Comprehensive software reviews to make better IT decisions
New York State Leads the Charge in Upcoming Zoom Security Enhancements
The Office of the Attorney General of the State of New York has reached a settlement with Zoom Video Communications. The agreement promises enhanced data security and user controls.
New York State Attorney General Letitia James made the announcement on May 7, 2020, following a state-led investigation into the video conferencing service launched in March 2020. The inquiry focused on the security concerns around the sudden widespread use of Zoom’s service during the COVID-19 pandemic lockdown.
The enhanced data security measures include encryption of data at rest, protection from hacker attempts at account access, and the implementation of a vulnerability management program and regular penetration testing. The enhanced privacy controls will be applied to all account tiers, including free accounts and accounts used in K-12 education.
User privacy has also been addressed by the agreement. This results in a severance of Zoom’s user-data sharing practice with Facebook and LinkedIn, particularly in cases where the user has explicitly selected the “anonymity” option. Zoom has agreed to provide the New York State Attorney General’s Office a copy of its annual security assessment report.
Full details of the agreement can be viewed on the New York State Attorney General’s website.
On a related note, federal US officials recognize the benefit to US citizens of web conferencing during the pandemic. This had led to the Office for Civil Rights division of the US Department of Health and Human Services announcing in March 2020 the temporary suspension of penalties for HIPAA noncompliance when using video conferencing services for telehealth.
The New York State Attorney General’s Office’s settlement with Zoom brings great benefit to all users of the service. Zoom will need to build the security mechanisms to comply with the settlement, and much of these enhancements address security concerns that have been raised about the service. Therefore, Zoom can incorporate the security enhancements in a comprehensive way while ensuring that it remains compliant with the terms of the agreement.
Of note in the settlement letter is Zoom’s requirement to encrypt data at rest in addition to data in transit. While this addresses the issue of user data stored in Zoom’s data centers, it does not explicitly mention end-to-end encryption per se; there is still an implied intermediary step between the encryption-in-transit and the encryption-at-rest states that is not explicit addressed in the agreement. Zoom customers are advised to wait and see how Zoom implements the security measures before concluding that Zoom is as secure as its rivals.
Info-Tech Research Group continues to stay on top of these developments. Watch this space for more updates.
Want to Know More?
My Firewall Is Smarter Than Your Firewall
Next-generation firewalls were smarter than previous firewalls, able to deeply analyze traffic and integrate with complementary security solutions. Today our needs are more complex, however, with a 742% increase in software supply chain attacks over the past three years. Sonatype Nexus Firewall has been paying attention and claims its firewall product is smarter about these attacks.
Your Internet Secret Service, Otherwise Known as External Attack Surface Management (EASM)
Have you ever thought of what else you could do to take your security operations center (SOC) to the next level and focus on prevention? Look no further – external attack surface management (EASM) was a popular managed service and topic of discussion at Rivest–Shamir–Adleman (RSA) Conference 2023, named after a popular public-key cryptosystem.
Can Hillstone Networks Position Its StoneOS to Take Firewalls Beyond the Next Generation?
Hillstone Networks has positioned itself as a robust and feature-rich provider of not only hardware but also security solutions. With its ZTNA 3.0 release and support for centralized management of IoT assets and incident response, the company embodies a next-generation firewall.
Acronis Offers a Unique Endpoint Protection and Data Recovery Package Tailored for the Small to Medium-Sized Business
Acronis hopes to overtake many competitors in the data recovery and endpoint protection solution space by forging partnerships with many MSSPs and appealing to the SMB market. The company has doubled down by hiring the former CEO of GoDaddy, who is committed to reinvesting in its technology and increasing and improving its product line.
Zoho Announces Trident to Power Workplace’s UCaaS Capabilities
Zoho, a multinational software and web-based business tool provider, has announced the launch of Trident – a hub that brings Zoho’s pre-existing and new unified communications capabilities into a single pane of glass. How will Trident’s addition to Workplace impact customer migrations from Microsoft and Google.
Next-Gen EDR/MDR/XDR – Field Effect Covalence
Field Effect Covalence is an EDR/MDR/XDR offering that translates chaos into order.
Will Avaya’s Five-Step Transformation Strategy Generate a Stronger Outlook for 2023?
To revitalize and strengthen business transformation, Avaya has outlined a five-step plan for restructuring its product lines, go-to-market strategy, and balance sheet. This tech note evaluates these five steps, highlighting the main contingencies for each step’s successful rollout.
Informatica World 2022 Highlights
On May 24-25, Informatica held its annual conference in Las Vegas – the first time “in-person” since the beginning of the COVID-19 pandemic.
Are You In or Out? How to Source Application Development
Custom application development is a strategic differentiator in the digital economy. Organizations need to make good decisions on how to insource or outsource that development or they risk bad software … and worse results.