Delivering on its promise to fix privacy and security issues, the newly popular video and web conferencing app Zoom has added AES 256-bit GCM encryption support. Zoom will provide increased protection to meeting data and resistance against tampering. This is a key milestone in the company's 90-day plan to proactively identify, address, and enhance the security and privacy capabilities of its platform.
"I am proud to reach this step in our 90-day plan, but this is just the beginning. We built our business by delivering happiness to our customers. We will earn our customers' trust and deliver them happiness with our unwavering focus on providing the most secure platform," said Eric S. Yuan, CEO of Zoom.
On the network front, the AES 256-bit GCM encryption standard offers increased protection of meeting data in transit and resistance against tampering. Zoom says that this provides confidentiality and integrity assurances on Zoom Meeting, Zoom Video Webinar, and Zoom Phone data. Zoom 5.0, which is slated for release within the week, supports GCM encryption. This standard will take effect once all accounts are enabled with GCM. System-wide account enablement will take place on May 30.
With the control data routing feature, the account admin may choose which data centres their account-hosted meetings and webinars use for real-time traffic at the account, group, or user level.
"We take a holistic view of our users' privacy and our platform's security," says Oded Gal, CPO of Zoom. "From our network to our feature set to our user experience, everything is being put through rigorous scrutiny. On the back-end, AES 256-bit GCM encryption will raise the bar for securing our users' data in transit. On the front end, I'm most excited about the Security icon in the meeting menu bar. This takes our security features, existing and new, and puts them front and center for our meeting hosts. With millions of new users, this will make sure they have instant access to important security controls in their meetings."
Moving on to the user experience and controls, Zoom has grouped together security features and can be accessed by clicking the security icon in the meeting menu bar on the host's interface. Hosts will be able to "Report a User" to Zoom via the Security icon, may also disable the ability for participants to rename themselves. For education customers, screen sharing now defaults to the host only. Passwords will set by default to all those accessing cloud recordings aside from the meeting host and require a complex password. For administered accounts, account admins now have the ability to define password complexity.
Zoom 5.0 will support a new data structure for larger organisations, allowing them to link contacts across multiple accounts so people can easily and securely search and find meetings, chat, and phone contacts. Users may now opt to have their Zoom Chat notifications not show a snippet of their chat; new non-PMI meetings now have 11-digit IDs for added complexity; and during a meeting, the meeting ID and Invite option have been moved from the main Zoom interface to the Participants menu, making it harder for a user to accidentally share their meeting ID.
"When faced with questions over security and privacy, Zoom reacted quickly and very publicly to the challenges, including their CEO holding weekly public security briefings," notes Wayne Kurtzman, IDC Research Director for Social, Communities, and Collaboration. "Zoom was also quick to take actions on changing the defaults that helped address meeting privacy concerns, as well as setting a 90-day plan for deeper actions, and communicating it publicly."
Users will be able to update to Zoom 5.0 from the company website.