Zoom’s Latest Privacy and Security Updates

New certifications, privacy features, and security collaborations announced

3
zoom-security
Unified CommunicationsLatest News

Published: April 21, 2022

James Stephen

Technology Journalist

Zoom has announced new third-party certifications, privacy features, and security collaborations.

A third-party attestation has come from the Dutch organisation, SURF, and it has received provisional authorisation from the Defence Information Systems Agency (DISA).

Third-party certifications include the Cyber Essentials Plus certification, the Common Criteria Certification, and the ISO/IEC 27001:2013 certification.

Automatic updates are Zoom’s most recent privacy and security release and Bring Your Own Key (BYOK) will soon be available.

Zoom has utilised security collaborations with CISO Council, Deutsche Telekom, the U.S. government, and a private bug bounty program.

Jason Lee, Chief Information Security Officer at Zoom, said: “Safety, security, and privacy are at the core of how we make decisions at Zoom and enhance our platform.

“We remain committed to being a platform that users can trust for all of their online interactions, information, and business.”

Third-party certifications and attestations

  • Publication of a Data Protection Impact Assessment (DPIA) from SURF: SURF is a Dutch government and regulatory body representing a number of educational institutions. It has advised Zoom on measures to take regarding the DPIA and its privacy policy. This has resulted in new features, greater transparency, updated practices and measurement plans.
  • Cyber Essentials Plus Certification: Zoom’s security setup has made it easier for U.K. customers to access its I.T. systems. Zoom points to this as a sign of its commitment to the U.K. marketplace.
  • Provisional Authorisation (P.A.) for Zoom from the Defence Information Systems Agency (DISA): The Zoom for Government platform will be able to be used by the Department of Defence and other organisations in need of Impact Level 4-authorised software.
  • Common Criteria Certification: According to Zoom, the Zoom Meeting Client is the first video comms client to be certified for Common Criteria Evaluation Assurance Level 2.
  • ISO/IEC 27001:2013 Certification: Zoom Chat, Zoom Phone, Zoom Meetings, Zoom Webinar, and Zoom Rooms have all been certified as compliant with the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). Zoom’s SOC 2 Type II report also includes measures to fulfil Health Information Trust Alliance Common Security Framework (HITRUST CSF) standards.

New Privacy Features

Automatic updates in the Zoom client will bring users added security, deliver security fixes, and more.

A Bring Your Own Key (BYOK) offering that allows customers to manage their encryption keys will be rolled out later in the year. Zoom’s end-to-end encryption (E2EE) will also soon be available for Zoom Phone.

To spread awareness about its privacy and security features, Zoom has launched its Trust Center, which provides privacy, security, compliance and safety information. It has also set up a Learning Center, through which users can take courses to learn more about Zoom. Additionally, a Zoom Security Basics training is on offer that awards badges for completion.

Security Collaborations

Zoom is collaborating with several organisations to improve its security. CISO Council provides strategic privacy and security support and helps build a Data Security and Protection (DSP) Toolkit for use by the National Health Service (NHS).

Deutsche Telekom is also partnering with Zoom to create a solution for the German market called Zoom X powered by Telekom.

Zoom for Government is collaboration software for U.S. federal agencies, U.S. state, local government customers, and other approved businesses. It includes Zoom Chat, Zoom Meetings, Zoom Webinar, and Zoom Phone). Zoom for Government has 256-bit AES-GCM encryption and end-to-end encryption (E2EE). It has been awarded a number of attestations and authorisations.

Zoom has also hired over 800 security researchers through a private bug bounty program hosted on HackerOne’s platform. In total, Zoom has awarded $2.4 million in payments to bug bounty hunters. Last year it paid out over $1.8 million across 401 bug reports.

Recently, Zoom has made its Zoom Whiteboard available for everyone.

The company has also made several feature updates to improve the hybrid learning experience in education.

 

 

Security and Compliance

Brands mentioned in this article.

Featured

Share This Post