Curated by: Luigi Canali De Rossi

Monday, November 17, 2003

The Future Of Web Conferencing: Good Interviews Andrew Harding

Sponsored Links

Sitting in front of me this time is Andrew Harding, a specialist in network security, authentication, identity management and in many more technical buzzwords most of us are not familiar with.


Andrew and his company, Neoteris (now bought by NetScreen) are dedicated to support and facilitate the growth of a uniquely important sector: Cross-enterprise online meetings which require the highest standards of security and authentication.

As most people hardly realize, the peace of mind provided by a little yellow lock icon sitting at the bottom right of your browser is no indication that the person in front of you on the screen is actually who she claims to be. Not only, but the use of encryption protocols to any communication channel may actually prevent standard security and authentication policies from being effectively carried out.

Andrew Harding helps us understand a bit more of these issues while leading us into conversations and topics that as much they appear remote and distant today, appear to bear tremendous importance and significance to our ability to make the online environment a quiet and relaxed place where to securely carry out our businesses.

Robin Good: What do you think is the most misunderstood concept about online collaboration both in its current and ideal states? (What is the one thing that if done differently would radically change the way we think of Web conferencing or real-time online collaboration.)

Andrew Harding: Robin, the most misunderstood concept about online collaboration is that it's secure because it uses SSL and passwords for participants.

Neoteris is doing something that I hope will catalyze change in the way people use online meetings.

We support instant meetings that address the security and cost concerns of previous approaches.

There is lots of buzz around end-user features these days, and of course there's still lots to be done in that area, but I think online meetings have reached the point where enterprises can adopt them as a core business tool.

It's time for products to focus on security and total cost of ownership, particularly in the areas of policy enforcement and instant enterprise integration. Those features will enable enterprises to deploy online meetings throughout the enterprise and between enterprises, allowing attendees from several locations to meet in a secure and cost-effective manner.

Authentication for attendees, in some cases using secure tokens, authorizations for certain employee groups to be able to share only certain information, and detailed audit logs of each meeting activity and event are becoming more important these days for enterprises concerned about the privacy of sensitive information.

Robin Good: Is what we define as Web conferencing today going to change much in the coming months and years?

Andrew Harding: I think it will. Just as the Web changed and people use the same technologies and protocols to fill several business needs in many parts of the enterprise, I expect online meetings to be used inside the enterprise and across multiple enterprises. This changes the security requirements and total cost of ownership constraints significantly.

Web technologies, such as browser-based systems and HTTPS are used in many places within the enterprise network, and I expect that collaboration technologies will also be used in many places. Some vendors will focus on internal meetings. Other will focus on very large events, such as webcasts.

Neoteris is focused on cross-enterprise meetings where cost-effective deployment of strong authentication, AAA policy enforcement, and network security pose critical barriers to broad adoption.

Robin Good: When you think about how people will use Web conferencing tools in the future, what do you see? What will be the main differences from the way they are used today?

Andrew Harding: I think we have reached a critical point, where the core functionality is settling in; it's about application sharing, enabling groups of users separated by physical distance to work as if they are in the same room, preserving the productivity and security of actually having private face-to-face meeting without incurring the costs of complex desktop software deployments or the recurring costs of services.

Robin Good: What type of other "conferencing" activities will we see in the future that are not yet available today?

Andrew Harding: There is quite a bit of noise around multipoint video and VoIP these days, but I don't see the benefit within collaboration quite yet. It's dangerous to predict what will happen over the long term, so I'd rather not do that.

Robin Good: Why is the issue of security so important to Web conferencing and online collaboration?

Andrew Harding: Security is important with any Internet communication tool, but online meetings involve users sharing an enterprise's most critical information and applications in real time.

Meetings might use desktop sharing or remote control functionalities.

These two tasks: information sharing and remote control allow users on the inside to send information out and allow attendees "on the outside" to control an internal PC - effectively putting the outside user on the corporate network.

Before Meeting Series, there simply was not a cost-effective way to deploy online collaboration and apply security policy to it. In the absence of a security solution, and faced with early adopters who could easily self-provision Web conferencing services, IT staffers were in a tough spot.

They could not apply security control or AAA policy to online meetings. The security issues were really swept under the rug, because users wanted the functionality so badly.

