Security & privacy in Google Meet Video Conferencing
by Agon Hasani, on Apr 17, 2020 2:26:48 PM
There is no doubt that video conferencing is becoming essential for organisations around the globe due to the current pandemic. This has challenged a lot of companies that needed to decide fast about which video conferencing tool is the best fit for their business needs. Recently, a lot of concerns about the privacy of video conferencing tools popped up. Even a new word ‘Zoombombing’ emerged as companies’ internal video conferences via Zoom were intruded and disturbed by unwanted guests. The privacy issue with one of the most popular online video conferencing tools Zoom, surfaces a serious privacy and security issue. Is Google Meet more secure than Zoom? Yes it is! Consider Google Meet as one of the safest online video conferencing solutions out there. In this article, I’ll explain why.
Why Google Meet instead of any other video conferencing tool
Google Meet, previously known as Google Hangouts Meet, has already proved that it’s an Enterprise-ready and easy-to-use solution. With the stellar figure of 2 million new users connecting every day on Google Meet; Google is doing its part in making sure businesses, institutions, organisations and schools are keeping connection via video in these unprecedented times of COVID-19 confinement.
But besides that, Google Meet is also one of the safest video conferencing platforms that you can use as a company. That’s the case for several reasons.
Google's Multi-layered security
First of all, Google Meet uses the same secure-by-design infrastructure, built-in protection, and global network that Google uses to secure information and privacy as a standard for all its other enterprise solutions and products.
Specifically for Google Meet, Google has taken other security measures to ensure the privacy and security of your video meetings on Google Meet. Be aware that these measures are on by default when you start using Google Meet, so you don’t have to take any action yourself to turn them on.
Online video conferencing in the browser or app
Meet has no need for frequent security patches, simply because the application works fully in your browser. This means that conveniently, there is no need for you or your external meeting participants to install any software, extension or plugin. Working with an updated version of Chrome, Firefox, Edge or Safari browser, or the latest version of the Google Meet app on mobile, suffices to stay safe at all times!
Let’s dive into a few of these protective measures that Google takes to secure your video meetings in Google Meet.
Privacy in Google Meet
Google Cloud customers own their data, not Google. The data that customers put into our systems is theirs, and we do not scan it for advertisements nor sell it to third parties.” - Google Cloud
Google Meet supports the same robust privacy commitments and data protections as the rest of Google Cloud’s enterprise services. Your video meeting calls are confidential, as is any Google Cloud Enterprise service. The Google privacy team participates on every product launch to ensure that all products and services are in compliance with high privacy standards, and this is also the case for Google Meet.
Google undergoes regular rigorous security and privacy audits for its Cloud services, including Meet.
As a Google Meet customer or user, you can rest assured that you are the only rightful owner of your data. Google ensures that your data will not be used for its own benefits: not for advertising or any other use, and it also promises it won’t sell your data to third parties.
In G Suite Enterprise and G Suite for Education, customers can use additional advanced security functionalities like Access Transparency. With that functionality, all Google access to Google Meet recordings - if any - gets logged together with a reason for this Google access to your data. This can happen for support reasons that you requested, for example.
With Google Cloud’s data region capabilities, your organisation can choose in which Google region in the world you want your data to get stored. For example, if your company requires all company data to be stored in Europe, that’s something Google can arrange.
Meet doesn’t have user attention-tracking features or software. In other words: unlike other video conferencing tools, it won’t tell your boss if you’re paying attention during the meeting or not.
Encryption in Google Meet
All data in Google Meet is encrypted in transit by default between the client and Google for video meetings on a web browser, on the Android and iOS apps, and in meeting rooms with Google meeting room hardware. Google Meet is compliant with the IETF security standards. There is a unique encryption key for every video meeting and for every person joining the meeting.
You need to be aware that if you join a meeting by phone, audio is carried by the telephone network and might not be encrypted.
All Meet recorded meetings are stored in Google Drive and get encrypted by default, like all data that you store in Drive.
