Secure Adobe Connect Meetings, Virtual Classrooms and Seminars
There are many features within Adobe Connect which help create a secure Meeting environment for Seminars, Virtual Classes and general collaboration.
- Customizable folder permissions:
Upon logging in as a Meeting Host or Administrator, within Adobe Connect Central, you will see three folders where persistent Adobe Connect Meeting Rooms can be created an reside: Shared Meetings, User Meetings or My Meetings:
The Shared Meetings folder and its created sub directories can be used for Meeting rooms that have multiple hosts or which will be used by a group, possibly rotating Host and Presenter roles among team members.
The User Meetings folder contains a sub-folder for each Host and upon clicking on the Meeting menu item, a Host is brought to My Meetings by default. This is a nice convenience that eliminates the need of finding one’s personal sub-folder within the User Meeting folder. Under My Meetings, a host would generally set up Meetings that she wishes to manage and use personally;
All these Meeting folders, sub-folders and even the Meeting rooms within the sundry folders all can have customized permissions, but the general rule, with an eye toward security, is to use the Shared folder for Meetings with multiple hosts. Meetings can be moved among folders and permissions can be set on the various folders and sub-folders, so wherever you create a Meeting, it is not stuck there should you decide to move it.
Administrators may customize folder permissions throughout:
2. Tight controls over who can enter Meetings:
When creating a Meeting, the Host may prescribe access restrictions and, if needed, subsequently edit them:
The default Meeting access selection is secure: Only registered users and accepted guests may enter the room. Hosts have the versatility and flexibility to make the permission less stringent.
The Host may set access control to Allow or Deny entrance:
Roles within the Meeting may also be prescribed under the Edit Participants tab; see Host, Presenter, Participant and Denied:
3. Secure encrypted connection:
Wile the login details and uploaded content within a Meeting are secured by default with HTTPS, Administrators may choose to encrypt the Real-time Management Protocol that drives Meetings and also to secure the Web Services API: Administration>More Settings>Requires SSL Connection (RTMPS) and Enable Enhanced Security. These settings are account-wide and thereby affect all Meetings.
Each Meeting uses at least two protocols, RTMP(S) for media streaming and HTTPS for content rendering. You should ensure that the former is secure by looking at the bandwidth indicator in the upper right side of any Meeting room. If it is using RTMPS, then there will be a padlock on the indicator, absence of a padlock indicates the media stream is in the clear although the content and login will still be still secured by default via HTTPS:
While the host and Presenter will see the padlock in their connections using the Adobe Connect Meeting Application, if you are connected to a secure Meeting using the HTML client, you will not see a padlock in the Meeting although the Meeting is secure using Secure WebSockets, WSS:
4. Login and password policies
To set password length, expiry settings, and other password restrictions or additional Meeting passcode requirements, administrators may go to: Administration>Users and Groups> Edit Login and Password Policies:
5. Compliance and control settings
Adobe Connect is very rich with features; sometimes within an enterprise, security regulations or general prudence may dictate limiting users to a subset of the sundry features available; the Compliance and Control settings offer a number of options that shut off features that may not be desired such as aspects of screen-sharing, recording, etc.: Administration>Compliance and Control
The full list of Compliance and Control options is here in the Adobe Connect Users Guide
6 Enterprise grade single sign-on
Single Sign-on (SSO) is integrated with Adobe Connect and easy to implement. It is easily activated using the Web Services API.
There are multiple Adobe Connect deployment models and each option offers different levels of security. Adobe Connect Administrators and Meeting Hosts using the Adobe Connect Multi-tenancy hosted environment may implement everything discussed so far in this article. Adobe Connect is a mature application; we maintain SOC 2 and ISO-27001 certifications for Adobe Connect. To see a summary of Adobe Connect architectural deployment models, Multi-tenancy hosted, Adobe Connect Managed Services and Managed ISP options and their commensurate security postures see the Adobe Connect Security Overview
For more information see the following links:
- The Adobe Trust Center: https://www.adobe.com/trust.html
- Advisories and Updates: https://www.adobe.com/support/security
- Security@Adobe blog: http://blogs.connectusers.com/security/
- The Adobe Privacy Center: https://www.adobe.com/privacy.html
- Adobe Connect and FedRAMP: https://adobe.ly/2wm0vyy
- Learn more: https://www.adobe.com/products/adobeconnect.html
- Visit our Security First Page: https://www.adobe.com/products/adobeconnect/security.html