Zoom Extends E2EE Encryption to Zoom Phone

Host of new security features announced

2
Zoom brings E2EE to Zoom Phone
Unified Communications

Published: September 14, 2021

Tom Wright

Managing Editor

Zoom has announced a range of cybersecurity enhancements for its platform, including end-to-end encryption (E2EE) for Zoom Phone.

E2EE was previously only available in Zoom Meetings, but one-to-one phone calls can now be upgraded to higher security via the Zoom client by clicking “more”, followed by the encryption option.

E2EE on Zoom Phone will be available next year.

During her Zoomtopia session, Nitasha Walia, Group Product Manager for Zoom Meetings, said: “At Zoom, security and privacy are the cornerstones of everything we do.

“We are continuously innovating our security capabilities to give you more control with customisable features such as end-to-end encryption, secure login and role-based access controls”

Zoom said that it is working with Okta to help verify users as they join new meetings.

The identity verification programme users multi-factor authentication and relies on certain criteria to validate users, such as:

  • Who they are: Role in an organisation, credentials and networks in use
  • What they have: Devices, authentication apps, codes, biometrics, and email addresses
  • What they know: Passwords, security questions and profile information

Walia said that the increase in social engineering has been the trigger for the latest advancements.

“In a world of deep fakes and identity thefts, it is becoming increasingly important to verify the user’s identity,” she explained.

“As a first step to addressing these challenges, we partnered with Okta to provide Zoom users a way to feel confident that the person at the other end is indeed who they think they are.”

Bring Your Own Key

 Zoom has partnered with Amazon Web Services (AWS) to introduce ‘bring your own key’ (BYOK) for customers with strict compliance demands.

BYOK lets customers manage their own key management system within AWS, with Zoom not having access to the master key. Zoom will then interact with the customer’s key system for encryption and decryption.

Zoom said that BYOK is separate from E2EE and is designed for secure storage of assets such as recordings, rather than real-time communication.

The vendor went on a security drive last year, acquiring Keybase to build out its encryption, which was brought to meetings soon after.

 

 

Security and Compliance
Featured

Share This Post