Blue Jeans Network Security Features



Similar documents
Web Conferencing: Unleash the Power of Secure, Real-Time Collaboration

Security Information & Policies

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

FileCloud Security FAQ

WALKME WHITEPAPER. WalkMe Architecture

ShareFile Security Overview

SaaS Security for the Confirmit CustomerSat Software

Secure and control how your business shares files using Hightail

Unleashing the power of real-time collaboration:

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

SaaS Security for Confirmit Horizons

Unleashing the power of secure, real-time collaboration

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

How To Use Egnyte

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Casper Suite. Security Overview

OCTOBER 2015 TAULIA SUPPLIER ARCHITECTURE OVERVIEW TAULIA 201 MISSION STREET SAN FRANCISCO CA 94105

MIGRATIONWIZ SECURITY OVERVIEW

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

DiamondStream Data Security Policy Summary

Global Network. Whitepaper. September Page 1 of 9

White Paper. BD Assurity Linc Software Security. Overview

GoodData Corporation Security White Paper

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

Connecting With Lifesize Cloud

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October Page 1 of 9

Security Controls for the Autodesk 360 Managed Services

Egnyte Security Architecture

A POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications

SHARPCLOUD SECURITY STATEMENT

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security from a customer s perspective. Halogen s approach to security

Time to Value: Successful Cloud Software Implementation

THE BLUENOSE SECURITY FRAMEWORK

Auto-Answer Configuration for Polycom HDX Systems

Our Key Security Features Are:

Connecting With Lifesize Cloud

A Guide to New Features in Propalms OneGate 4.0

WebEx Security Overview Security Documentation

FormFire Application and IT Security. White Paper

Polycom Recommended Best Security Practices for Unified Communications

Security Architecture Guide

Druva Phoenix: Enterprise-Class. Data Security & Privacy in the Cloud

When enterprise mobility strategies are discussed, security is usually one of the first topics

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Provisioning ShareFile on Microsoft Azure Storage

NEFSIS DEDICATED SERVER

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Sync Security and Privacy Brief

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

Clarizen Security White Paper

Spreed Keeps Online Meetings Secure. Online meeting controls and security mechanism.

Security Overview Enterprise-Class Secure Mobile File Sharing

StarLeaf Connectivity Services. Deployment Guide

Media Shuttle s Defense-in- Depth Security Strategy

SECURITY DOCUMENT. BetterTranslationTechnology

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

White Paper How Noah Mobile uses Microsoft Azure Core Services

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Hedge Funds & the Cloud: The Pros, Cons and Considerations

How To Secure Your Data Center From Hackers

A Sumo Logic White Paper. Sumo Logic Security Model. Secure by Design

NATIONAL SECURITY AGENCY Ft. George G. Meade, MD

ProjectManager.com Security White Paper

vcloud Director User's Guide

Security & Infra-Structure Overview

Security Whitepaper. NetTec NSI Philosophy. Best Practices

The increasing popularity of mobile devices is rapidly changing how and where we

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

Service Manager and the Heartbleed Vulnerability (CVE )

CONTENTS. PCI DSS Compliance Guide

EmpLive Technical Overview

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

Syncplicity Security and Control Features

Security & Infrastructure White Paper

BMC s Security Strategy for ITSM in the SaaS Environment

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Citrix GoToAssist Service Desk Security

Advanced Service Desk Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Addressing Cloud Computing Security Considerations

Security, trust and assurance

Salesforce & HIPAA Compliance

ITAR Compliant Data Exchange

Tableau Online Security in the Cloud

Enterprise level security, the Huddle way.

CBIO Security White Paper

HTTPS Inspection with Cisco CWS

Connectivity to Polycom RealPresence Platform Source Data

How To Create A Walkme.Com Walkthrus.Com Website And Help With Your Website Or App On A Pc Or Mac Or Ipad (For Pc) Or Mac (For Mac) Or Ipa (For Ipa) Or Pc

Transcription:

Technical Guide Blue Jeans Network Security Features Blue Jeans Network understands an organization s need for secure communications. The Blue Jeans cloud-based video conferencing platform provides users with the most interoperable and easy-touse solution on the market, as well as the underlying security features of an enterprise-grade video communications service. These include numerous network and data center security measures, robust in-meeting and administrative features, and standards-based media encryption. The following topics will be covered in this document: Cloud Architectural Security Web Application Security Admin Level Security Privacy Media Handling & Encryption

Cloud Architecture Security Global Data Center Security The Blue Jeans service was built from the ground up by Blue Jeans and consists of software that runs on cloud-compute clusters from a leading global server vendor. The service is hosted in multiple tier-1 co-location data centers around the world, and in each of these PoPs, dedicated cages and racks are protected with 24x7x365 security and multiple levels of biometric access controls. Access to the cages is restricted to Blue Jeans Operations personnel. Infrastructure and Network Security Blue Jeans employs a wide range of security management practices to provide a secure and reliable service to customers. This includes network firewalls throughout the infrastructure to create security zones for different applications and services. Blue Jeans also deploys proxy servers that terminate all 3rd party / customer traffic at a proxy layer. All web traffic passes through industry-leading load balancers to protect against a suite of application attack vectors. Beyond the firewall, proxy servers and load balancers, Blue Jeans also periodically scans for network, port, and application-level vulnerabilities. Vulnerability scans are conducted by a leading 3rd party SaaS provider, in addition to some special-purpose, in-house scanning tools. Furthermore, all of the 3rd party applications and operating system software is checked for security advisories and is patched periodically. Routers, firewalls, load balancers, and proxy application servers are all configured to mitigate numerous types of DOS attacks. Blue Jeans also engages with 3rd party consultants to perform penetration testing of the service. All of their findings are reviewed and appropriate actions are then taken to address and mitigate vulnerabilities found in the service. Application-Level Security This section covers the security features that can be enabled at the user level. User Account Security All user accounts are secure using the following technologies and security measures: Each Blue Jeans account is secured with a standard username and password Authentication requests are always sent over HTTPS Passwords are SHA-256 salted/hashed in the database and can never be viewed in plain text Passwords are never sent via email or any other form of electronic transmission (the Forgot Password feature only allows for resetting the end-user s password)

