At Online Seminar, we call ourselves a frontrunner in security. That’s not an empty slogan: every day we work hard with our team to set the standard with the sole aim of assuring our customers of absolute security.
Security is typically something that many people expect to be right. Until things go wrong. Then there’s a lot wrong right away. We all know the media stories about data leaks. We want to prevent this kind of thing at all times. Safety is therefore a crucial part of our services. We want to be able to assure you as a customer that data is absolutely safe. That is why we have an interest in being a leader in this area.
Overview: Safety within the webinar environment
Below you will find an overview of the most important safety elements within our webinar environment. We recommend that you always check the following items if you are organising a webinar. Please note: these are the highlights. This article is quite technical and not interesting for everyone, however, most of the time your IT or security department wants to know about these issues. Do you want a complete overview? Feel free to contact us.
Security Checklist when choosing your webinar platform
- Where will your data be stored?
- Are third party suppliers used and do they process your data?
- How is data encrypted?
- How are login details sent?
- Does it generate a daily backup of the data?
Servers and firewalls: this is how we have set them up
Our servers are located in the Netherlands and the data are stored here. This means that you can be sure that data protection is covered by European regulations. We also do not use third party suppliers to process data so you can be assured that data will not be resold.
We make a distinction between the webserver setup and the streamserver setup. We do this to increase security: one server is of no use, they don’t work without each other. Compromising does not make any sense. All the traffic needed to support the video session/transmission, including all the data that goes with it, is handled by the streamservers. The rest of the traffic is handled by the web servers. The firewall protects against unauthorized traffic. All traffic except for the stream servers passes through the central firewall and is encrypted.
All data to and from the server is encrypted via SSL. The audio and video are sent via a separate channel. This is either SSL encrypted or uses the RTMPe protocol (an Adobe encryption protocol). It is not possible to watch or listen to the audio or video outside a created session. This ensures that the identity of the receiver must always be validated.
Users and accounts: who has access to what?
A user cannot use the system without an account. The user cannot log in to a live session without an account. An account can be created by responding to an invitation via e-mail, a banner or another digital invitation. This is done by a unique login link (a unique encryption of the user-Id, and a 128 bit random number). This way a user starts a session. This session remains active as long as the user remains logged in. This means that only viewers who are actually allowed to attend the webinar can do so. Login data is sent separated and encrypted. Data resulting from webinar functionalities such as polls and questionnairers are also encrypted on a personal level.
How we protect the personal data of your customers
Encryption of the admin tool
In our admin tool (the Content Management System) all data comes together; it’s a very important tool. The admin tool is secured with a login and password. The data sent to and from the admin tool user is encrypted via SSL. There are several roles and rights within the CMS. This separates environments. Only database administrators have access to the data.
Roles and rights
Different roles and rights in the system (admin to prospect) shield the data between the different companies. For example, it’s not possible for an administrator to view data from another company, but the root user (highest role) can view and edit all data. When a user receives an invitation to a seminar, he or she has the prospect role. After registering for a seminar, the role is adapted to client. In addition to these roles, there are roles of presenter and moderator. These are rights that are granted to a person per seminar to protect the data.
Employees of Online Seminar, when they are actively working on the system, have the role “root user” in order to to help all customers. When an employee no longer actively works on certain customer data, this employee is moved to a lower role.
In order to provide the fullest possible coverage with Online Seminar, various protocols are supported. No other route is possible between sender and receiver; the protocols protect against manipulation. We check each address before sending data. The protocols are checked in sequence and when the user (or the company where the user is located) accepts the protocol, the connection is established.
The entire website of Online Seminar is served under HTTPS (SSL – 2048 bits key length), this provides a 256 bit encryption. The video and audio layer is standardly served under SSL.
How do we store data?
The user data stored within the system are protected by a username and password. The password per user is encrypted (hash encryption). The user can change the data at any time.
The database is backed up to an off-site location on a daily basis.