Use Case: Zero Trust Webcasting

Pricewaterhousecoopers

Goals

  • Prevent uninvited attendees in virtual meetings, webcast events, and video-teleconferencing (VTC) platforms – (eliminate hijacking) 
  • Flexible authentication options that work with existing identity systems
  • Centralized event scheduling that operates across multiple vendors
  • Able to quickly add or remove multiple webcast, virtual meeting, and event management providers
  • Ability to enforce a common trust policy for all webcast vendors
  • Can adapt to new client infrastructure and new vendors
  • Manage the churn of new webcast vendors and tools

Approach

  • Zero Trust Webcasting service where all participants are verified
  • Reduce technical complexity while increasing security
  • Rapid configuration with any authentication method: SSO, Bring Your Own ID (BYOID), social, passwordless verifiable credentials
  • Access managed according to company authentication policies
  • Account elevation by security policy instead of in app configuration
  • Ability to provide unique access policies for each event
  • Access policy engine that is easy to integrate with any webcast vendor
  • Access buffer to protect IAM systems and networks from traffic surges
  • Plug and play integration with event management tools
  • Verifiable credentials for passwordless admin and participant access
  • Executive analytics dashboard for event monitoring
  • Easy to use by no-ntechnical event management teams

The situation

Corporations are increasingly dependent on virtual engagement to manage employees, partners and clients. Webcasting services do not replicate the authentication and security required to conduct these kinds of meetings in the physical world. Simply put, anyone with an email link can join.

At the same time, virtual events often involve webcasting to tens of thousands of people, all of whom will sign on within a couple of minutes, stressing identity management systems and networks to failure or expensive traffic surge auto scaling.

Corporations need to manage multiple identity providers, webcast vendors, event management platforms, and analytics vendors all of which are at different states of readiness to support security. Plus, there’s the constant churn of new vendors and the increasing need to protect confidential information in private webcast events. The result is that virtual meetings, web conferences, and streaming media events are all significantly less secure than their physical counterparts.

According to the Federal Bureau of Investigation – “The FBI anticipates cyber actors will exploit increased use of virtual environments by government agencies, the private sector, private organizations, and individuals as a result of the COVID-19 pandemic. Computer systems and virtual environments provide essential communication services for telework and education, in addition to conducting regular business. Cyber actors exploit vulnerabilities in these systems to steal sensitive information, target individuals and businesses performing financial transactions, and engage in extortion.” FBI – public service announcement.

 

A solution

Zero Trust webcasting with IdRamp’s Webcast Service replicates the level of security found in a physical meeting. It removes the need to trust vulnerable webcast vendor email based access by using any form of authentication including passwordless verifiable digital credentials to verify participants, whether employees, partners, or clients.

We developed the Zero Trust Webcast Service as an authentication access control engine that sits between webcast vendors and attendees. It is easy to integrate with each webcast vendor and delivers a common user experience. It has been deployed by Pricewaterhousecooopers (PwC) globally and currently delivers around 700,000 participants a month.

When participants sign up for a virtual event, they are directed to a secured Webcast Service URL where they are verified according to company policy. Then they are then redirected into the virtual event. There is no other way in. Only verified participants can obtain access 

By functioning as a verification layer, the Zero Trust Webcast Service also protects identity systems and networks from expensive traffic surges and the risk of failure. If 50,000 participants attend a virtual meeting, that traffic doesn’t hit a centralized username/login all at the same time. It goes to the Webcast Portal application, which is designed to handle hundreds of thousands of simultaneous rapid logins.

The Zero Trust Webcast Service reduces Identity and access management cost by adding security. 

The Zero Trust Webcast Service also helps corporations manage the endless churn in webcast vendors. Instead of a distinct integration project and a distinct security analysis for each service vendor, the Zero Trust Webcast Service integrates with each provider to deliver a common user experience and create a uniform standard of security and trust.

 

The future

The number of remote workers in the next five years is expected to be nearly double: By 2025, 36.2 million Americans will be remote, an increase of 16.8 million people from pre-pandemic rates.  Upwork Future Workforce Pulse Report

 As the need need for virtual meetings and webcast events increases, vulnerabilities in service providers will be exposed and exploited exponentially . The Zero Trust Webcasting Service leverages recent innovations in verifiable credentials and decentralized identity to provide maximum security, and privacy protection for your digital meeting and event experience. It also provides the flexibility to scale as organizations grow and integrate as service providers change. The Zero Trust Webcasting Service is built on industry standards and open APIs to provide full interoperability with the next generation of virtual meeting and webcast event platforms. For more information on bringing authenticated zero trust webcasting to your organization, schedule a demo with the IdRamp team today!

 

 

Bring Zero Trust security to your systems today

Contact us for a demo on the IdRamp suite of tools and services