Comprehensive software reviews to make better IT decisions
Cisco Suffers Security Flaw With Zoom Interoperability
On October 31, 2019, Cisco was notified of a security risk with the Zoom Connector for Cisco. Access for the Zoom Connector for Cisco hosted on zoom.us did not require authentication, allowing external users to join a Zoom meeting without password credentials.
Furthermore, Zoom’s landing page copied Cisco’s landing page, misleading users into thinking they were on a secure Cisco webpage.
Cisco named three major security problems that resulted from this incident:
- The Zoom URL did not require credentials.
- Zoom exposed Cisco Webex Devices to administrative exposure by placing itself between the user and the Cisco interface.
- The Zoom URL did not get revoked if the administration password was changed.
Source: Web Conferencing at SoftwareReviews. Accessed November 11, 2019
Cisco’s announcement of this security issue beat the press to the fold. The result is that Cisco has been able to shape the narrative of this incident – and it doesn’t portray Zoom in a good light. Given Zoom’s security problem earlier this year, which saw an exposure in Zoom’s APIs for Webex, Cisco is losing patience.
Sri Srinivasan, SVP and GM for the Team Collaboration Group at Cisco, issued this stark statement: “We [Cisco] would like them [Zoom] to take additional steps to use our supported APIs and work with us to certify the solution so that we can secure our mutual customers effectively.”
Yet in a competitive collaboration marketplace, the harsh reality is that Cisco and Zoom need to ensure interoperability. Microsoft’s Teams offering is making serious traction in this space, and Cisco and Zoom cannot afford to lose out on users due to security problems.
However, Cisco’s public statement will be a jolt to Zoom, who will be left to suffer by themselves if their security issues are not resolved. After all, as Srinivasan continued, though interoperability is convenient, it “comes with zero compromises on security and data integrity.” Abandoning Zoom may not be attractive, but it would certainly limit the fallout if Zoom’s security problems become more frequent.
Want to Know More?
On May 21, 2021, Cisco briefed on Webex’s security features. This not only included information about the type of administration control for end users when using Webex from any device, but also Cisco’s certifications and compliances more broadly.
This note outlines Info-Tech’s Three C’s of Enterprise Collaboration framework to help buyers effectively navigate the collaboration software marketspace.
With a return to the office looking ever more feasible, organizations need to consider what role web conferencing solutions will play moving forward. This note outlines three trends organizations should be aware of as we move into 2022.
Information security leaders fully understand the importance of having a security incident and event management (SIEM) solution, but teams need to overcome three main challenges before considering purchasing a SIEM solution.
On March 11, 2021, Verizon provided updates to BlueJeans’ product vision and direction for FY2021. BlueJeans experienced dramatic adoption in 2020, particularly for webinars and events, and seeks to offer advanced breakout room features in the future.
On February 24-25, 2021, Zoho held its annual ZohoDay – a conference aimed at communicating the state of the business and product roadmaps. The event coincided with Zoho’s 25th year as a company, testament to Zoho’s long-term business approach: grow organically, have zero debt, zero external investments, remain cashflow positive, and plow cashflow back into the business and customers.
On October 29, 2020, Verizon briefed on BlueJeans’ product vision and direction. This note outlines the new and upcoming features that users can expect from BlueJeans for the rest of 2020 and into 2021. However, with the table stakes margin for features rapidly increasing in the web conferencing marketspace, BlueJeans’ new features are less a way to stand out from the crowd and more as a necessity to keep up.
On November 5, 2020, Cisco briefed on its upcoming virtual legislative session tool Webex Legislate. With a range of features that governing bodies around the globe have desired throughout the extent of the pandemic, Webex Legislate surely becomes the must-have tool for conducting virtual and hybrid sessions – especially if an agency is already leveraging Cisco products.
Chronicle, Alphabet’s enterprise security company, expands its North American partner base with Herjavec Group, its first Canadian partner. Herjavec Group is the first service provider in Canada to be certified in, and provide access to, Chronicle’s security intelligence products.