LogMeIn JOIN.ME OPERATIONAL Manual

JOIN.ME
SECURITY AND PRIVACY OPERATIONAL CONTROLS
V1 October 2020
LogMeIn join.me Security and Privacy Organizational Controls
Publication Date: 6/2/2020
This document covers the security and privacy controls for join.me.
join.me is an online meeting and screen sharing service that gives users the ability to quickly and securely host an online meeting with other people. These services can be initiated through a visit to the https://join.me website, through a small downloadable desktop application or through mobile applications (iOS and Android). It is available in a Lite version as well as a “Pro” premium version for individuals and small teams and a premium “Business” version for larger teams and company-wide use.
2 Product Architecture
LogMeIn join.me is a SaaS-based application hosted on multi-tier architecture located in secure and reliable data centers in key locations around the globe. A multi-layer security approach is utilized at all levels from the physical layer through the application layer.
The join.me architecture includes components such as web servers, application servers, media servers, databases, media controllers and media engines. The application has built-in redundancies, designed to increase the availability and reliability of the service, so that if an application server or data center goes off-line or become unreachable, the session should quickly migrate to a different application server. Load balancers are utilized in order to geographically maintain availability. Both access to the application website and the information that travels between components is encrypted in transit utilizing Transport Layer Security (TLS) protocol. Customers have the flexibility to elect specified types of data that are stored on their behalf -- session data, for example, such as screens, video, or chat logs, are not, by default stored on LogMeIn servers. [1]
Services provided by join.me rely on third-party telecommunication companies to provide the audio-based conference infrastructure that allows audio participants to connect to each other regardless of which endpoint device they use to join. WebRTC technology is utilized to deliver video conferencing on platforms such as Windows, Mac OS X, HTML5, iOS and Android. The MP4 video format is used to save video recordings and can be stored in the Azure storage region closest to the presenter’s location.
Web server – User registration, account and meeting settings, meeting launch
Application Server – Maintains meetings, distributes data among appropriate viewers
Media server – Distributes media streams among appropriate viewers
Database – Stores user profiles and meeting settings
Media controller – Controls media sessions and PSTN connections
Media engine – Post-processes media elements in order to provide recorded meeting video
3 join.me Service Technical Security Controls
LogMeIn employs industry standard technical controls appropriate to the nature and scope of the Services (as the term is defined in the Terms of Service [2]) designed to safeguard the Service infrastructure and data residing therein.
3.1 Logical Access Control
Logical access control procedures are in place, designed to prevent or mitigate the threats of unauthorized application access and data loss in corporate and production environments.
V1 October 2020
Loading...
+ 7 hidden pages