Zoom improves security for meetings in especially sensitive fields
Whether you are using the Zoom platform for hybrid learning or for meetings on various topics, you need to pay attention to the security functions behind the scenes. The company's global deputy CIO offers guidance
Cybertech
| 21/06/2021
Photo: Zoom
By Gary Sorrentino
Regardless of where you work or what you do, security matters. That’s why we work to weave it seamlessly into the Zoom user experience, so organizations from all industries can achieve seamless and secure collaboration.
Whether you’re leveraging the Zoom platform for hybrid learning, telehealth appointments, or legislative meetings, we’ve designed unique features and worked to address industry-specific standards to help organizations maximize efficiency while addressing their unique needs.
While all of these security features are industry-agnostic, we want to highlight a few that are vital for addressing certain sector-specific pain points.
General in-meeting controls
While each industry uses our platform in a way that addresses their unique needs, Zoom Meetings comes with a security icon and set of in-meeting controls that help users across the board safeguard their meetings from uninvited guests. With these controls, hosts can manage screen sharing, lock the meeting, set up two-factor authentication, remove disruptive participants, disable video or mute participants, suspend participant activities, turn off file transfer, disable private chat, and report a user.
Education
As many schools and campuses embrace the hybrid learning model, teachers need the right security tools readily available to help make sure their virtual classroom isn’t interrupted by outsiders or unwarranted hijinks. The following features and commitments are designed to help teachers and administrators streamline the virtual learning experience:
At-Risk Meeting Notifier: Designed to proactively identify any issues with meeting privacy, the tool scans posts on public social media sites and other public online resources for Zoom Meeting links. If your class link was posted online, you’ll receive an email notification.
Chat Etiquette Tool: Automatically identifies keywords and text patterns in Zoom Chat and in-meeting chat and helps prevent users from sharing unwanted messages, such as those that include inappropriate language. It is important to note that the Chat Etiquette Policies are defined by account admins, not by Zoom, and that the tool does not send reports/flags to account admins or anyone else. Anyone interested in this feature should contact their customer success manager (CSM) to turn it on.
Waiting Room: In your meeting settings under “Security,” you can toggle on the Waiting Room, which will send everyone to the virtual waiting area where you can admit them individually or all at once. In fact, the Waiting Room feature is on by default for K-12/primary and secondary education users.
Zoom complies with and helps our customers enable compliance with the Family Educational Rights and Privacy Act (FERPA), which helps protect the privacy of student educational records.
Healthcare
Patient privacy and well-being are always a top priority for healthcare organizations. Whether you’re conducting telehealth appointments or connecting medical communities virtually, here are some features and standards to help your organization safeguard patient privacy:
Advanced chat encryption: Allows for a secured communication where only the intended recipient can read the secured message, which helps medical staff coordinate quickly while safeguarding private patient data.
Required meeting passcodes: You can create a passcode and share with patients via email so they’re required to type in the secure password to be able to join a telehealth session, helping to add an extra layer of security to the interaction.
Whether you’re a solo practitioner, small clinic, or enterprise health system, Zoom helps customers enable HIPAA-compliant programs by executing a Business Associate Agreement (BAA).
Financial services
Securing client information is vital for any financial services organization. Customer trust — and therefore business viability — is contingent on security, so any financial services organization using Zoom should take advantage of these data management and encryption features:
Data routing control: Zoom users have the ability to select which data centers process their data in transit, or, in other words, data that is actively moving from one location to another across the internet. You can opt in or out of each specific data center region (except your default region where your account was provisioned) for data in transit, helping to maintain more control over where information travels.
End-to-end encryption: When enabled, this feature uses the same 256-bit AES GCM encryption that supports standard Zoom Meetings to help encrypt communication between all meeting participants. The only difference is that the cryptographic keys are known only to the devices of the meeting participants. This means that no third party — including Zoom — has access to the meeting’s private keys.
Meeting and Webinar Archiving: Allows account administrators to set up an automated mechanism to collect and archive meeting data to a third-party platform of their choice and hence, satisfy FINRA and/or other compliance requirements. Unlike Cloud Recording, which saves video, audio, and chat/transcription files to the Zoom Cloud, the Archiving API collects webinar and meeting data/metadata necessary for certain compliance guidelines, as well as the audio, video, and chat files if set in the API call.
Government
Like many modern organizations, government institutions need to collaborate in real-time while protecting the exchange of crucial data — that’s why we’ve developed Zoom for Government. Designed to meet the specialized requirements and needs of the U.S. Government, Zoom for Government offers the same experience as the standard Zoom platform, but is a separate platform designed to adhere to federal security standards.
U.S.-based staff and data centers: Zoom for Government leverages the U.S.-based GovCloud infrastructure and U.S.-based co-located data centers. It is deployed and managed by U.S. persons only. This feature is exclusive to Zoom for Government.
Cross-platform privacy features: Zoom has released a number of privacy features that help give Zoom and Zoom for Government customers alike more insight and control over the privacy of their meetings. These features help protect the privacy of crucial information exchanged over our platform. They include preventing participants from joining via multiple devices at the same time or from a different device after being removed from a meeting, the ability to require only authenticated users to join meetings, and more.
Securing the hybrid workforce
No matter what industry you work in, secure collaboration is fundamental for success. Security is also more important than ever as organizations navigate the next phase of work and learn to operationalize the hybrid workforce. By supporting the hybrid workforce with technology that deploys easy-to-use security features, organizations will create a realistic and scalable approach to security that will evolve as the business does.
