Zoom announces multiple third-party certifications and innovations for enhanced platform security
Zoom announced that it recently received a variety of third-party certifications and attestations, unveiled product innovations and established programs, which collectively demonstrate the many initiatives undertaken at Zoom that help protect the security and privacy of its users.
“Safety, security and privacy are at the core of how we make decisions at Zoom and improve our platform,” said Jason Lee, chief information security officer at Zoom. “We remain committed to being a platform users can trust for all of their online interactions, information and activities.”
Third-party certifications and attestations demonstrate effectiveness
At Zoom, third-party certifications and standards are an integral part of the foundation of its security program. Zoom recently expanded its list of growing attestations with the following:
- Publication of a Data Protection Impact Assessment (DPIA) on SURF’s Zoom Meetings, Webinar and Chat services. SURF, the Collaborative Organization for Computing in Dutch Education and Research, and Zoom have agreed on several actions during their collaboration on the DPIA. These include new features, improved transparency and documentation, improved practices and a measurement plan.
- Obtained Cyber Essentials Plus Certification. This demonstrates Zoom’s commitment to the UK by delivering a security program, which makes it easier for local customers to assess the company’s IT systems.
- Provisional Authorization (PA) for Zoom for the Defense Information Systems Agency (DISA) Government for the Department of Defense (DoD) at Impact Level 4 (IL4). With this PA, the entire Zoom for Government platform will be available to organizations that require IL4-authorized solutions.
- Common Criteria Certification. The Zoom meeting client is the first video communication client to achieve certification for Common Criteria Level 2 Evaluation Assurance (v3.1 rev. 5), issued by the German Federal Office for Security Security. information (BSI).
- ISO/IEC 27001:2013 certification and SOC 2 + HITRUST requirements. Zoom Meetings, Zoom Phone, Zoom Chat, Zoom Rooms, and Zoom Webinar are now certified to the International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) 27001:2013 standard. Zoom has also expanded the scope of its SOC 2 Type II report to include additional criteria to meet the control requirements of the Health Information Trust Alliance Common Security Framework (HITRUST CSF).
Features designed for security and privacy
Additionally, Zoom continues to improve its security features for all users with the introduction of recent innovations such as automatic updates in the Zoom client. Through automatic updates, Zoom helps users receive important security patches and other features, improving their overall experience with the Zoom platform.
Innovations coming soon include a Bring Your Own Key (BYOK) offering, launching this year, and Zoom’s End-to-End Encryption (E2EE) offering rolling out to Zoom Phone, for one-on-one interviews. . , intra-account phone calls that occur through the Zoom client later this year.
Industrial collaboration for a safer future
To meet the growing needs of its global customer base, Zoom has established programs that draw on expertise and skills from around the world to inform security innovation and identify potential threats. These include a CISO advisory to foster a strategic feedback loop for upcoming security and privacy innovations, and the development of a security and data protection (DSP) toolkit to support from the National Health Service (NHS). Additionally, Zoom offers tailored solutions for specific audiences across industries and locations, such as:
- Zoom X powered by Telekom. Zoom and Deutsche Telekom have committed to developing a joint solution specifically for the German market called Zoom X powered by Telekom, which combines the experience customers love from Zoom with the trusted network and service provided by Deutsche Telekom. With Zoom’s seamless video communications platform, customers can set up and manage meetings intuitively across all end devices.
- Zoom for Government. Zoom for Government, which is designed for US federal agencies, is also available for US state and local government customers, as well as other approved businesses and organizations that support the US government. Zoom for Government includes 256-bit AES-GCM encryption as well as optional end-to-end encryption (E2EE) for Zoom Meetings. The Zoom for Government platform (which includes Zoom Meetings, Zoom Webinar, Zoom Chat, and Zoom Phone) has achieved the following:
- FedRAMP Moderate authorization in February 2019
- An Authorization to Operate with Conditions (ATO-C) at Department of Defense Impact Level 4 (DoD IL4) for Zoom meetings with the Department of the United States Air Force in June 2021
- A provisional authorization from the Defense Information Systems Agency for the DoD IL4 in March 2022
- A Criminal Justice Information Services (CJIS) certificate in January 2022
- HIPAA certification in March 2021
Harness the power of the security community
In addition to the daily testing Zoom performs on its solutions and infrastructure, Zoom has invested in a qualified global team of security researchers through a private bug bounty program. Hosted on the HackerOne platform, the world’s most trusted ethical hacking solution provider, the program has led to the recruitment of over 800 security researchers whose collective work has resulted in the submission of numerous bug reports and awarding over $2.4 million in bug bounties since the program was introduced. In 2021 alone, Zoom awarded over $1.8 million across 401 reports.
Continue training on Zoom’s security and privacy features
Zoom keeps privacy and security top of mind for all end users. Zoom has launched its Trust Center, a one-stop-shop for Zoom’s compliance, privacy, safety and security assets and information. It includes compliance and corporate governance resources, an in-depth overview of privacy, security resources and certifications, an in-depth overview of trust and security, and more. Zoom also recently introduced its Learning Center, which offers a series of free courses to get the most out of Zoom.
Users can complete “Zoom Security Basics” training and earn the “Security Champion” badge. The Zoom Trust Center and Learning Center also contain information about Zoom’s security features and how to secure meetings. This includes pre-meeting and meeting settings such as passwords set at the individual meeting, user, group, or account level; meeting waiting rooms; the ability to lock a meeting, remove, mute, or place participants on hold; and much more.