Classroom Collaboration: Privacy and Security
By Allen Drennan
If the recent pandemic has taught educators anything, it’s that privacy is paramount to the teacher, trainer and student user experience, especially when minors are involved. Not surprisingly, system administrators in EdTech have legal and institutional obligations with which to comply, as well as district or corporate standards. The laws and restrictions that are constantly changing in jurisdictions, countries, locations – GDPR, HIPAA etc.
Lately, breaking news of meeting provider breaches have made it clear that mainstream vendors of these products are not compliant – customers seek self-built (difficult to do) or custom solutions. Many are only partially compliant, and most are not at all. To comply with these standards, a built from the ground up platform model that includes solid privacy, security and control becomes necessary. Implementing a learning platform involves more than basic privacy, as we discuss below.
Why Privacy is Critical in Virtual Learning
With most virtual meeting products on the market today, the control of privacy for users and data is held completely by the product company. Your video meeting content is transferred on their cloud servers, leaving you little or no control over your private information. Recordings of your meetings then can be accessed by outside people and companies, when these meeting providers do not use truly secure end to end encryption practices and the top-level industry standards that they should be providing. Trust in privacy has become a critical issue when utilizing an online meeting service.
Platform providers should offer a stronger approach to the privacy of their clients. Customers must have the control and ability to deploy their own modules, transfer and store private information, recordings and content on their own cloud or the storage provider they already utilize. They should not merely be using a proxy server that echoes video and audio data, which is a commonplace provision of most online meeting providers. The routing of all your video and shared screen and document information, including recordings, should be on your own secure network as a best practice.
The control necessary for privacy and security, should come with an easy, on-site deployment so that execution isn’t a major undertaking for the system administrator. As an administrator operating a learning management solution (LMS) or a corporate training platform, the solution chosen must bring privacy, security and full control as key components of the platform implementation.
Offering online training in a virtual classroom environment must meet security and compliance regulations for many institutions, whether they be educational, government or healthcare. Secure parameters for operating virtual learning environments are critical to the safety of information in an organization, as well as protecting the privacy of students, employees and corporate intellectual property.
Transporting your information, video and data online
Most online meeting providers use simple symmetrical key encryption approaches to data transfer- This does not ensure end-to-end encryption. Solutions should implement true transport layer security (TLS) security up to the current standards of TLS 1.3., and with voice communications, it is best to implement the DTLS standard. These standards are the most current and secure approaches to transporting secure data for your online training and virtual learning classes.
A good question to ask yourself is, do you have complete control of your online meetings? Many general-use online meeting products use basic encryption protocols such as AES with fixed key depths and home-brewed techniques to handle key exchange, which leaves users open to vulnerabilities. Ideally, you should control encryption levels of your meetings – from what is required to be compatible with web browsers, PKI levels, RSA key depth, available ciphers all the way up to the latest FIPS standards.
Also, being able to use your own web server certificates and domains is preferred. When you deploy your own cloud modules on your own network, you will have complete control over how, when and where your users can use your service.
Password controls and online meeting or virtual classroom invites
Basic online meeting providers either don’t require passwords to enter meetings or they will allow anonymous entry to online meetings, thereby subjecting participants to continual disruption, or even the possibility of threat actors or hacktivists having access to meetings. Optimally, meetings should be secured using passwords that are different for regular attendees, presenters and hosts or moderators. Best practices platforms allow you to configure your meetings to require custom invitation links for each attendee with custom user identification that can be provided from an existing learning management system (LMS) via APIs to further control who has access to any given online meeting.
Which brings us to the topic of how a lot of video meeting products are limited to password-based O/Auth, thereby requiring all users to have an account and password so they must deal with the complexity of synchronizing their account with other learning platforms. The best scenario is to use APIs that leverage OAuth/2 to interact with your conferences or meetings. A premium platform will support numerous OAuth/2 flows including account and user flows, client based and API-key for machine to machine and service-oriented communications.
Security, security, security
Security will continue to be at the forefront of all virtual learning experiences as we move into more online global training and teaching. With corporate training and higher education, the system administrator will need to provide a safe and effective platform that is easy to use and has all the tools necessary for engaging a live, interactive class. To effectively achieve a robust classroom experience for educators and students alike, a platform that provides HD video, crystal clear audio, live chat, screen sharing and multipage document sharing, as well as whiteboard and annotation and markup tools will be the robust learning experience that institutions require.
The lessons of online learning and collaboration are clear: Don’t compromise your staff, students or employees with a generic video meeting tool when you can institute a standard of real security that implements easily for solid administrative control.
About the author
Allen Drennan, Principal, started Lumicademy in October of 2017, bringing together the team of senior engineers who created Nefsis, a cloud-based, video conferencing online service, which Frost and Sullivan cited as the first “conferencing service solution based on the technologies of cloud-computing, end-to-end parallel processing and multipoint video conferencing,” to create the next generation of virtual classroom technology.
Engaging students and educators alike, Lumicademy provides the ability to interact in a live video meeting and view presentations with screen shares, document shares, annotations and whiteboards, all within a tablet or phone experience.
This article was originally published by The Learning Counsel, a research institute and news media hub focused on providing context for the shift in education to digital curriculum.