Sumedh Ganpate, Senior Collaboration Practice Leader, Avaya International, gives Security Advisor ME a lowdown on how the company is innovating to make Avaya Spaces not only a reliable but also a secure platform for today’s remote workforce.
Normal life as we know it has come to a sudden halt during the first quarter of the year due to the COVID-19 pandemic. The precautionary measures against the spread the outbreak has pushed businesses across multiple sectors to re-think the way they operate to ensure business continuity.
The rise of video conferencing apps has been one of the defining elements of the coronavirus pandemic. With companies across the globe forced to implement remote working schemes, virtual meeting apps have gained significantly.
Avaya was among the first companies to open its innovative collaboration software – Avaya Spaces – offering a 60-days free licence, to help businesses, as well as education institutions worldwide, adapt to remote working.
At a time when organisations are easing into the ‘new normal’ and the use of video collaboration solutions is becoming mainstream, many are voicing their concerns about the security of such applications. Sumedh Ganpate, Senior Collaboration Practice Leader, Avaya International, discusses how the company enabling secure and scalable enterprise collaboration with Avaya Spaces.
As organisations continue to adapt to new working environments, they become increasingly reliant on cloud solutions, what key best practices can they adopt to avoid any security gaffes in choosing the right platform?
Cloud-based solutions enable rapid, hassle-free deployment, and in recent months have proven to be an attractive option for businesses looking to rapidly roll out work-from-home strategies without having to incur prohibitive upfront overheads.
While this has largely been beneficial for businesses, as rapid uptake of tools may provide a quick solution to organisations looking to expediently roll-out remote working initiatives, they could impede an organisation’s long-term success. By rapidly rolling out new tools, businesses are encouraging their employees to adapt to new technologies and consequently become dependent on new ways of working. For example, given employees’ familiarity with consumer-grade video collaboration solutions, it may be easy to now get them to use these when communicating and collaborating with their colleagues and customers. However, these solutions often lack the security, scalability and features that are essential to true enterprise collaboration. Once procedures have been set and behaviours adopted, changing them could be a major challenge. We’ve learned this lesson before with the rise of shadow IT and even today, IT teams battle to ensure employees use official file sharing applications rather than unregulated alternatives such as personal email, USB drives or cloud-storage applications.
When choosing the right enterprise-grade collaboration platform – whether cloud-based or otherwise – organisations need to evaluate key security criteria. As basic requirements, the platform should implement industry-standard end-to-end encryption. For example, Avaya Spaces is built on a secure and trusted solution, with Google Cloud data encryption at rest. There’s also in-transit SAML and OAuth 2.0 support for secure login and GDPR compliance retention policies built-in. As has been clear from media reports in recent months, unauthorised entry can be a prime concern which is why user authentication and password protected entry to meetings are also essential security features.
In terms of the level of security, what differentiates Avaya Spaces as a platform as compared to its counterparts in the market?
Our customers rely on Spaces to maintain business continuity and some of their most important strategy meetings are held on this application, with sensitive data being shared via the solution’s convenient file sharing functionality. They have the confidence to do this because they know that security is a top priority at Avaya – we have designed Spaces from the ground up with security in mind at every step. Spaces is built on the Google Cloud and data is stored on the Cloud back-end application. Data required by Spaces is stored in encrypted form via Google Cloud. Data required by the browser client is stored in the browser itself in the form of cookies or in the cache. Data required by the mobile application is stored on the mobile application container service provided by the OS and recent mobile OS versions support encrypting application container data. Moreover, when data is being transmitted by Avaya Spaces over a network, it is encrypted.
What does it mean to receive a BCR approval for Avaya Spaces?
Avaya was one of the first companies in its sector to achieve the Binding Corporate Rules (BCR) approval from European Union data protection authorities. Successfully completing BCR compliance is a testament to the standards Avaya has set in handling personal data and in upholding fundamental privacy principles, such as data security, quality and transparency.
Protecting the personal data of our stakeholders will always be a top priority for Avaya and the endorsement by the EU data protection authorities demonstrates that we are committed to achieving the highest standards.
How have you ensured to keep the balance between data privacy, ease-of-use and productivity for the users?
Security, privacy and integrity are critical to Avaya and our relationships with our customers. Like all other Avaya solutions, Avaya Spaces is compliant to data-privacy regulations including the EU GDPR law. This reinforces customer’s confidence that their personal data is protected. Meeting data is secured and encrypted by Spaces and stored on Google Cloud Platforms, which are natively encrypted by nature, ensuring a double layer of protection. However, the backend security and privacy don’t sacrifice the intuitiveness of Avaya Spaces, which delivers a simple, easy-to-use experience. All these factors make Avaya Spaces a simplified productivity tool for secured team collaboration.
Can you please give an overview of the latest enhancements to Avaya Spaces’ security features? What was the driver behind the addition of the new ‘Private Space’ setting?
A “Private Space” uniquely prevents any intruder or unintentional participants trying to join the meeting as a “Guest”. Only authorised “Members” and “Admin” users invited by the group owner are allowed to join private meetings and can collaborate securely. This eliminates any intentional or unintentional access to Spaces meetings. On top of Private Spaces, any Spaces user who wants to secure their meetings further can password-protect their Spaces.
Why is it important to regularly update the security features of platforms such as Avaya Spaces? What other security features are you looking to roll out in the future?
The demand for group collaboration apps such as Avaya Spaces has spiked in the past few months due to COVID-19 pandemic. For the majority of Avaya Spaces users, this tool is used for pivotal activities, discussions and decision making. Therefore, it’s natural to expect highest possible security standards. And we continue to enhance these standards as the nature of Spaces usage intensifies.
We have plans to extend security features to our video endpoints, including the Avaya Collaboration Unit CU360 & XT devices. More importantly, Spaces APIs and SDKs are being buffed up to allow Spaces to integrate with customer’s existing portals or applications, leveraging any existing security features embedded within.