Gary Sorrentino is Global Deputy CIO of Zoom
Whether you are using the Zoom platform for hybrid learning or for meetings on various topics, you need to pay attention to the security functions behind the scenes. The company's global deputy CIO offers guidance
Photo: Zoom
By Gary Sorrentino
Regardless of where you work or what you do, security matters. That’s why we work to weave it seamlessly into the Zoom user experience, so organizations from all industries can achieve seamless and secure collaboration.
Whether you’re leveraging the Zoom platform for hybrid learning, telehealth appointments, or legislative meetings, we’ve designed unique features and worked to address industry-specific standards to help organizations maximize efficiency while addressing their unique needs.
While all of these security features are industry-agnostic, we want to highlight a few that are vital for addressing certain sector-specific pain points.
General in-meeting controls
While each industry uses our platform in a way that addresses their unique needs, Zoom Meetings comes with a security icon and set of in-meeting controls that help users across the board safeguard their meetings from uninvited guests. With these controls, hosts can manage screen sharing, lock the meeting, set up two-factor authentication, remove disruptive participants, disable video or mute participants, suspend participant activities, turn off file transfer, disable private chat, and report a user.
Education
As many schools and campuses embrace the hybrid learning model, teachers need the right security tools readily available to help make sure their virtual classroom isn’t interrupted by outsiders or unwarranted hijinks. The following features and commitments are designed to help teachers and administrators streamline the virtual learning experience:
At-Risk Meeting Notifier: Designed to proactively identify any issues with meeting privacy, the tool scans posts on public social media sites and other public online resources for Zoom Meeting links. If your class link was posted online, you’ll receive an email notification.
Chat Etiquette Tool: Automatically identifies keywords and text patterns in Zoom Chat and in-meeting chat and helps prevent users from sharing unwanted messages, such as those that include inappropriate language. It is important to note that the Chat Etiquette Policies are defined by account admins, not by Zoom, and that the tool does not send reports/flags to account admins or anyone else. Anyone interested in this feature should contact their customer success manager (CSM) to turn it on.
Waiting Room: In your meeting settings under “Security,” you can toggle on the Waiting Room, which will send everyone to the virtual waiting area where you can admit them individually or all at once. In fact, the Waiting Room feature is on by default for K-12/primary and secondary education users.
Zoom complies with and helps our customers enable compliance with the Family Educational Rights and Privacy Act (FERPA), which helps protect the privacy of student educational records.
Healthcare
Patient privacy and well-being are always a top priority for healthcare organizations. Whether you’re conducting telehealth appointments or connecting medical communities virtually, here are some features and standards to help your organization safeguard patient privacy:
Advanced chat encryption: Allows for a secured communication where only the intended recipient can read the secured message, which helps medical staff coordinate quickly while safeguarding private patient data.
Required meeting passcodes: You can create a passcode and share with patients via email so they’re required to type in the secure password to be able to join a telehealth session, helping to add an extra layer of security to the interaction.
Whether you’re a solo practitioner, small clinic, or enterprise health system, Zoom helps customers enable HIPAA-compliant programs by executing a Business Associate Agreement (BAA).
Financial services
Securing client information is vital for any financial services organization. Customer trust — and therefore business viability — is contingent on security, so any financial services organization using Zoom should take advantage of these data management and encryption features:
Data routing control: Zoom users have the ability to select which data centers process their data in transit, or, in other words, data that is actively moving from one location to another across the internet. You can opt in or out of each specific data center region (except your default region where your account was provisioned) for data in transit, helping to maintain more control over where information travels.
End-to-end encryption: When enabled, this feature uses the same 256-bit AES GCM encryption that supports standard Zoom Meetings to help encrypt communication between all meeting participants. The only difference is that the cryptographic keys are known only to the devices of the meeting participants. This means that no third party — including Zoom — has access to the meeting’s private keys.
Meeting and Webinar Archiving: Allows account administrators to set up an automated mechanism to collect and archive meeting data to a third-party platform of their choice and hence, satisfy FINRA and/or other compliance requirements. Unlike Cloud Recording, which saves video, audio, and chat/transcription files to the Zoom Cloud, the Archiving API collects webinar and meeting data/metadata necessary for certain compliance guidelines, as well as the audio, video, and chat files if set in the API call.
Government
Like many modern organizations, government institutions need to collaborate in real-time while protecting the exchange of crucial data — that’s why we’ve developed Zoom for Government. Designed to meet the specialized requirements and needs of the U.S. Government, Zoom for Government offers the same experience as the standard Zoom platform, but is a separate platform designed to adhere to federal security standards.
U.S.-based staff and data centers: Zoom for Government leverages the U.S.-based GovCloud infrastructure and U.S.-based co-located data centers. It is deployed and managed by U.S. persons only. This feature is exclusive to Zoom for Government.
Cross-platform privacy features: Zoom has released a number of privacy features that help give Zoom and Zoom for Government customers alike more insight and control over the privacy of their meetings. These features help protect the privacy of crucial information exchanged over our platform. They include preventing participants from joining via multiple devices at the same time or from a different device after being removed from a meeting, the ability to require only authenticated users to join meetings, and more.
Securing the hybrid workforce
No matter what industry you work in, secure collaboration is fundamental for success. Security is also more important than ever as organizations navigate the next phase of work and learn to operationalize the hybrid workforce. By supporting the hybrid workforce with technology that deploys easy-to-use security features, organizations will create a realistic and scalable approach to security that will evolve as the business does.
Gary Sorrentino is Global Deputy CIO of Zoom
