Security Features
How Vidyo Protects Your Video CommunicationWe maintain an information security governance policy preventing misuse and malicious damage that could impact our operations and ultimately our customers and partners.
Secure by Design
Certified and Verified Solutions for Secure Video Conferencing
At Enghouse, we prioritize the security and reliability of our video conferencing solutions, ensuring they meet the highest industry standards. Our commitment to quality and security is demonstrated through our certifications and verifications by leading health authorities.
Certified by the Ministry of Health and Social Services (MSSS), Quebec
Our video conferencing solutions have been certified by the Ministry of Health and Social Services (MSSS) of Quebec. This certification confirms that our products and services comply with the stringent technological standards set by the MSSS, ensuring secure and reliable communication for healthcare professionals. You can find more information about our certification and the standards we meet here.
Verified by Ontario Health
In addition, our virtual visit solutions are verified by Ontario Health, reflecting our adherence to the digital standards established for secure and efficient virtual healthcare services. This verification assures healthcare providers and patients that our solutions offer robust security features and high-quality performance. For more details on our verified solutions, visit Ontario Health’s verified solutions list.
These certifications and verifications are a testament to our unwavering dedication to delivering secure, compliant, and efficient video conferencing solutions that you can trust. Whether for healthcare, business, or other professional uses, our secure video conferencing tools are designed to provide the best video meeting experience while safeguarding your data and communications.
HIPAA-Compliant Secure Video Conferencing
At Enghouse, we understand the critical importance of maintaining the privacy and security of sensitive health information. Our video conferencing solutions are designed to meet the stringent requirements of the Health Insurance Portability and Accountability Act (HIPAA), ensuring that your communications remain confidential and secure.
HIPAA Compliance
Our secure video conferencing solutions adhere to the regulations set forth by HIPAA, which mandates rigorous safeguards to protect the privacy and security of health information. Learn more about our HIPAA compliance here.
HIPAA
Key Security Features
- SRTP media encryption
- FIPS 140-2 certified libraries
- Secure HTTPS login utilizing industry-standard PKI
- TLS using strong encryption ciphers for signaling
- Password hashing in database
- Encrypted token technology for session security
- No login information retained on the client
As an enterprise-class video meeting solution, VidyoConnect™ offers extensive protection for sensitive information you or your organization transmit, including files, text, screen sharing, video and audio. Click below to discover the complete details of Vidyo’s security policy and VidyoConnect security features that are designed to keep your communication and private information safe.
User Login and Database Security
Protecting the login process from eavesdroppers and hackers is fundamental to securing the VidyoConnect service.
No login information is retained by the Vidyo soft clients. For organizations that use an external database for user account management, LDAP, SAML, and Active Directory (AD) are supported.
All Vidyo endpoints connect through the cloud and are not directly accessible from another endpoint. Even on public networks, Vidyo endpoints are protected from unauthorized direct access through an IP address. The architecture provides the endpoint with a built-in layer of security from third-party hacking and voyeurism.
HTTPS with certificate support on login
VidyoConnect always establishes an encrypted HTTPS channel with each Vidyo endpoint that attempts to access the system. Before transmitting any login information, the Vidyo endpoint or web browser validates the VidyoConnect certificate and verifies it was issued by a trusted third-party certifying authority. Once the certificate is verified, login and password information is transmitted securely to VidyoConnect over the same encrypted HTTPS channel.
Encrypted tokens for session security
For HTTPS connections, the ciphers and key exchange method used are dependent on what the end user’s browser can support. However, Vidyo infrastructure components prefer to use the strongest available ciphers and will reject the use of known weak ciphers.
Click below to discover all the details of Vidyo’s security policy and VidyoConnect security features designed to keep your communication and private information safe.
Signaling and Media Encryption
It is vital to secure from would-be hackers the signals that different components within the Vidyo architecture use to communicate with each other. Similar to the way online banking access is secured, VidyoConnect uses industry-standard public key infrastructure (PKI) to issue each component a digital certificate by a trusted third-party certifying authority, allowing endpoints to verify the identity of VidyoConnect and also helps prevent malicious users from eavesdropping on communication.
VidyoConnect uses AES encryption over Transport Layer Security (TLS) for Vidyo endpoint and server communications with certificate support. Vidyo supports Elliptic Curve Diffie-Hellman (ECDH), Diffie-Hellman (DH), or RSA for key exchanges.
To help protect the content of your Vidyo conferences from being intercepted and decoded without your knowledge, VidyoConnect also employs AES encryption over industry-standard SRTP for audio, video, and shared content.
Spoof Prevention, Component Authentication and Session Security
“Spoofing” is a tactic used by hackers to “steal” the identity of a trusted component of a network in order to gain access. Vidyo helps prevent spoofing through a rigorous component authentication scheme. Each server in the VidyoConnect network has a unique identifier that is communicated to the portal application over a secure link and is otherwise not accessible. New components added to the VidyoConnect network go to the portal application for configuration. If the portal application does not have a configuration defined for that machine’s specific ID, the machine is blocked from joining the network until the VidyoConnect administrator accepts the new ID and manually configures the component.
On the client side, a unique token is used to authenticate the endpoint to the portal application in lieu of the password, and the administrator of the portal application can define expiration rules requiring users to reauthenticate.
Let us help you secure your data.
Download our free white paper today!
Learn more
For complete details about how Enghouse Video protects sensitive information, including more specifics about its security policy and the features that help keep your communication safe, read our guide to VidyoConnect security.