In-Meeting Security Features Blue Jeans meetings come with optional security capabilities that users may set as default or enable when required. Meeting ID a randomized nine-digit number uniquely identifying a meeting. Participant Passcode a second-level of authentication that can optionally be enabled for each meeting. Publish Meeting Option an option that allows a meeting to remain hidden on the end-user s personal meeting room. Participants must either join these meetings directly from an email invitation or by entering the Meeting ID and/or password via the bluejeans.com homepage. Encrypt Meeting Option an option that forces a Blue Jeans meeting to only allow end points with sufficient encryption capabilities enabled. Please see Media Handling & Encryption for additional details on encryption. Expel Participant during the course of a meeting, any participant can quickly be removed from the meeting with a click of a button. Lock Meeting during the course of a meeting, the session may be locked down to only include those participants that are in attendance. Admin-Level Security Group Administrator Security Features As a Group Administrator, Blue Jeans allows security policies to be created for all users in your organization. These include: User Authentication Options (standard User Password configuration or SAML Single Sign On) User Password Requirements Change Password Options Failed Login Notifications Enable Video Connection Type (set which endpoints are supported and which is the default for your Group)

Privacy and Customer Data Storage Only the most basic user data is stored in the Blue Jeans database. Blue Jeans stores the following user information: User Profile Details Username (Facebook login includes Facebook username, Linkedin login includes Linkedin profile URL) Password (SHA-256 salted hash) Email Address First Name Middle Name Last Name Title Company Name Profile Picture Billing Details The Blue Jeans Service currently leverages a third-party, PCI-compliant partner to handle all billing aspects of the service. This means no user credit card or billing information resides in the Blue Jeans database. Because the service is used by thousands of companies globally, Blue Jeans is also US and EU Safe Harbor compliant. More information about this as well as the privacy policy can be found here: http://bluejeans.com/privacy-policy Media Handling & Encryption Blue Jeans Network takes the utmost care with your communications, and does not record or capture any video or desktop-sharing streams without interaction and consent from customers. It is recommended that an organization employ the proper steps to ensure that software-based video clients are secured on the desktop, and that no malware may intercept media at the hardware level. Blue Jeans supports standards-based encryption (AES-128) that is available on most video endpoints today. Blue Jeans connections using the browser for video are encrypted by default in Blue Jeans meetings, as are many other solutions such as Cisco Jabber or Microsoft Lync. If using room based video endpoints, such as Polycom, Lifesize, Cisco, etc. to connect to Blue Jeans calls, they will encrypt upon connection to Blue Jean provided that they have this feature enabled and the proper security licenses from those vendors. Most video room systems encrypt by default as long as both sides of the call support it. However, it is recommended that you check your system to require encryption for all calls, or to encrypt by default. As mentioned in the In Meeting Security Features section above you can select, Enforce Encryption when scheduling a Blue Jeans meeting to ensure only encryption capable devices can join the meeting. This will help ensure that your room systems connection to Blue Jeans using either H.323 or SIP will be a standards based encrypted connection.

Recording and Video Content Storage and Encryption The Blue Jeans service also includes the unique capability of uploading and sharing full-motion video content in your meetings, as well as the ability to record and share your meetings. The security of both of these features is important to our customers and to us. Here it s a little bit more about the security of each. Recordings are stored in secure containers in the cloud. These videos are encrypted at rest (AES-256bit) and are only accessible to the recording originator. They may be shared by the recording originator using email addresses through the web user interface. These can be viewed as an encrypted (AES- 128bit) playback stream using a web browser or downloaded to an on premise media server or storage device. Users may choose to delete their recordings from Blue Jeans at any time, again using the web user interface. Uploaded shared video content is also stored in secure containers. The video content sharing stream is also encrypted (AES-128bit) when shared in a meeting. Users may also choose to delete their uploaded video content from our service as well. Service Organization Controls (SOC) 2 In addition to the security measures taken around our service infrastructure as well as the in meeting security features of the product, Blue Jeans has taken important steps to ensure the integrity of our internal operation is also addressed. Blue Jeans has completed the Statement on Standards for Attestation Engagements (SSAE16) Service Organization Controls (SOC) 2 Type 2 Report. Completion of this is a very important step for not only Blue Jeans Network as a company, but also for our customer. This attests to our commitment as a service provider to our users that we have implemented formal documented procedures and controls across our organizations. Policy, Communications, Procedural, and Monitoring control activities, as well as Disaster Recovery, and US-EU and US- Swiss Safe Harbor Frameworks are covered under this report. If you have further questions or concerns about the security of the Blue Jeans Network service, please feel free to contact us at info@bluejeans.com and we will be happy to assist Blue Jeans Network, Inc. 516 Clyde Ave Mountain View, CA 94043, USA (408) 550-2828 - bluejeans.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information