Enterprise web conferencing

["Dan Lynch" <DLynch () placer ca gov>]

Greetings group,

My organization will soon be implementing an appliance-based
tele-conferencing/web-conferencing solution. The intent is to allow
internal users to set up both phone and web conferences among themselves
across operational divisions and across physical locations. These will
include application and desktop sharing, as well as occasional remote
control. There is also the desire to allow outside users (vendors, etc.)
to join in these conferences.

I'm looking for guidance regarding the security issues of these
solutions. I plan on mentioning the accidental disclosure of private
data while sharing screens. I wonder how the lack of adequate logging
might dilute accountability. I'm concerned that inside users must
authenticate through this device against our active directory, but the
device must be internet-accessible on a DMZ to allow outside users
access.

What would you worry about? How would you mitigate your concerns? 

Thanks in advance,

- Dan

Dan Lynch, CISSP
Information Technology Analyst
County of Placer