Anti-intruder Measures in a Meet Meeting
To secure your online meetings further, Google has taken several anti-intruder measures to make sure your video meetings are safe from unwanted guests. These include anti-hijacking measures for both web video meetings and telephony dial-ins.
The way Google Meet works, guests can enter video meetings via a simple meeting link in the browser or Meet app. Very convenient, but is this safe? Yes it is! Google makes it nearly impossible for external people with bad intentions to crack your video meeting IDs programmatically.
Avoiding unwanted guests with secure meeting IDs
Google Meet meeting codes are 10 characters long, with 25 characters in the set. This makes it impossible for outsiders to “guess” meeting codes and join an internal video meeting that way.
Pro tip: pay attention not to share your meeting links to externals that don’t need to get access to your video meetings. This could for example happen when you share a screenshot of your meeting room where the meeting link is visible in the browser. These days a lot of companies are sharing such screenshots on LinkedIn to show how they stay in touch with their employees.
But even if this would happen, there is additional security to make sure unwanted guests enter your video meeting even if they know one of your meeting links.
Mitigating External participants risk through identified meeting links
In addition to the multi-character link, there are additional security measures that will avoid having unwanted external guests in your meeting - even if they know the meeting code for your Google Meet video meeting.
External participants from outside the host’s domain can join a video meeting directly with the encrypted link. But they can do this only if they are on the Calendar invite for this video meeting, or if they have been invited by in-domain participants from the Google Meet session.
Any other external participants must request to join the meeting, and this request must be accepted by a member of the host organisation of the meeting before this person can actually enter the meeting. Unexpected or unwanted meeting guests can simply be refused to enter the meeting by one of the meeting hosts.
In addition to that measure, Google also makes it impossible for externals to join a scheduled video meeting in Google Meet more than 15 minutes before the meeting actually starts. This is reducing even more the opportunity window for malicious ‘meeting-bombers’ to attempt to break in your video meeting.
All these measures make it nearly impossible for outsiders to ‘Meet-bomb’ or hijack your organisation’s video meetings.
Reliability and Compliance
Reliability when demand rises
Google’s network is created to handle well peak demand and to make sure growth and scaling is possible. Making use of Google’s global infrastructure, Meet can scale fast and efficiently when demand rises. In short: you can count on Google’s infrastructure to hold reliable video meetings with Google Meet without any interruptions or risks for breaches.
When Google Meet’s usage began to increase explosively the moment that many companies worldwide began to engage in full time teleworking in response to coronavirus health measures, Google made sure there was still no outage of service. It was able to scale quickly with the necessary infrastructure and engaged extra engineers swiftly, all to keep Google Meet up and running smoothly. Unlike other video conferencing solutions like Microsoft Teams, that had some outages due to the large demand.
Certified & compliant products
Besides all the measures taken by Google, Meet and the rest of the products undergo regular independent verification of privacy and security. This already resulted in achieving various international security certifications, attestations of compliance and much more.
Some of the global certifications and attestations that Google obtained for its products include SOC 1/2/3, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, FedRAMP Moderate ATO, HIPAA compliant use, HITRUST CSF, GDPR, Privacy Shield Framework (EU-U.S. & Swiss-U.S.), BSI C5 (EMEA), ENS High (Spain), MTCS Tier 3 (Singapore), OSPAR (Asia Pacific), and CSA STAR.
This was just a part of the wide offer of Google security and privacy tools that are used to secure enterprise level Google Meet video meetings. We didn’t cover additional G Suite security features like Google Vault, Data Regions, Google’s Advanced Protection Program (APP) and more, all features that are also there to ensure you have secure Meet Meetings.
With the information provided, I encourage you to give Google Meet a try. Not just because it is the most secure video conferencing tool, but also because it’s simple to use and reliable. With Google Meet, you can rest assured that your organisation is protected while organising high quality, accessible video conferencing.
Want to know more about security in Google Meet? Download the one-pager!
Get Google Meet free now!