Five years ago we set out to build a secure and compliant collaboration platform without compromising usability and functionality. Today, our unique security architecture is a key differentiator and also remains our highest priority.
Symphony builds enterprise collaboration for the heavily regulated and high stakes financial services industry. Making it secure was not optional. Together, with our investors and customers, we designed an architecture that puts privacy, control, and compliance at the forefront while optimizing for ease of deployment and use.
We launched our service in 2016. Since then it has evolved into the largest connected trusted community in financial services. Today, we are proud to enable secure team collaboration for over 500k financial services professionals.
From Messaging to Meetings
As we grew the community, we added new capabilities – from the encrypted messaging foundation we added real-time voice, video and screen sharing. Our customers have embraced the integrated functionality and usage is growing rapidly.
On the technical side, we started with standard WebRTC but quickly realized we needed changes as WebRTC only supported end-to-end encryption on a peer-to-peer basis. This limits meeting sizes and wastes network bandwidth in larger meetings. So in 2017, we built an experimental version of the code and a working version was developed that supported strong end-to-end encryption with large meeting sizes.
We then worked with the open-source community to bring our security principles and related benefits to the whole world. The efforts were based on a proposed standard called “Privacy Enhanced RTP Conferencing” (PERC). Like our proof of concept, PERC was designed to encrypt all media streams end-to-end beyond peer-to-peer communications.
Unfortunately, our approach didn’t attract many supporters and, despite our efforts, no standard emerged.
In the absence of a global standard we took a different approach. We created a hybrid model where signaling is handled in the cloud and media is routed locally on the customer premises. Local customer-owned encryption keys are accessed only in their trust zones. This was designed as an enterprise solution, meeting the strict security requirements of our customers. In parallel we started developing a technical approach to end-to-end encryption for all sizes of businesses.
Security First is Difficult
The “grow fast and deal with the security issues later” approach that some firms have taken was not an acceptable option for us. Security first indeed imposes a set of architectural choices that have impacts on functional agility.
Virtual meetings are now a much bigger part of our lives, personal and professional. The Covid-19 crisis has boosted adoption and brought it to the mainstream market. Watching others compromise on security and grow fast has not been easy, and made us shake our heads … We’ve wondered if security, privacy and regulatory compliance requirements are being relaxed while we deal with this crisis? If so, are we being impractical or overzealous?
The Impossible Paradox: Security vs Convenience vs Compliance
Maybe that is the wrong question – instead is it possible to offer security together with convenience, performance, and usability and meet the regulatory requirements at the same time?
We have seen this question play out in the messaging space, we believe it will be the same for virtual meetings – it is inevitable – and Symphony is solving this paradox. We are bringing our “security-first” DNA to our virtual meetings. We are investing for everyone – and this time we finally have the WebRTC community behind us thanks to new APIs in chrome.
Here is our commitment to you: convenient, and secure video Meetings, asap. We’ll be first to deliver compliant, secure enterprise-grade virtual Meetings with true end-to-end encryption and recording.
More to come very soon. Please visit https://goto.symphony.com/truly-secure-meetings.html to sign up for updates.