Now that the risks and costs of online meeting services are becoming evident and now that the enterprise have some security options available, these issues are coming back to light.

Robin Good: What are the components of online security?

Andrew Harding: Online Meetings have the same security issues and require the same security controls as any enterprise IT tool. Transport encryption is required. The gateway platform needs to be audited by a certified third party for system, network, and application security.

The system must support manageable, enforceable User Authentication, Authorization, and Auditing (AAA) policies.

Of course, none of this matters if the system is not available, so high-availability and clustering for scalability are often considered when assessing a system's security.

The challenge for vendors trying to secure on-line meetings is to do it in a way that reduces risk and cost.

You've got to have a platform you trust. You've got to have application security that works, and it must integrate with existing AAA policies, stores, and methods.

These terms might seems new to people who are focused on collaboration, but now that online meetings are becoming a core business tool, it's time that the tool is secured.

Robin Good: Will we need secure spaces for any type of activity we will to conduct online?

Andrew Harding: I think so. Everyday is becomes more apparent that IT security needs to be part of all our our network-connected applications.

We need to protect data in transit, because there are people out there who will steal information if they can. We need to manage and authenticate user identifies and authorize access based on profiles, because there are people out there who will steal identities and try to gain illegal access if they can.

The online meeting is too important of a tool to allow the people with malicious intent to compromise our use of it. It would be unfortunate if this emerging tool, a tool which is becoming evermore critical in the global, extended enterprise was diminished or lost because we didn't secure it from the beginning.

Robin Good: What are the issues about security and identity that may arise in the future when people will be seriously working online? Can you give me some examples?

Andrew Harding: In the past there was some risk that users were "meeting in the clear," but most vendors have added transport encryption to stop this problem.

This has solved one problem, but created a new one: with transport encryption in place, there's no good way to apply a security policy to the collaboration session.

That attempt to increase security has resulted in a risk of "silent document leaks" and can allow content to enter the network without being scanned for viruses or checked for other malware. This "peer-to-peer" backdoor is an emerging problem, it's not yet as widely exploited and not as obvious as other security issues, but it's very concerning.

Most often we see systems that support only weak authentication and have no way to enforce password management policies.

Strong authentication, including two-factor and PKI systems, are critical in some collaboration scenarios. We've seen how poor identify management integration and weak authentication can lead to compromises, so we're worried about the risk of invisible remote control.

As more enterprises adopt infrastructure-based systems to avoid the weak authentication and AAA policy shortcomings of services, they also need to think about system security.

It's not prudent to put a collaboration server on the network edge without knowing that it's a secure system.

Robin Good: Which specific tools that have emerged in the last 1-2 years have impressed you the most?

Andrew Harding: There is too much interesting stuff going on in the collaboration space to point out just a few specific tools.

Robin Good: How does the future of Webex, Centra, Live Meeting and other big enterprise players look to you?

Andrew Harding: Of course, I think the services and software toolkits have a future.

Software toolkits are going to have a tougher time than services, because they are so complex to deploy.

I think they might evolve as components inside other applications and be used internally, where security concerns are lower.

Services, like public conference centers in the physical world, will coexist with internal meeting rooms. When an enterprise cannot meet the need with internal resources and can justify the cost of an external meeting site, they'll use a offsite facility or service.

Robin Good: In which ways are the SOHO and "enterprise" markets substantially different when it comes to Web conferencing, live presentations and real-time collaboration?

Andrew Harding: In many ways the needs are the same, but enterprise customers do often have a much more complex environment.

The AAA integration and policy requirements are greater in the enterprise market.

Simple management is necessary in both arenas.

Small businesses that do not require a high number of users and have only small meetings might be able to deal with the security tradeoffs of online services in some cases.

Robin Good: What do you think is the greatest obstacle to standardization and interoperability of these collaboration tools?

Andrew Harding: I'll answer this question with two questions:

What benefit does interoperability pose to the very large vendors in the space? We've seen this in the IM space first, where there's been a great deal of standards work that resulted in little concrete benefit for end users.

Lots of people claim T.120, and H.323 support. It's really not much more than alphabet soup right now: SIP, SIMPLE, IMPP.

