Secure by Design
Security starts with sound processes. Vidyo maintains an information security governance policy that controls the way the confidentiality, integrity, and availability of information is handled, thereby preventing misuse and malicious damage that could impact Vidyo operations and ultimately our customers and partners.
For healthcare organizations, VidyoConnect is fully HIPAA compliant. Vidyo does not store or access protected health information (PHI) of users of our healthcare cloud services, and will sign HIPAA-compliant business associate agreements.
User Login and Database Security
Protecting the login process from eavesdroppers and hackers is fundamental to securing the VidyoConnect service.
No login information is retained by the Vidyo soft clients. For organizations that use an external database for user account management, LDAP, SAML, and Active Directory (AD) are supported.
All Vidyo endpoints connect through the cloud and are not directly accessible from another endpoint. Even on public networks, Vidyo endpoints are protected from unauthorized direct access through an IP address. The architecture provides the endpoint with a built-in layer of security from third-party hacking and voyeurism.
HTTPS with certificate support on login
VidyoConnect always establishes an encrypted HTTPS channel with each Vidyo endpoint that attempts to access the system. Before transmitting any login information, the Vidyo endpoint or web browser validates the VidyoConnect certificate and verifies it was issued by a trusted third-party certifying authority. Once the certificate is verified, login and password information is transmitted securely to VidyoConnect over the same encrypted HTTPS channel.
Encrypted tokens for session security
For HTTPS connections, the ciphers and key exchange method used are dependent on what the end user’s browser can support. However, Vidyo infrastructure components prefer to use the strongest available ciphers and will reject the use of known weak ciphers.
Click below to discover all the details of Vidyo’s security policy and VidyoConnect security features designed to keep your communication and private information safe.
Signaling and Media Encryption
It is vital to secure from would-be hackers the signals that different components within the Vidyo architecture use to communicate with each other. Similar to the way online banking access is secured, VidyoConnect uses industry-standard public key infrastructure (PKI) to issue each component a digital certificate by a trusted third-party certifying authority, allowing endpoints to verify the identity of VidyoConnect and also helps prevent malicious users from eavesdropping on communication.
VidyoConnect uses AES encryption over Transport Layer Security (TLS) for Vidyo endpoint and server communications with certificate support. Vidyo supports Elliptic Curve Diffie-Hellman (ECDH), Diffie-Hellman (DH), or RSA for key exchanges.
To help protect the content of your Vidyo conferences from being intercepted and decoded without your knowledge, VidyoConnect also employs AES encryption over industry-standard SRTP for audio, video, and shared content.
For complete details about how Vidyo protects sensitive information, including more specifics about its security policy and the features that help keep your communication safe, read our guide to VidyoConnect security.