Early last quarter, Polycom made some exciting announcements about its newest product — RealPresence CloudAXIS, which will be available March 2013. What makes CloudAXIS so exciting is that it allows you to video conference with others without bothering about which service they normally use. As GigaOm tech blogger Stacey Higginbotham explains in one of her articles “someone can now connect people who use Skype, with those on FaceTime or even Facebook all in a browser window.” Furthermore, she adds, “once connected, those users can talk, provide a video and share screens, links and chat.” This is pure brilliance if you are constantly working with people on all different video conferencing services.
Is Polycom RealPresence CloudAXIS Secure?
One of the key sales points, according to Polycom, is that it allows secure communication with Skype, GoogleTalk, and many other popular video calling services. Unfortunately, security simply isn’t possible if it’s not end-to-end.
The problem with Polycom and most other video conferencing vendors is that they lack end-to-end security. All the common products including Google Hangouts, Vidyo, Blue Jeans, WebEx, Lync, Adobe Connect etc. have servers in the middle that listen to your traffic. What I mean is their encryption only goes from the initial endpoint to the server, and from the server to the remote endpoint. The server in the middle has full access to everything you say and do.
Polycom’s Fatal Security Flaws
RealPresence CloudAXIS has 2 fatal security flaws. The first is the server-in-the-middle issue mentioned above. CloudAXIS servers have full access to your conversation since the servers must decrypt your raw audio, video, screen share, before sending to the other systems. Thus the servers are security holes waiting to be exploited.
The second flaw has to do with the security of the outside video conferencing product. In order for a system to be secure all of its parts must be secure. If CloudAXIS connects to an insecure system such as Skype or Google Hangout then the entire system cannot be secure. Let me illustrate: If there are 2 doors to your home, and you lock up one door, but leave the other wide open, is your house secure? If there are 2 pipes under your sink leaking water, and you fix one leak, but not the other, is your leak problem fixed?
If you want security, where your conversations are always private and off-the-record, your only choice is VSee! VSee creates an encrypted tunnel between the caller and callee, using FIPS 140-2 certified 256-bit AES encryption. We use public private RSA keys to exchange the AES session key such that VSee servers never have access to the AES session keys – and this allows your conversation to be always off-the-record.
- VSee – An Alternative For Secure Video Conferencing (VSee)
- How to Secure Your Company’s Video Conferencing System (eSecurity Planet)
- Board Room Spying for Fun and Profit (Rapid7 blog)