Comprehensive software reviews to make better IT decisions
New York State Leads the Charge in Upcoming Zoom Security Enhancements
The Office of the Attorney General of the State of New York has reached a settlement with Zoom Video Communications. The agreement promises enhanced data security and user controls.
New York State Attorney General Letitia James made the announcement on May 7, 2020, following a state-led investigation into the video conferencing service launched in March 2020. The inquiry focused on the security concerns around the sudden widespread use of Zoom’s service during the COVID-19 pandemic lockdown.
The enhanced data security measures include encryption of data at rest, protection from hacker attempts at account access, and the implementation of a vulnerability management program and regular penetration testing. The enhanced privacy controls will be applied to all account tiers, including free accounts and accounts used in K-12 education.
User privacy has also been addressed by the agreement. This results in a severance of Zoom’s user-data sharing practice with Facebook and LinkedIn, particularly in cases where the user has explicitly selected the “anonymity” option. Zoom has agreed to provide the New York State Attorney General’s Office a copy of its annual security assessment report.
Full details of the agreement can be viewed on the New York State Attorney General’s website.
On a related note, federal US officials recognize the benefit to US citizens of web conferencing during the pandemic. This had led to the Office for Civil Rights division of the US Department of Health and Human Services announcing in March 2020 the temporary suspension of penalties for HIPAA noncompliance when using video conferencing services for telehealth.
The New York State Attorney General’s Office’s settlement with Zoom brings great benefit to all users of the service. Zoom will need to build the security mechanisms to comply with the settlement, and much of these enhancements address security concerns that have been raised about the service. Therefore, Zoom can incorporate the security enhancements in a comprehensive way while ensuring that it remains compliant with the terms of the agreement.
Of note in the settlement letter is Zoom’s requirement to encrypt data at rest in addition to data in transit. While this addresses the issue of user data stored in Zoom’s data centers, it does not explicitly mention end-to-end encryption per se; there is still an implied intermediary step between the encryption-in-transit and the encryption-at-rest states that is not explicit addressed in the agreement. Zoom customers are advised to wait and see how Zoom implements the security measures before concluding that Zoom is as secure as its rivals.
Info-Tech Research Group continues to stay on top of these developments. Watch this space for more updates.
Want to Know More?
On October 8, 2021, BlueJeans by Verizon announced their “Next-Generation BlueJeans” suite and partnership with Google Glass. The Next-Generation suite ties BlueJeans Meetings to two new products: BlueJeans Spaces and BlueJeans Collab Board.
On June 3, 2021, BlueJeans provided an update on its product direction for 2H 2021. BlueJeans is now fully integrated with Verizon One, completing Verizon’s full UCaaS solution.
On May 21, 2021, Cisco briefed on Webex’s security features. This not only included information about the type of administration control for end users when using Webex from any device, but also Cisco’s certifications and compliances more broadly.
This note outlines Info-Tech’s Three C’s of Enterprise Collaboration framework to help buyers effectively navigate the collaboration software marketspace.
With a return to the office looking ever more feasible, organizations need to consider what role web conferencing solutions will play moving forward. This note outlines three trends organizations should be aware of as we move into 2022.
On March 11, 2021, Verizon provided updates to BlueJeans’ product vision and direction for FY2021. BlueJeans experienced dramatic adoption in 2020, particularly for webinars and events, and seeks to offer advanced breakout room features in the future.
On February 24-25, 2021, Zoho held its annual ZohoDay – a conference aimed at communicating the state of the business and product roadmaps. The event coincided with Zoho’s 25th year as a company, testament to Zoho’s long-term business approach: grow organically, have zero debt, zero external investments, remain cashflow positive, and plow cashflow back into the business and customers.
On October 29, 2020, Verizon briefed on BlueJeans’ product vision and direction. This note outlines the new and upcoming features that users can expect from BlueJeans for the rest of 2020 and into 2021. However, with the table stakes margin for features rapidly increasing in the web conferencing marketspace, BlueJeans’ new features are less a way to stand out from the crowd and more as a necessity to keep up.
On November 5, 2020, Cisco briefed on its upcoming virtual legislative session tool Webex Legislate. With a range of features that governing bodies around the globe have desired throughout the extent of the pandemic, Webex Legislate surely becomes the must-have tool for conducting virtual and hybrid sessions – especially if an agency is already leveraging Cisco products.