Comprehensive software reviews to make better IT decisions
Zoom Improves Security and Privacy With Version 5.0 Update
Zoom is living up to its namesake in its responsiveness in addressing security and privacy issues that users have identified in its product. While the upcoming release of the 5.0 update addresses many initial concerns, the product still does not offer end-to-end encryption.
Source: Zoom Hits Milestone on 90-Day Security Plan, Releases Zoom 5.0. Published April 22, 2020.
The notable security and privacy enhancements in Zoom 5.0, and the advantages that each feature brings, are listed below:
- AES 256-bit GCM encryption: While AES 256-bit encryption has existed in previous versions of Zoom, the upgrade to AES 256-bit GCM (Galois/Counter mode) not only encrypts the data but protects it from tampering.
- This ensures protection of data security and integrity for Zoom users.
- Data routing control: The Zoom account administrator is able to select which data center regions the organization’s meetings and webinars will use.
- This is a great feature for organizations that are concerned about data sovereignty and the privacy laws of foreign countries.
- Waiting Room default on: Waiting Room is currently an optional Zoom feature. In version 5.0, the Waiting Room is switched on by default. This ensures that meeting attendees are all forced to wait until they are admitted into the meeting by the host.
- This serves to address the possibility of “Zoom bombing.”
- Host control and security: In addition to an enhanced Zoom Dashboard, meeting hosts have the ability to report a user to Zoom, as well as the ability to readily see the security status of a meeting via a new security icon.
- This feature enables greater security for the meeting host and establishes a way to deal with unwanted meeting attendees.
- Meeting password complexity and default on: Meeting passwords were previously optional in Zoom but are now switched on by default.
- This measure addresses “Zoom bombing” by securing the meeting login.
Please refer to Zoom’s blog article Zoom Hits Milestone on 90-Day Security Plan, Releases Zoom 5.0 for additional information on these, and other enhancements in Zoom version 5.0.
Unfortunately, while the product’s meeting control and network transport is much more secure, the product still does not have end-to-end encryption.
It is commendable to see Zoom delivering on its promise to enhance product security in such a rapid manner within their 90-day enhancement freeze period.
The lack of end-to-end encryption, however, is disappointing, even with the additional enhancements in data-in-transit security. That said, the ability for meeting hosts to select the data center region for the hosting of meetings should offer some peace of mind for organizations concerned about their communications hosted on servers in countries where data privacy laws are not formally defined.
Zoom administrators should note that this is an update to the Zoom client software, and therefore the installation must occur on user workstations. This may prove to be a challenge during the current COVID-19 lockdown and work-from-home mandate. It would be helpful if Zoom built in the ability for Zoom administrators to push out client updates to all users of Zoom business accounts. In the interim, organizations should consider company-wide communication to all Zoom business users with upgrade instructions.
Want to Know More?
On June 3, 2021, BlueJeans provided an update on its product direction for 2H 2021. BlueJeans is now fully integrated with Verizon One, completing Verizon’s full UCaaS solution.
On May 21, 2021, Cisco briefed on Webex’s security features. This not only included information about the type of administration control for end users when using Webex from any device, but also Cisco’s certifications and compliances more broadly.
This note outlines Info-Tech’s Three C’s of Enterprise Collaboration framework to help buyers effectively navigate the collaboration software marketspace.
With a return to the office looking ever more feasible, organizations need to consider what role web conferencing solutions will play moving forward. This note outlines three trends organizations should be aware of as we move into 2022.
On March 11, 2021, Verizon provided updates to BlueJeans’ product vision and direction for FY2021. BlueJeans experienced dramatic adoption in 2020, particularly for webinars and events, and seeks to offer advanced breakout room features in the future.
On February 24-25, 2021, Zoho held its annual ZohoDay – a conference aimed at communicating the state of the business and product roadmaps. The event coincided with Zoho’s 25th year as a company, testament to Zoho’s long-term business approach: grow organically, have zero debt, zero external investments, remain cashflow positive, and plow cashflow back into the business and customers.
On October 29, 2020, Verizon briefed on BlueJeans’ product vision and direction. This note outlines the new and upcoming features that users can expect from BlueJeans for the rest of 2020 and into 2021. However, with the table stakes margin for features rapidly increasing in the web conferencing marketspace, BlueJeans’ new features are less a way to stand out from the crowd and more as a necessity to keep up.
On November 5, 2020, Cisco briefed on its upcoming virtual legislative session tool Webex Legislate. With a range of features that governing bodies around the globe have desired throughout the extent of the pandemic, Webex Legislate surely becomes the must-have tool for conducting virtual and hybrid sessions – especially if an agency is already leveraging Cisco products.
On September 4, 2020, Info-Tech briefed with Zoho about current and upcoming features of Zoho Workplace, a global enterprise collaboration platform. Organizations, especially SMBs, that want to look outside of Microsoft’s and Google’s office productivity suite duopoly should consider shortlisting Zoho Workplace as a viable option.