Let us describe what we mean by layered security for defense in depth –
1. Secure Code Design
Through the Adobe Secure Product Lifecycle (SPLC) we start with a set of development guidelines that our programmers use when writing our code keeping security as a high priority.
2. Secured Connection
Next, our servers, and how we communicate over the internet, use industry-standard encryption practices – communicating over HTTPS employing Transport Layer Security (TLS) cipher suite to help secure your data in transit using AES-256. We add additional encryption for the most critical data, using SHA-256 hashing for passwords.
3. Least privilege principle as a default
Administrators can enforce appropriate restrictions for all users. Using our years of product design experience aligned to the toughest customer use cases in most regulated industries, we have created user interfaces and configuration settings that follow a ‘Least Privilege Principle’. This essentially means that as a default meeting host has the greatest control and others join with the least privilege. Meeting hosts control not only who can enter a meeting but also the assignment of role-based privileges to co-presenters and participants.
Each organization has its own set of unique requirements – we offer the flexibility to tailor each account to match those needs. Account Administrators can choose secure two-factor authentication and Single Sign-On (SSO) for IT-controlled logins. Applications can be whitelisted for approved application sharing or blacklisted to be always hidden. Meetings can be permanently blocked against ‘guest’ access so that only employees and pre-registered users attend. Read Frank Derienzo’s post for an in-depth overview of these extensive configuration options designed for a security-first approach.
4. Deployment flexibility with Managed Services
Our customers can choose from a variety of deployment options ranging from a hosted service on Adobe managed infrastructure leveraging industry best practices for secure design. Or a private cloud deployment by certified cloud infrastructure providers to operate and manage their services. Or even an on-premise deployment behind an organization’s own firewall.
Perhaps, one of the reasons for being the trusted solution of choice for the most ‘locked down’ regulated environments is the gamut of validations from industry compliance and regulatory bodies. Depending on deployment model, Connect meets various regulated industry security standards and has received a number of certifications attesting to its security as suited to the needs of specific industries such as financial institutions by being GLBA-ready, US federal government with FedRAMP certification, healthcare and non-profit organizations by being HIPAA-ready, and universities and K12 institutions, by being FERPA-ready for protection of US student’s education records and personal information.
We are all already working hard enough to adapt to this new world, we shouldn’t have to worry about the security of our meeting solution too, particularly when Adobe has spent years building it.
If you aren’t already using Adobe Connect you can Request for a Demo and we’d be happy to assist.
Source: Adobe Connect Blog