WebRTC's Risks & Rewards: Listen Up, C-Suite

WebRTC gives users the ability to share video, audio and data with each other directly in a browser without installing any plug-ins, apps or software. Users simply go the same URL and open a channel.

Businesses care about WebRTC because it is entirely peer-to-peer, which lowers bandwidth costs. Also, WebRTC delivers better performance and lower latency than traditional conferencing solutions. And WebRTC allows people to exchange data quickly; for instance, instead of uploading a file to a server for your trading partner to retrieve, you can bypass the server and send the file straight to your partner's browser through WebRTC.

For the CIO and CSO of a company chartered with streamlining operations through technology while protecting corporate secrets, the rapid shift to cloud-based peer-to-peer communications can be alarming. And although every enterprise has a different level of risk tolerance, there are a few concerns that all organizations share in common.

Will WebRTC deliver real value?
People like to do business face-to-face, and there's value in that for enterprises.

The challenge has been creating that human connection over the usual channels, like email, print advertising and social media.

  • Most vendors and customers have only been reachable by a phone number, which means enterprises have needed access to the PSTN to communicate with them
  • The face-to-face communications that are in use usually require enterprises to provision their personnel with expensive smartphones and manage complex BYOD schemes

WebRTC lets your company untether communications from a physical desk or a costly phone. The freedom to talk face-to-face through a web browser fundamentally changes where, when and how a knowledge worker can engage with your trading partners.

Who's going to be using WebRTC, and how can we control access?
Every business is putting a high level of trust in its employees every time a phone call is made, but corporations usually must manage user access through disjointed vendor-specific management platforms. Ask yourself this: when an employee leaves, can access to corporate resources be locked down in a single click?

With WebRTC, no access to corporate authentication sources is required, so the phone system is not exposed. However, like any web connection, WebRTC carries some risk. To minimize accidental access, native security features are built in:

  • End-to-end encryption between peers (DTLS and SRTP)
  • Explicitly asks permission to access camera and microphone
  • When a browser tab has access to media devices, a blinking red spot alerts users

How does WebRTC fit into our compliance requirements?
WebRTC is neither compliant nor non-compliant. It is simply a set of protocols that enable media transmission, and the only information shared by WebRTC is IP addresses. Since WebRTC runs in browsers and does not use any plug-ins or apps, compliance efforts must focus on the website, host and services that enable the connection.

While WebRTC technology itself does not directly impact compliance, the way companies manage it does. Regardless of whether the regulation that affects you is SOX (Sarbanes Oxley), PCI-DSS or HIPAA, you must be able to control and verify who has accessed information on your systems. Those records are called audit trails.

Are we going to be able to maintain audit trails of WebRTC sessions?
As you enable PSTN calls through a web browser, you'll want to know more than just a "from" and "to" number. You'll want to know who made that call and where.

These questions are easy to answer for people with fixed desk phones and even mobile phones, but they are hard to answer when your communications platform can be accessed from a web browser anywhere in the world. Solutions are on the market to manage audit trails, particularly for the healthcare and financial industries at the packet level.

At the content level, WebRTC is an excellent tool for creating audit trails. WebRTC sessions can be recorded and documents can shared and signed within a session. Complete records of entire relationships can be preserved, along with associated agreements.

Will our existing infrastructure investments go to waste?
Anyone evaluating a WebRTC solution for the enterprise must consider the potential investment of time and capital relative to the value already derived from existing infrastructure. No one wants a "rip and replace" solution for a technology that is still maturing.

Whether you've moved your communications to the cloud or still hosting your own on-prem equipment, a WebRTC solution can complement what you have today. Your investment is your existing stable infrastructure remains, while you augment your interaction with your trading partners through WebRTC.

Is WebRTC really ready for the enterprise?
Anyone can set up a simple WebRTC implementation between two parties on compatible web browsers. The real challenge is in connecting these end points in a secure manner to the rest of the world that uses phone numbers -- the very place where business communications still happens today.

While most enterprises are probably not ready for WebRTC today, there is clearly great value to be gained for the right use case.

— Steve Leonard, Executive Vice President and General Manager, Bandwidth.com

nasimson 1/24/2016 | 5:38:47 AM
From Skype to WebRTC I'm a big fan of WEBRTC. Quite a few months back, our organization of 1500+ people, moved from Skype to Appear.In It's so easy and so better. Skype should introduce it's own WEBRTC, a browser based Skype, or it will face decline in active user base.
danielcawrey 1/18/2016 | 6:34:05 PM
Promise I think there is a lot of promise for WebRTC. The thing to think about is what kinds of services that vendors are offering. Do they have WebRTC capabilities included? I think this is the most important aspect to consider. Being a low-bandwidth solution like WebRTC is something useful these days, it's just making sure communications products have it. 
Sign In