BlueJeans Video Conferencing Privacy

 

The sobering events of the past several weeks have turned the working world on its head—leading to a surge in the use of video conferencing and collaboration tools as the pandemic forces organizations and individuals to adopt a culture of remote work.

BlueJeans’ own usage data shows just how quickly organizations around the globe have shifted from working in offices to working from home since the beginning of the COVID-19 outbreak. As a result, the industry has a responsibility to ensure the video conferencing tools people are using are safe and secure.

Today, we released a set of guidelines—Eight Best Practices for Safe Videoconferencing—designed to help workers across industries stay safe, protect their information, and maintain secure business operations during this challenging period. In addition, we want to clearly explain how we are working to protect our customers’ and end-users’ security and privacy, while delivering a great video meeting experience.

At BlueJeans, we understand the need for secure internal and external organizational communications. We take the security, integrity and availability of our service, as well as the privacy of our users, seriously. We work to ensure the BlueJeans meetings platform provides the essential security features of an enterprise-grade video meetings service.

Being proactive about video conferencing security and privacy has always been a core tenet of our culture at BlueJeans. Below we highlight practices BlueJeans follows to protect our customers.

Our Privacy Policy provides a clear explanation of what and how BlueJeans collects information about you when you interact with the platform, including through our websites, applications, and services. It also lets you know what choices you have regarding our use of your personal information and how you can access and update that information. At a high level:

  • BlueJeans respects the privacy preferences of our customers. We do not share customer data with unaffiliated companies. As documented transparently on our website, limited user data may be shared with our partners, for the purposes of running our business, including delivering customer installations, communicating with our customers, providing customer or transactional support, gaining product feedback, and ensuring product performance.
  • Only the most basic user data is stored in the BlueJeans database on a personal level. This includes standard user profile details (username; password; email address; first, middle and last name as mandatory fields; and title, company name, and profile picture as optional fields) and the necessary billing details.
  • BlueJeans continues to implement its existing technical and organizational measures regarding the security of personal data, including routinely reviewing and updating security controls related to data retention, data at rest and in transit, and incident management.
  • BlueJeans does not sell your personal information and is compliant with the California Consumer Privacy Act.
  • BlueJeans also follows relevant international data privacy regulations, including General Data Protection Regulation (GDPR). We continue to do proper diligence on our subcontractors, subprocessors, and service providers to help make sure personal data is treated and protected appropriately. Our updated list of subprocessors and subcontractors is here.
  • BlueJeans delivers secure meetings through encryption using standards-based protocols including SIP, SRTP, TLS and H.323, ensuring the highest levels of confidentiality and security for all your business communications, regardless of hardware environment. Video, audio, and content in transit is encrypted using AES-128 encryption. Recordings are stored in secure containers in the cloud. These videos are encrypted at rest (using AES-256) and are only accessible to the recording originator.
  • All user accounts are secured using Authentication and Authorization. BlueJeans supports username/password and SSO using SAML 2.0 for utilizing the Enterprise’s IDP. All web traffic is over TLS 1.2. Passwords are stored as SHA-256 salted hashes. BlueJeans supports role-based authorization. An administrator can manage the Enterprise account by setting policies and managing users.
  • A BlueJeans user can manage his/her own account, and schedule and conduct meetings. BlueJeans meetings come with various security capabilities that users may set as default or enable when required, such as One-time Meeting IDs, participant passcodes, moderated meetings, additional encryption options, meeting locks, and the ability to expel a participant as needed. Use of these features and exercising caution not to post meeting links on external websites and social media, will help keep meetings private and secure.
  • For large-scale confidential events, including organization-wide town hall events, BlueJeans offers secure video events which restrict attendees to only those who are both invited and can authenticate via SAML, eliminating the concern that emails with invitation links may be forwarded to external parties.
  • BlueJeans takes care to ensure we follow best practices for secure and transparent installations of our Desktop and Mobile apps. Our Mac PKG installer and Windows MSIs, recommended for enterprise deployments, follow standard OS installation recommendations including clearly alerting users to their options when installing our software. On the Mac for example, we do not open up the possibility for privilege escalation or use deprecated Apple APIs.
  • For end-users and organizations that prefer the convenience of browser-based video conferencing with no downloads or installations, BlueJeans offers its award-winning WebRTC implementation, offering zero-download meetings across six browsers.
  • BlueJeans continuously improves the security posture of our products and services through in-house security testing, penetration testing utilizing third parties, and a paid public bug bounty program through BugCrowd.
  • For CISOs and IT professionals, BlueJeans offers options in our Command Center and Enterprise Admin tools to protect their organizations, including advanced fraud detection to detect and report on repeated login failures and meeting join failures.

Only through open dialogue and communication can organizations stay on top of the latest security threats that face our digital workforce today. BlueJeans is committed to innovating responsibly and communicating transparently, so that organizations and end-users across many industries such as Financial Services, Healthcare, Education, Government, and Technology can confidently use our services and be productive during these trying times.

More resources:

Learn more about our approach to security and privacy at the BlueJeans Trust Center.