Enterprises are expected to heavily rely on Web and video conferencing in the coming years to reach a wider audience. But while the risk of being hacked rises when conferencing goes outside the firewall, many believe added security isn't worth the time or money.
"We're not losing sleep over security," said Richard Norris, European video conferencing manager for Information Services International, a division of Mars UK Ltd. "We worry about data hacking, but not video hacking. We don't do data conferencing and with video, we don't see the need for encryption or other security measures."
Wainhouse Research of Brookline, Mass., held a roundtable discussion focused on the security aspects of conferencing as part of a three-day summit last week in Boston. Norris participated, as did Ira Weinstein, a senior analyst and consultant for Wainhouse, which specializes in media conferencing research.
Weinstein cited the firm's recent study predicting revenues in the videoconferencing industry will increase from $530 million in 2003 to nearly $1.1 billion by 2008. It also predicts personal videoconferencing systems will dominate the market on a unit basis with revenue growing from $21 million in 2003 to $180 million by 2008. A driving factor will be companies' growing dependence on the technology to broaden their public audience, Weinstein said. That's when security becomes an issue.
"While the conferencing environment is considered fairly secure from inside the company firewall, the security risks come into play when you are conferencing with people or groups outside your company," Weinstein said. "Web-based services, such as WebEx, have inherent security risks because in order to use that hosted service, companies must direct their data outside the firewall into the public Internet domain."
Outside the firewall, the biggest threat would likely come from hackers trying to crack the data stream in search of company trade secrets and other sensitive information.
James Di Marino, IT manager in charge of audio/video Web conferencing for Cambridge-based biotech firm Genzyme Corp., said a big concern is protecting the company's proprietary information. He said the theft of such information would be a costly problem. "When we deploy the technology, security is our number-one criteria," Di Marino said. "All employees must comply with our security policies, including tech uniformity requirements."
Genzyme uses WebEx, a Web-based conferencing service. Responding to Weinstein's description of the service as inherently insecure, Di Marino said, "It's like a telephone line. You try to make it as secure as possible, but you can't eliminate all the risks. WebEx is an acceptable risk."
Weinstein said many companies have reached that conclusion.
"Businesses understand there are security risks," he said. "This level of risk is usually accepted in order to allow business to happen. Companies aren't necessarily prepared to spend a lot of time and money on security because they don't perceive an immediate risk, consider it worth the time, effort, and financial investment and aren't willing to compromise the ease of use or mass reach of conferencing by implementing security."
Michael Brandofino, executive vice president and chief technology officer of Hillside, N.J.-based video communications firm GlowPoint Inc., agreed. "We saw security as a big deal from the outset and offered encryption," Brandofino said. "No one asked for it."
Brandofino said when companies think of security, they focus on the core computer network and desktop computers. "People don't see a video stream as a way to crack into a company's infrastructure," he said. "I think those involved with corporate espionage are going to focus more on the phones and e-mail than on video conferencing."
Given the security concerns, users need to be careful about the information they choose to transmit during conferencing, Weinstein said.