Zoom has recently received a variety of third-party certifications and attestations, unveiled product innovations, and established programs, with a focus on security and privacy.
Zoom chief information security officer Jason Lee says, “Safety, security, and privacy are at the core of how we make decisions at Zoom and enhance our platform. We remain committed to being a platform that users can trust for all of their online interactions, information, and business. ”
Third-party certifications and attestations
At Zoom, third-party certifications and standards are integral to its security program’s foundation. Zoom recently expanded its list of growing attestations with the following:
- Provisional Authorization (PA) for Zoom for Government from Defense Information Systems Agency (DISA) for the Department of Defense (DoD) at Impact Level 4 (IL4). With this PA, the entire Zoom for Government platform will be available for use for those organizations in need of IL4-authorized solutions.
- ISO / IEC 27001: 2013 certification and SOC 2 + HITRUST requirements. Zoom Meetings, Zoom Phone, Zoom Chat, Zoom Rooms, and Zoom Webinar are now certified as International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) 27001: 2013 compliant. Zoom also expanded the scope of its SOC 2 Type II report to include additional criteria to meet Health Information Trust Alliance Common Security Framework (HITRUST CSF) control requirements.
Features designed for security and privacy
In addition, Zoom continues to enhance its security features for all users with the introduction of recent innovations such as automatic updates in the Zoom client.
With automatic updates, Zoom aims to help users to receive important security fixes and other features, improving their overall experience with the Zoom platform. Innovations that will soon be available include a Bring Your Own Key (BYOK) offering, which will be released this year, and Zoom’s end-to-end encryption (E2EE) offering will be rolled out to Zoom Phone, for one-on-one , intra-account phone calls that occur via the Zoom client later this year.
Industry collaboration for more security
To meet the growing needs of its global customer base, Zoom has established programs that bring in expertise and skills from around the world to inform security innovation and identify potential threats. These include a CISO Council to foster a strategic feedback loop for upcoming security and privacy innovation, and the development of a Data Security and Protection (DSP) Toolkit in support of the National Health Service (NHS).
Tapping into the power of the security community
In addition to the daily testing that Zoom conducts on its solutions and infrastructure, Zoom invested in a skilled global team of security researchers via a private bug bounty program.
Hosted on HackerOne’s platform, the world’s most trusted provider of ethical hacking solutions, the program led to the recruitment of over 800 security researchers whose collective work resulted in the submission of numerous bug reports, and awards of over $ 2.4 million in bug bounty payments since the program was introduced. In 2021 alone, Zoom awarded over $ 1.8 million across 401 reports.
Furthering education on Zoom security and privacy features
Zoom launched its Trust Center, a one-stop shop for assets and information on Zoom compliance, privacy, safety, and security. It includes compliance and corporate governance resources, a detailed privacy overview, security resources and certifications, a detailed trust and safety overview, and more.
Zoom also recently introduced its Learning Center, which provides a series of free courses to get the most out of Zoom. Users can complete the ‘Zoom Security Basics’ training and earn the ‘Security Champion’ badge.
The Zoom Trust Center and Learning Center also contain information on Zoom’s security features and how to keep meetings secure. This includes pre-meeting and in-meeting settings such as passwords set at the individual meeting, user, group, or account level; meeting Waiting Rooms; the ability to lock a meeting, remove, mute or place participants on hold; and much more.