Zoom Improves Cybersecurity, Receives Awards

Zoom has added new features to its video conferencing service to improve security.

Zoom encryption
Zoom Video Communications recently announced its new end-to-end encryption (E2EE) is available to users globally, free and paid, for meetings with up to 200 participants.

As several cybersecurity experts are warning of increased cybersecurity vulnerabilities with more employees working remotely, Zoom Video Communications recently announced its new end-to-end encryption (E2EE) is available to users globally, free and paid, for meetings with up to 200 participants.

This feature is available immediately as a technical preview, meaning that the company is proactively soliciting feedback from users for the next 30 days. E2EE is available on Zoom desktop client version 5.4.0 for Mac and PC, the Zoom Android app, and Zoom Rooms, with the Zoom iOS app pending Apple App Store approval.

Improved Encryption

Zoom’s E2EE uses the same 256-bit AES-GCM encryption that secures Zoom meetings by default. When users enable E2EE for their meetings, nobody except each participant, not even Zoom’s meeting servers, has access to the encryption keys that are used to encrypt the meeting.

In typical meetings, Zoom’s cloud meeting server generates encryption keys for every meeting and distributes them to meeting participants using Zoom clients as they join. With Zoom’s new E2EE, the meeting’s host generates encryption keys and uses public key cryptography to distribute these keys to the other meeting participants.

Zoom’s servers become oblivious relays and never see the encryption keys required to decrypt the meeting contents. Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key.

Flip the Switch

Account admins can enable this E2EE feature in their web dashboard at the account, group and user level. It can also be locked at the account or group level. If enabled, the host can toggle on and off E2EE for any given meeting depending on the level of security and level of functionality they would like. In phase one, meeting participants must join from the Zoom desktop client, mobile app, or Zoom Rooms for E2EE-enabled meetings.

“We’re very proud to bring Zoom’s new end-to-end encryption to Zoom users globally today,” says Zoom CISO Jason Lee. “This has been a highly-requested feature from our customers, and we’re excited to make this a reality. Kudos to our encryption team who joined us from Keybase in May and developed this impressive security feature within just six months.”

As a technical preview, Zoom hopes to gather input from customers on their experiences with E2EE. Zoom encourages customers to enable Feedback to Zoom on their account in order to provide feedback. When enabled, customers may submit feedback directly through the Zoom client by navigating to their “Settings” and selecting “Feedback.”

Zoom Recognized 

Zoom also recently announced that analyst firm Gartner has named Zoom a Leader in the 2020 Magic Quadrant for Meeting Solutions, as well as a Leader in the Magic Quadrant for Unified Communications as a Service. This is the sixth time Zoom has appeared in the Gartner Magic Quadrant for Meeting Solutions and its fifth consecutive time as a Leader. It is the first year Zoom has qualified for inclusion in the Gartner Magic Quadrant for UCaaS.

For the Meeting Solutions Magic Quadrant, Gartner evaluated companies based on criteria including their ability to satisfy a wide variety of well-established and newly defined virtual meeting scenarios. The report analyzed 15 companies in the Meeting Solutions space and named Zoom as a Leader.

The criteria used by Gartner to evaluate companies selected for the UCaaS Magic Quadrant include ease of use, service reliability, and the pace of innovation and enhancement. The report analyzed 14 companies in the UCaaS space, naming Zoom as a Leader.