Breaking News: Highfive Acquired by DialpadRead Press Release

Highfive Video Conferencing Security Position

Highfive takes the security of our data and our customers’ data seriously. This page briefly outlines our approach to cloud architecture, data privacy, and application security of data at rest and data in transit. For a more in-depth discussion of these topics, please contact your account representative to set up a discussion with our technical security experts.

Highfive Video Conferencing Security Position Highfive Video Conferencing Security Position
Cloud Architecture Cloud Architecture

Cloud Architecture

Highfive video conferencing includes on-site hardware devices paired with cloud-based services. All cloud services are hosted by major cloud providers Amazon Web Services (AWS) and Google Cloud Platform (GCP). These providers have industry-leading security practices and compliance, including on-site security at their data centers.

Highfive media session traffic is encrypted in transit. Highfive meeting recordings and other application data are encrypted at rest with AES-256 within the above cloud platforms. In addition, the cloud security service Threat Stack is utilized to monitor our services for intrusion.

Device & Application Security Device & Application Security

Device & Application Security

On-site, Highfive hardware devices only require access to the internet, not your company’s local network. Highfive actually recommends that hardware devices be deployed on a separate VLAN to eliminate any risk of intrusion.

All endpoints (software and hardware clients) and servers that transmit audio and video data in Highfive use WebRTC. WebRTC is an open source implementation and protocol specification that is extensively peer-reviewed and is deployed across billions of devices running modern web browsers. See this study for more information. Highfive requires outbound UDP access on a single port that can be through a Network Address Translation (NAT) layer. No inbound access is required for Highfive endpoints.

Highfive releases updates to software, both for client and hardware devices, every two weeks via an automated push procedure. No customer action is necessary on your part to keep your Highfive software and devices up-to-date. This rigorous release schedule assures that any vulnerabilities are quickly addressed soon after discovery. Top priority software fixes are also deployed more frequently, when necessary. Highfive uses extensive peer reviews of code deployed in applications and on Highfive hardware with a specific focus on data security.

Only authenticated users can initiate Highfive meetings. User authentication is done using standard protocols (SAML 2.0, OAuth 2.0), or passwordless verification of an email address in the customer’s domain.

Unauthenticated users can only access Highfive meetings if they have been given a valid meeting URL from an authenticated user. Further, unauthenticated users are initially placed as a guest in a virtual waiting room, and can only access the meeting if let in by an authenticated user. Meeting recordings can only be accessed by an authenticated user. Administrators of the your Highfive domain have access to a dashboard that allows control over which users have access to Highfive services.

Data Privacy & Data Access Data Privacy & Data Access

Data Privacy & Data Access

Highfive respects the privacy of your users and your organization. Highfive stores very limited personal information about our authenticated meeting participants, such as name and email address. Additionally, we store logs of user actions for diagnostic purposes. The meeting recording feature of Highfive may also be disabled by customer request.

Internally, Highfive uses industry-standard organizational security controls to ensure only authorized company representatives have access to your data and meeting recordings. This includes technical support and engineering staff involved in investigating and diagnosing issues that you have reported.

The General Data Protection Regulation (EU 2016/679), or GDPR, has been adopted by the European Commission for the purpose of harmonizing data security and privacy laws among all member states in the European Union. GDPR has been designed to provide individuals with greater control over how their personal data is collected, stored, transferred, and used, while also simplifying the regulatory environment across the European Union (EU). Highfive takes necessary actions and implements appropriate technical and organizational measures to ensure that its services comply with applicable provisions of the GDPR.

"Incomparable product with amazing features"

The thing which impressed me great about it is surely the video conference quality. Furthermore another plus point is that it helps us in sharing screen directly with others.

star star star star star

5/5 Stars

Experience Highfive for Yourself