Security

EventBuilder Real Time Communications Cloud

EventBuilder’s Real Time Communications Cloud software applications are hosted within the Microsoft Azure cloud infrastructure, real time streaming content is delivered via 3rd party Content Delivery Networks (CDNs), and EventBuilder BridgeAudio integrated telephony solution is hosted within one of the largest telecommunications hubs in the United States.

We take every precaution to protect our customers’ information. We use secure proprietary technology, privacy protection controls, and restrictions on employee access in order to safeguard your personal information. When customers submit sensitive information via the web site, the information is protected both online and off-line.

When we ask customers to enter sensitive information, it is protected with SSL, the industry standard for data encryption.

All employees and/or contractors conducting work for EventBuilder must abide by our privacy policies. Employees and/or contractors who violate our privacy policies are subject to disciplinary action, up to and including termination. Only authorized employees are permitted to have access to personal information and access is allowed on the basis of need only.

 

Microsoft Azure

Microsoft Azure uses multiple safeguards to protect customer and enterprise data. These security practices and technologies include:

  • Identity and access management – Azure Active Directory helps ensure that only authorized users can access EventBuilder environments, data, and applications, and provides multi-factor authentication for highly secure sign-in.
  • Encryption – Azure uses industry-standard protocols to encrypt data as it travels between devices and Microsoft datacenters, and crosses within datacenters.
  • Secure networks – Azure infrastructure relies on security practices and technologies to connect virtual machines to each other and to on-premises datacenters, while blocking unauthorized traffic.
  • Threat management – Microsoft Antimalware protects Azure services and virtual machines. Microsoft also uses intrusion detection, denial-of-service (DDoS) attack prevention, penetration testing, data analytics, and machine learning to constantly strengthen its defense and reduce risks.
  • Compliance – Azure complies with both international and industry-specific compliance standards and participate in rigorous third-party audits, which verify our security controls.

 

Telephony Integrated Applications

EventBuilder hosts its integrated audio teleconferencing applications and hardware inside the Pittock Internet Exchange, located in Portland, Oregon USA. An industry standard, secured, colocation facility. Telephony traffic is carried via multiple 3rd party VoIP providers.

 

Application Authentication

The EventBuilder Real Time Communications Cloud divides roles and permissions in (3) methods:

  • *Administrator – user management, user permissions, feature configuration, account/application configuration, content management and report access.
  • Organizer/Moderator – meeting feature configuration, meeting management, template management, content management and report access.
  • Attendee – meeting access.

*Customer account administrator(s) are provisioned by EventBuilder during the implementation process

 

Application Authentication

Administrators and Organizer/Moderators require authentication for application access. EventBuilder enforces the following authentication methods:

User Name – email address.

Password – minimum 8 characters with a minimum combination of (2) numbers and/or supported special characters.

Forgot User Name/Password – reset instruction delivered to named user account by request.

Session Timeout – 4 hour default.

 

Meeting Access

Meeting Attendee access permissions are set at the meeting level by Organizer/Moderators and/or Administrators.  Meeting access configuration applies to both meetings and meeting recordings.  The following meeting access controls are available:

 

Attendee Access

Open – no authentication required. Requires first/last name.

Anonymous – no authentication or identification required.

Whitelist – access control list set by email/domain.  Only those on the whitelist may attend.

Blacklist – access control list set by email/domain.  Those on the blacklist are prohibited from attending.

Approve Registrant – attendees required to have Organizer/Moderator approval before meeting access is granted.

Email Verification Required (2 factor) – attendees must verify email address before meeting access is granted.

Block Registrant– attendee can be blocked from attendance by Organizer/Moderator at any time during the registration process.

Force Exit – Organizer/Moderator may dismiss attendee(s) during the meeting session.

Meeting Listings – Organizers/Moderators can set meetings to be listed or unlisted.

 

Content Capture

When the EventBuilder streaming feature is used for scalable playback and/or for recording purposes, The EventBuilder Real Time Communications captures all content Organizers/Moderators served through their instance of Microsoft Skype for Business client.

Audio Content – is delivered on HTTPS Port 443 with Transmission Layer Security (TLS)

Visual content – is delivered on HTTPS Port 443 with Secure Socket Layer Security (SSL)

 

Content Delivery

The EventBuilder Real Time Communication Cloud delivers live and on-demand content securely to thousands of viewers through common web browsers. EventBuilder supports the following operating environments:

 

Attendee Requirements

Internet Explorer IE10, IE 11 and Edge
Google Chrome Version 30 and above
Firefox Version 25 and above
Safari Version 6.0 and above
Flash Player 11.0 and above for desktop

 

Moderator Browser Requirements

Internet Explorer IE10, IE11 and Edge
*Google Chrome Version 30 and above
Firefox Version 25 and above
Safari Version 6.0 and above
Flash Player 11.0 and above for desktop

*Closed captioning feature requires Google Chrome version 30 or above

 

Attendee Supported Devices

Android Devices Version 4.2 and above
Apple Devices iOS 6+

 

Depending on device and network access and network settings, content is delivered through 3 possible ports:

Port 80 – RTMPTE and HLS

Port 443 – Web Services, SSL and all web socket traffic

Port 1935 – RTMPE

RTMPE which is RTMP encrypted using Adobe’s own security mechanism. The mechanism uses industry standard cryptography primitives.

HTTP Live Streaming (also known as HLS) is an HTTP-based media streaming communications protocol implemented by Apple Inc. as part of their QuickTime, Safari, OS X, and iOS software. It works by breaking the overall stream into a sequence of small HTTP-based file downloads, each download loading one short chunk of an overall potentially unbounded transport stream.

Secure Sockets Layer (SSL), is a cryptographic protocols designed to provide communication security over the Internet.  It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties.

Web Socket is a protocol providing full-duplex communications channels over a single TCP connection.