Zoom.us has been criticized for security breaches and disruptions during ZOOM meetings and video calls. ZOOM has had a short lifespan since it was founded in 2011. It will be fair to say that ZOOM has seen challenging growth issues. Perhaps the most significant one of user data security.
The year 2020 has particularly seen a surge in ZOOM demand globally. ZOOM has also taken some additional security measures to secure user data, and better equip the platform with enhanced security features. ZOOM recently released its 5.0 version, which also introduced enhanced security and privacy features.
Here are the top 05 reasons why we think ZOOM is safe for you to use.
1) New End-To-End Encryption Feature with ZOOM
End-to-end encryption with communication and video apps has become an industry standard now. However, it was a delayed and much-expected feature that ZOOM has finally announced. ZOOM acquired the key base app that specializes in app protection and encryption back in 2014.
ZOOM now provides an industry-standard encryption protocol of AES-256 GCM. ZOOM users using ZOOM meetings and Web clients will now be protected under this new security feature.
- Most of the users’ activities while connecting with the ZOOM platform will be secured with TSL 1.2 encryption.
- The data transmission is secured through the AES-256 GCM protocol during ZOOM meetings and video calls.
- ZOOM’s recently launched phone app services use SRTP and are protected through AES-256 encryption.
2) Account and Admin Controls
All ZOOM clients connect to the server via HTTPS secured server database. That feature again is very much an industry-standard these days. Previously, ZOOM allowed its users to log in with a Facebook account, resulting in many complaints of breach of privacy data. As a result, ZOOM has now removed the Facebook SDK from their IOS client.
ZOOM has also announced some new account controls and security features:
- ZOOM users already had the option of account authentication through Password and single-sign-on (SSO) protection
- ZOOM now added the two-factor authentication feature (2FA)
- Scheduling and starting ZOOM Meetings with Passcode protection to limit it to the authorized access only
- A built-in feature of the ZOOM Meeting invitation for selective participants only
ZOOM’s account setup and user participation through a shared link resulted in increased complaints. Many corporate clients vocally described the nuisance caused by unauthorized access by random users (hackers and spammers).
3) ZOOM In-Meeting Controls and Protection Features
ZOOM responding to such complaints of increasing incidents of unauthorized access with large online video calls and meetings has introduced some enhanced security features.
- Host and Participant Client Authentication feature enables authorized access only. The Meeting and video call authentication work on a session-to-session basis.
- The host can arrange the passcode-enabled meetings to restrict the participants to authorized persons only.
- ZOOM has introduced a new feature of “suspend participant activities” features that gives additional control to the host.
- Previously only hosts and co-hosts could “report” suspicious participant activities. With the updated feature, all meeting participants can report any questionable or spam participants.
- Hosts arranging public participation meetings through ZOOM Meetings or Webinars will now be protected with a new feature of “At-Risk Meeting Notifier.” The Feature will enable ZOOM to scan social media integrated and shared content by ZOOM hosts against any disruptive or suspicious activity.
4) Data Storage and Access
ZOOM users have the option of recording the ZOOM meetings and video calls. In-meeting chats, file sharing, and other media get stored on ZOOM cloud-based servers. ZOOM clients with paid plans and authorized access only can retrieve their account meetings and video calls recorded.
All data transmission through ZOOM clients and servers remains encrypted with AES-256 on a SIP or H.323 endpoints. Only clients with authorization can access the stored meetings and video calls.
All users choose to record and store the data on their device, hard storage, or third-party cloud storage like one drive.
Additionally, ZOOM clients using third-party integration with ZOOM APIs are protected with standard OAuth and JWT for API authentication.
5) Security Certification of ZOOM
ZOOM operates under the UK National Cybersecurity Centre’s cloud security standards and guidelines. The UK NCSC provides comprehensive guidelines and principles for data security in transmission, storage, and access for both the service providers and customers.
ZOOM has the following security and privacy certifications:
- SOC 2 (type II)
- FEdRAMP (Moderate)
- GDPR, CCPA, COPPA, FERPA, and HIPAA Compliant
- International Association of Privacy Professionals (IAPP) Silver Membership
- The UK NCSC protocols and guidelines
