters to invite both registered participants and anyone else in general to a virtual meeting, without needing an account. As for commercial purposes, it is worth noting that Skype for Business will cease to exist on July 31, 2021.

Security

Skype uses AES, also known as Rijndael, which is employed by the US government to safeguard confidential information. At the same time, the encryption itself is 256-bit and has proven to be reliable. The Skype server uses 1536 or 2048-bit RSA certificates to certify users’ public keys.

Vulnerabilities

By default, Skype does not use end-to-end encryption, meaning that Microsoft can view all messages, calls, and files. In addition, the vendor records people’s interactions on their platform, including but not limited to:

  • Chat history
  • Activity status
  • Telephone numbers
  • Files sent and received
  • Time and duration of calls

Microsoft claims that it also collects user data from third parties, even brokers. Additionally, the corporation utilizes personal information for targeted advertising, personalization, research and development, and to improve its products. Personal data is also shared with Microsoft affiliates, subsidiaries, and suppliers.

Cisco Webex

Cisco Webex

The WebEx video conferencing platform has existed since 1995 and is widely used by privacy-conscious companies in the healthcare, information technology, and financial services industries. This is partly because all three sectors had resorted to virtual meetings long before the COVID-19 pandemic, but mostly due to the solution’s reputation for maintaining strong cybersecurity. WebEx’s parent company, Cisco, has long established itself as a reliable and secure vendor for corporate interactions.

Security

By default, WebEx makes user data readable by the server, but it also offers additional end-to-end encryption for up to 200 users, which is more than many of its competitors. Holders of free accounts can contact customer support to further protect themselves. Despite considering the possibility of hosting an on-premises solution, the vendor offers a Cisco Meeting Server for these purposes.

Vulnerabilities

In 2020, Cisco engineers prepared fixes for three vulnerabilities that hackers could exploit during WebEx conferences. IBM discovered security breaches that allowed an attacker to join an online meeting as a ghost user and gain access to personal data. Therefore, a cybercriminal could discover the full names, email, and IP addresses of conference participants.

WhatsApp

WhatsApp

It is highly likely that you have friends or relatives on WhatsApp, as this messenger already has over two billion users. The solution was created in 2009, but it reached its peak popularity in 2015 and even became the main means of communication in several countries, including Latin America. WhatsApp enables users to organize personal and group chats, make audio and video calls, share files, locations, and even create polls.

Security

To ensure privacy, the solution supports end-to-end encryption, which prevents even company employees from viewing your messages or listening to conversations. WhatsApp also allows users to enable two-step verification to further protect their personal data and send disappearing messages.

Vulnerabilities

In January 2021, Meta announced an update to its privacy policy, stating that WhatsApp would store personal metadata and share it with Facebook and its “family of companies” (e.g., Facebook Messenger, Instagram) starting in February of that year. Previously, users could refuse to transfer information in the settings, but now this feature is not possible. So cyber awareness is something you need to keep in mind at all times using WhatsApp.

In 2022, as a result of the leak, nearly 500 million users’ personal data was released into the network. As it turned out, Meta had been storing users’ confidential information in an almost unencrypted form for many years, resulting in hackers being able to easily bypass the security system and gain access to it. In the following years, residents of 84 countries, including the United States, Italy, and France, suffered from the actions of fraudsters and criminals.

Zoom

Zoom

Zoom is a video communication platform that offers a wide range of collaborative tools. The solution gained the most popularity in 2020 during the pandemic, as many companies and organizations started using it for remote work. It is noteworthy that many enterprises continued to use Zoom even after the lockdown was lifted, demonstrating its continued great demand.

Security

When using a Zoom client, video, audio, and screen sharing are protected in transit with AES-256 and a one-time key for that specific session. To further protect your privacy, the solution allows you to enable additional end-to-end encryption.

Vulnerabilities

“Zoombombing” is still a huge stain on the company’s reputation in terms of security. The precedent of intruders appearing in conferences and subsequently demonstrating profanity has become one of the largest hacker attacks in the history of video communication. Attackers could also send, edit, and remove chat messages, as well as remove other participants from online meetings.

Ready for secure video meetings?

Security is an important issue to consider when organizing virtual meetings. Our recommendation is to make sure your video calls and recordings are safe by hosting your video communications platform on your own premises.

Whether you are researching video conferencing for the first time or re-evaluating vendors for the next phase of your conferencing and collaboration solution, security should always be your highest priority. With the industry’s best security practices, TrueConf video collaboration platform is the most suitable choice for security-conscious companies.

Empower your video conferencing experience with TrueConf!

Proven solution for security-conscious organizations

TrueConf is trusted by hundreds of thousands of companies around the world. We’re proud to streamline business processes for the organizations where complete privacy is mission-critical.