These standards aren't really helping customers yet because vendors have been slow to work together.

What benefit does interoperability pose to customers? The potential here is clear: data integrity, network transparency, platform independence, network independence, and scalability.

Robin Good: Where do you stand in respect to Microsoft DRM strategy, TCPA/Palladium and their restrictions on interoperability of MSN's instant messenger with other instant messengers?

Andrew Harding: The industry effort to uniquely identify PCs and extend DRM to each PC, creating a "trusted computing environment" encompasses broad initiatives that span far beyond secure cross enterprise meetings.

It will be some time before this work has an impact on secure cross-enterprise meeting infrastructure. Because the Meeting Series functions independent of directory platforms and enterprise messaging vendors, we'll wait for these initiative to work out both the technical integration deploying such technology.

Robin Good: What do you think has been the major marketing mistake committed by Web conferencing companies when it comes to marketing their products?

I hate to point out other's mistakes. And frankly the services and toolkits that are still around haven't made very many.

The leading services built the right service for the early adopters and have been trying to drive toward the meat of the market.


Maybe the services have been skimming off the market?
$150/user-port/month is high, especially when you have to give up security controls to make things work.

Maybe they've been measuring ROI based on physical travel?
That's really not a fair comparison anymore.

Maybe the toolkits and internal solutions were too complex to deploy?

Maybe they were not appropriate for public-facing deployments so they ignored cross-enterprise meetings too long?

Robin Good: What chances do small companies have to play an important role in this market?

Andrew Harding: I was asked this same question when we launched the Access Series. As I did then, I recognize now that we've got a challenge ahead.

But we're focused on security and TCO, on what customers want. I think small companies that deliver cost-effective solutions to critical application and network security needs will play an important role.

Neoteris, when it was a small company, defined the SSL-based access market and enabled enterprises to deploy secure access in ways they had never anticipated. With our SSL VPN Access Series we introduced network appliances that reduced the costs and increased the security of providing secure remote access, vs. traditional IPSec remote access products.

SSL VPNs are now here to stay. I think the same model applies here. And this time we have greater resources and a more mature Neoteris platform to build on.

Andrew Harding, Neoteris Technical Marketing Director, has more than 10 years of technology experience. Before joining Neoteris, Andrew managed application development of several products, including an XHTML Internet microbrowser and a mobile download server. Previously, Andrew was a software engineer at IBM, where he worked on DB2 and Data Management products, including IBM VisualInfo and IBM Content Manager.

The Future Of Web Conferencing:
Related interviews:

  1. The Future Of Web Conferencing: Good Interviews Brad Treat

  2. The Future Of Web Conferencing: Good Interviews Stephanie Downs

  3. The Future Of Web Conferencing: Good Interviews Roland Piquepaille

  4. The Future Of Web Conferencing: Good Interviews Jeff King
    WaveThree Software

  5. The Future Of Web Conferencing: Good Interviews Gillian Kerr
    RealWorld Systems

  6. The Future Of Web Conferencing: Good Interviews David Woolley

  7. The Future Of Web Conferencing: Good Interviews Richard Baker
    Glance Networks

  8. The Future Of Web Conferencing: Good Interviews David Fowler
    Groove Networks

  9. The Future Of Web Conferencing: Good Interviews David Smith
    Web Conferencing Warehouse

  10. The Future Of Web Conferencing: Good Interviews Dennis Gerik

  11. The Future Of Web Conferencing: Good Interviews Daniel Shefer

  12. The Future Of Web Conferencing: Good Interviews Paul Coffey

  13. The Future Of Web Conferencing: Good Interviews Bonnie Belvedere
    Conferencing News

  14. The Future Of Online Collaboration - An Interview with Wes Kussmaul

  15. How Do I Review And Approach Web Conferencing Companies?

  16. How Do I Select Web Conferencing Tools?

  17. Online Collaboration And Web Conferencing Update

Readers' Comments    
blog comments powered by Disqus
posted by Robin Good on Monday, November 17 2003, updated on Tuesday, May 5 2015

Search this site for more with 








    Curated by

    New media explorer
    Communication designer


    POP Newsletter

    Robin Good's Newsletter for Professional Online Publishers  



    Real Time Web Analytics