Zoom Introduces Certifications & Innovations for Enhanced Platform

Zoom Video Communications has declared that it has obtained a number of third-party certifications and attestations, as well as introduced product advancements and created programs, all of which illustrate the various measures done by Zoom to assist safeguard its users’ security and privacy.

Third-party certifications and attestations demonstrate the effectiveness

Third-party certifications and standards are an important aspect of Zoom’s security operation. Zoom just added the following to its increasing list of endorsements:

SURF has published a Data Protection Impact Assessment (DPIA) for Zoom’s Meetings, Webinars, and Chat services. In the course of working together on the DPIA, SURF, the joint organization for IT in Dutch education and research, and Zoom committed on a number of initiatives. New features, increased openness and documentation, improved procedures, and a measuring strategy are among them. Find out more about the results.

Achievement of the Cyber Essentials Plus certification. This demonstrates Zoom’s commitment to the UK by achieving a security scheme, which makes it easier for local customers to assess the company’s IT systems. Learn more about this certification here.
Provisional Authorization (PA) for Zoom for Government from Defense Information Systems Agency (DISA) for the Department of Defense (DoD) at Impact Level 4 (IL4). With this PA, the entire Zoom for Government platform will be available for use for those organizations in need of IL4-authorized solutions. Learn more about this authorization.
Common Criteria Certification. The Zoom Meeting Client is the first video communications client to be certified by the German Federal Office for Information Security for Common Criteria Evaluation Assurance Level 2 (v3.1 rev. 5). (BSI).
Learn more about the certification.
ISO/IEC 27001:2013 certification and SOC 2 + HITRUST requirements. Zoom Meetings, Zoom Phone, Zoom Chat, Zoom Rooms, and Zoom Webinar are now certified as International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) 27001:2013 compliant. Zoom also expanded the scope of its SOC 2 Type II report to include additional criteria to meet Health Information Trust Alliance Common Security Framework (HITRUST CSF) control requirements.

Features designed for security and privacy

Furthermore, with new advancements such as automatic upgrades in the Zoom client, Zoom continues to improve its security features for all users. Zoom’s automated updates assist customers in receiving critical security patches and other improvements, enhancing their entire Zoom platform experience.

Bring Your Own Key (BYOK) will be accessible later this year, and Zoom’s end-to-end encryption (E2EE) will be pushed out to Zoom Phone for one-on-one, intra-account phone conversations via the Zoom client later this year.

Industry collaboration for a more secure future

Zoom has created initiatives to draw in experience and talents from around the world to inform security innovation and uncover possible dangers in order to satisfy the rising demands of its global client base. A CISO Council is being formed to establish a strategic feedback loop for impending security and privacy innovation, as well as the creation of a Data Security and Protection (DSP) Toolkit to help the National Health Service (NHS). Additionally, Zoom offers bespoke solutions for specific audiences across industries and locations, such as:

Zoom X powered by Telekom: Zoom and Deutsche Telekom have committed to creating Zoom X powered by Telekom, a combined solution designed exclusively for the German market that combines the Zoom experience with Deutsche Telekom’s renowned network and service. Customers can set up and manage meetings effortlessly across all end devices with Zoom’s seamless video communications technology.

Zoom for Government: Zoom for Government, which is designed for U.S. federal agencies, is also available to U.S. state and local government customers, as well as other approved businesses and organizations that support the U.S. government. Zoom for Government includes 256-bit AES-GCM encryption as well as optional end-to-end encryption (E2EE) for Zoom Meetings. The Zoom for Government platform (which includes Zoom Meetings, Zoom Webinar, Zoom Chat, and Zoom Phone) has achieved the following:
FedRAMP Moderate authorization in February 2019
An Authorization to Operate with Conditions (ATO-C) at Department of Defense Impact Level 4 (DoD IL4) for Zoom Meetings with the Department of the U.S. Air Force in June 2021

A Provisional Authorization from the Defense Information Systems Agency for DoD IL4 in March 2022
A Criminal Justice Information Services (CJIS) attestation in January 2022
A HIPAA attestation in March 2021
Tapping into the power of the security community

Zoom invests in a professional worldwide team of security experts through a private bug bounty program, in addition to the daily testing of its products and infrastructure. The program, which was hosted on HackerOne’s platform, one of the world’s most trusted providers of ethical hacking solutions, attracted over 800 security researchers, whose combined efforts resulted in the submission of numerous bug reports and bug bounty payments totaling over $2.4 million since the program’s inception. Zoom awarded nearly $1.8 million over 401 reports in 2021 alone.

Furthering education on Zoom security and privacy features

All end users at Zoom are concerned about their privacy and security. Zoom has created its Trust Center, which serves as a one-stop shop for assets and information related to Zoom compliance, privacy, safety, and security. It offers resources for compliance and corporate governance, as well as a complete privacy overview, security resources and certifications, and a detailed trust and safety overview. Zoom also just launched its learning center, which offers a number of free courses to help users get the most out of the service. Users may receive the ‘Security Champion’ badge by completing the ‘Zoom Security Basics’ training. The Zoom Trust Center and Learning Center both provide details on Zoom’s security features and how to make meetings safe. This offers pre-meeting and in-meeting settings such as individual meeting, user, group, or account passwords; meeting Waiting Rooms; the option to lock a meeting, remove, mute, or place participants on hold; and much more.

Originally published at https://cxotv.techplusmedia.com on April 22, 2022.