Comprehensive Software Reviews to make better IT decisions
Cisco Suffers Security Flaw With Zoom Interoperability
On October 31, 2019, Cisco was notified of a security risk with the Zoom Connector for Cisco. Access for the Zoom Connector for Cisco hosted on zoom.us did not require authentication, allowing external users to join a Zoom meeting without password credentials.
Furthermore, Zoom’s landing page copied Cisco’s landing page, misleading users into thinking they were on a secure Cisco webpage.
Cisco named three major security problems that resulted from this incident:
- The Zoom URL did not require credentials.
- Zoom exposed Cisco Webex Devices to administrative exposure by placing itself between the user and the Cisco interface.
- The Zoom URL did not get revoked if the administration password was changed.
Source: Web Conferencing at SoftwareReviews. Accessed November 11, 2019
Cisco’s announcement of this security issue beat the press to the fold. The result is that Cisco has been able to shape the narrative of this incident – and it doesn’t portray Zoom in a good light. Given Zoom’s security problem earlier this year, which saw an exposure in Zoom’s APIs for Webex, Cisco is losing patience.
Sri Srinivasan, SVP and GM for the Team Collaboration Group at Cisco, issued this stark statement: “We [Cisco] would like them [Zoom] to take additional steps to use our supported APIs and work with us to certify the solution so that we can secure our mutual customers effectively.”
Yet in a competitive collaboration marketplace, the harsh reality is that Cisco and Zoom need to ensure interoperability. Microsoft’s Teams offering is making serious traction in this space, and Cisco and Zoom cannot afford to lose out on users due to security problems.
However, Cisco’s public statement will be a jolt to Zoom, who will be left to suffer by themselves if their security issues are not resolved. After all, as Srinivasan continued, though interoperability is convenient, it “comes with zero compromises on security and data integrity.” Abandoning Zoom may not be attractive, but it would certainly limit the fallout if Zoom’s security problems become more frequent.
Want to Know More?
Zoom Video Communications has announced an array of offerings for 2020 at its third-annual Zoomtopia Conference.
Cisco Systems has announced several enhancements to its collaboration portfolio, which includes new software and hardware solutions and a partnership with Microsoft.
With the bulk of the millennial generation now fully in the workforce and moving into decision-maker roles, the way business gets done is changing. And it involves a lot more collaboration over video, according to a new report from Lifesize.
Microsoft Teams received a bevy of new capabilities that focus on new ways to customize the experience for users and manage the workflow for administrators, all announced at Microsoft’s annual infrastructure-focused Ignite conference in Orlando on Nov. 4.
Apple’s attention-getting new hardware announcements played up a lot of new camera features and screen quality upgrades. While web conferencing users who rely on their mobile device to join work meetings will enjoy some incremental improvements, not all of the features showcased in the reveal keynote will make a difference.
Google is extending the live captions feature on Hangouts Meet to mobile users with its addition to the Meet Android app, according to the G Suite Updates Blog on September 16.
On October 30, 2019, KnowBe4, a leader in the end-user security training space, was awarded Federal Risk and Authorization Management Program (FedRAMP) approval from the US federal government.