I had a question about “data leakage” and “web conferencing.” While the capabilities of given systems vary, there appear to be potential for:
- Remote Control resulting in inappropriate access to resources and information, system damage, service outage, information modification, etc. — once a remote control session is established, the remote “guest” generally acts under the permissions of the “host” user’s credentials, and when the host user has administrative rights, the potential for damage is elevated.
- Unauthorized access to information — where the “authorized user” shares this access with one or more others via application sharing, and/or remote control.
- Bulk information theft via the “recording” features of the conferencing service — while it may seem inefficient, because the quality of remote desktop and application sharing is getting so good, recording some types of sessions where material amounts of sensitive information pass across the host’s screen.
- Inappropriate retention of discoverable business interactions — in some industries, strict control of records retention is a critical capability, and remotely-recorded information cannot be managed using most standard corporate records retention practices.
- Unauthorized recording of application/desktop sharing, voice, and video sessions — regardless of the volume of sensitive information involved, sometimes it is simply inappropriate to permit recording of some information.
Under most circumstances, when the threat of loss appears to be greater than the benefit of supporting a given service, that service is disabled. Because the marketplace for desktop collaboration services and technologies is rapidly evolving, simply blocking access to them is probably impractical in most organizations. Because of the types of technologies and implementations involved Data Leakage Prevention (DLP) platforms may not be much help either. Logging metadata about sessions in your event correlation engine might be useful, but many of the products below appear to operate without emitting this type of information. What are you doing at your organization?
The list below includes desktop collaboration services and technologies that incorporate a range of capabilities. From an engineering perspective, this is a diverse collection.
Candidate Desktop Collaboration Technologies and Services:
1. Adobe: Acrobat Connect Pro [SaaS and on-premises]
2. Adobe: ConnectNow [free SaaS]
3. Cisco: WebEx [SaaS] (WebEx Meeting Center, WebEx MeetMeNow, and WebEx Pay-Per-Use)
4. Cisco: Unified MeetingPlace [On-premises]
5. IBM: Sametime Unyte [SaaS] (IBM acquired WebDialogs August 2007)
6. IBM: Lotus Sametime [On-premises]
7. Microsoft: Office Live Meeting [SaaS] (acquired PlaceWare April 2003)
8. Microsoft Office Communications Server (OCS) [On-premises]
9. Citrix: GoToMeeting [SaaS]
10. Oracle: Beehive [SaaS]
11. iLinc Communications
13. Genesys Conferencing
15. SMART Technologies
33. Novell Kablink (formerly SiteScape)
— References —
Desktop collaboration product from: Burton Group: “Web Conferencing: Getting Green with Web Conferencing.” v 1.0, 23 January 2009, by Bill Pray and Mike Gotta. http://www.burtongroup.com/Client/Research/Document.aspx?cid=1505&contentView=FullContent