Lifesize Service – Is it Secure? A 2019 Overview


The Lifesize Service has recently seen an entire revamp of its architecture to make way for the future of Video Communications. With all customers now ported across to the new global cloud service architecture enabling access to 4K conferencing, 

In the past few months, the Lifesize Collaboration Service has been transported across to a brand new global cloud service architecture, named the Galaxy platform, ensuring the future of growth and reliability of the service for customers around the globe. 

This new 4K global cloud service architecture has been built from the ground up to provide:

  • Greatly improved reliability and fault tolerance
  • 4K dual stream conferencing
  • The ability for future features to be delivered rapidly and effectively
  • Media flowing of 4K at full frame rate
  • High resolution broadcasting and higher quality recording
  • Hugely enhanced current features including VMR sizes
  • Larger directories, groups and permissions
  • Near real-time reporting and alerts

Whilst it’s important to provide the newest, latest and greatest features and the flexibility required in today’s SaaS (Software as a Service) world, what is most important is that it meets and exceeds the essential security and robustness requirements of the modern business. Here’s a summary of Lifesize security and privacy features – for more information on security and privacy of various SaaS collaboration platforms, give us a call on 0118 214 2300.

Secure Foundation

All of the Lifesize calling capacity is hosted within the Amazon Web Services (AWS) data centres. This provides a highly secure foundation based upon the most mature public cloud offering in the world. The elastic capabilities of AWS enables Lifesize to adjust to customer needs and provide new and improved services extremely quickly, and with the Amazon Web Services data centres leveraging independent third-party certifications for privacy and security, including ISO 27001, Cyber Essentials Plus and SOC, customers can be comfortable that the Cloud platform is running upon the most resilient and secure base available in the marketplace today. 

The Lifesize cloud-based service is operated in secure AWS data centers in North America, South America, Europe, Oceania and two locations in Asia. Lifesize calling capacity is hosted exclusively in AWS. Lifesize room systems and client software will automatically create conferences in the optimal AWS data center based on the location of the initial members of the conference. Recordings of conferences are stored in the AWS data center where the conference was hosted. They are not replicated outside of that AWS data center.

Secure Operation

The Lifesize Service runs entirely independently from the Lifesize corporate environment, and the processes and controls include:

  • Source code scans for common vulnerabilities
  • A build and CI process that only accesses the external source code repository and never engineers computers
  • CI environment promotes container images to staging QA environment, completely isolated from the production environment
  • Very constrained access controls to all systems in the code development pipeline
  • Regular penetration testing by industry recognised and independent third party on the production environment

Secure Room Systems

The Lifesize Icon room conferencing systems are built upon decades of Video Codec and meeting room security knowledge, built from the ground up with security as one of the main architectural requirements. 

Systems are engineered exclusively for Video Communications, as pooposed to component-based kits on general purpose operating systems. The closed-box design does not allow others to use and/or add their own applications. 

The softwarre is encrypted as it is downloaded onto the system, and releases include third-party intrusion testing to ensure search out any possible vulnerabilities. 

Video Calling

The Lifesize Cloud service, Icon room systems and Cloud client software provide secure and encrypted video, audio, presentation and call setup (signaling) in every call, from end-to-end.

Admins and users have no ability to disable encryption, and all calls are encrypted with no compromise in quality. By employing WebRTC, encryption is mandatory and applies to both signaling via DTLS and media via AES-128/SRTP. Plus third-party systems will join video calls in a secure fashion when configured for either H.235 or SIP TLS encryption. 

Meeting Security & Access Control

Lifesize offers several features to keep meetings secure:

  • Passcodes can be used to secure meetings.
  • One-time meetings allow for a single-use meeting that is deleted following the event and cannot be reused. One-time meetings are always hidden from the directory.
  • Permanent meetings can be hidden from the directory.
  • Call escalation allows users to actively accept or reject new participants into a meeting.
  • During a meeting, a moderator can remove or mute individual participants from a call.
  • During a meeting, a moderator can remove or mute all participants from a call.
  • During a meeting, a user may mute their own audio and/ or video.

Licenced users can be assigned one of three roles within the Lifesize app – A User, A Superuser or an Administrator. Each role has particular permissions including placing calls, controlling in call features, creating and owning meeting, customising layouts, enabling and making recordings, configuring single sign on, managing the directory and managing room systems. 

Firewall/NAT Traversal

The Lifesize architecture allows you to keep your Lifesize room systems and client software safely behind your firewall and manages firewall traversal through our global service.

Lifesize room systems and client software do not require any firewall ports to be opened inbound from the internet. There is also no longer a need for static public IP addressing or complicated static NAT and port-forwarding firewall configurations. This allows you to maintain your existing perimeter posture and protects your users and devices from SIP and H.323 nuisance calls that are common on the open internet.

Lifesize only makes use of outbound TCP/UDP connections for call signaling and media. These TCP/UDP connections are always initiated by the Lifesize room system or client software in order to establish pinholes and dynamic port address translations. These connections are directed only to our global service resources on a specific list of published FQDNs, allowing for tightly crafted firewall rules. Lifesize manages these FQDNs and controls their Time to Live (TTL) so they are always current.

User Information

Lifesize stores only basic information for each of our customers’ user accounts. Should you choose to leave the service, this information will be deleted 180 days following the end of your contract. 

Recording, Streaming and Sharing

The Lifesize Stream, Record and Share features are an additional option for organisations, with recordings also stored within the AWS data centres. 

  • Lifesize Record and Share is available to subscribers of the Lifesize cloud-based service. Record and Share is disabled by default and must be purposefully enabled by an administrator before users are able to record any calls.
  • Content distribution may be restricted to only your own organisation.
  • Lifesize Live Stream and Record and Share are encrypted using AES-128 for data in-flight (streaming, recording, or playback) and AES-256 for data at rest (storage).
  • Lifesize Record and Share is hosted on AWS, which is designed for security across all geographies and verticals.
  • Initiation of recordings requires manual intervention whereby a user of the Lifesize cloud-based service must activate the feature to record the conference session.
  • An on-screen notification will be displayed to all video participants taking part in the conference to notify users that the call is being recorded and by whom.

For more information about the Lifesize Service, it’s security features, or to arrange a specific discussion with Lifesize and VideoCentric Technical Engineers to discuss particular security concerns or challenges for your business, get in touch with us today. 

 

 

 

Leave a Reply

Allowed Tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Call Now