Securing the Zoom for Government Platform
Contents
- 1 Protecting the Zoom Platform for Government Use
- 2 1. End-to-end encryption (E2EE)
- 3 2. A growing list of certifications
- 4 3. Nomadic E911
- 5 4. U.S.-based staff and data centers
- 6 5. Watermarking
- 7 6. Authenticated login
- 7.1 “Elevating Public Sector Security Measures
- 7.2 FAQs
- 7.3 What is the security of Zoom for Government?
- 7.4 What is the best way to secure Zoom?
- 7.5 Is there a difference between Zoom and Zoom for Government?
- 7.6 How do I share my screen in Zoom for Government?
- 7.7 Is Zoom encrypted and secure?
- 7.8 How do I protect my Zoom privacy?
- 7.9 What are key risks for Zoom?
- 7.10 What are the safety issues with Zoom?
- 7.11 Who uses Zoom for Government?
- 7.12 Does Zoom Government have a time limit?
Protecting the Zoom Platform for Government Use
As more and more government agencies adopt Zoom as their primary communications tool, ensuring the platform’s security has become increasingly important. In response to this growing need, Zoom has taken several steps to secure the platform for government use, including:
- Implementing robust encryption and security protocols: Zoom uses state-of-the-art encryption and security protocols to protect the privacy of your data and communication.
- Obtaining certifications and accreditations: Zoom has obtained certifications such as FedRAMP, SOC 2 Type 2, and ISO 27001, which are recognized industry standards for secure cloud services.
- Providing government-specific security features: Zoom offers government-specific security features such as support for multi-factor authentication and the ability to disable recording, screen sharing, and file sharing.
- Partnering with security experts: Zoom has partnered with leading security experts to ensure that our platform remains secure and compliant with government regulations.
With these security measures in place, Zoom provides a secure platform for government agencies to communicate and collaborate effectively, while keeping sensitive information protected.
“Ensuring the Safety and Security of Vital Information
with Zoom for Government With the exchange of sensitive information being a critical aspect of government operations, it’s imperative that the right controls are in place to ensure secure communications.
To meet this crucial requirement, Zoom has developed a specialized platform – Zoom for Government – specifically designed to cater to the unique security needs of the public sector.
Zoom for Government is equipped with robust security features and supports various compliance requirements to ensure the safe and secure exchange of information. Here are the six key ways in which Zoom for Government protects your information: ”
1. End-to-end encryption (E2EE)
Zoom Meetings
The Zoom for Government client enables this feature in the meeting settings that helps encrypt the communication between registered meeting participants, when the Zoom for Government client is used, using Zoom’s standard 256-bit AES-GCM encryption. As a consequence, only the devices of participants in the meeting are aware of the cryptographic keys, which is a significant difference. There can be no third party access to the meeting’s private keys, therefore third parties, such as Zoom, cannot access them.
Zoom Phone
The Zoom Phone feature is available for Zoom for Government users on the same Zoom for Government account to conduct Zoom Phone calls through the Zoom client, where Zoom for Government users are on the same Zoom for Government account and their Zoom for Government accounts are on the same Zoom for Government account, and thus can upgrade to E2EE. It is possible to elevate a call to an encrypted one during a call by clicking “More” and then selecting “Encrypted” when you select “More”. As soon as E2EE is enabled, the call is encryptd using cryptographic keys which can only be decrypted by the caller’s and receiver’s devices. A unique security code will also be provided by one user to another in order to verify that they are part of the E2EE protocol.
2. A growing list of certifications
It has been approved as a Moderate Level FedRAMP product by Zoom for Government. There has been a provisional authorization granted by Defense Information Systems Agency (DISA) for conducting meetings at Impact Level 4 (IL4) at the Department of Defense (DoD) and an authorization to operate (ATO) was granted by the Department of Air Force for conducting meetings at Impact Level 4 (IL4) in the United States. It has also achieved a StateRAMP Moderate approval and supports HIPAA, CJIS, and CMMC compliance requirements, and also supports HIPAA, CJIS, and CMMC compliance requirements.
There are a few more attestations that Zoom has attained, all of which can be found in our Trust Center, along with these government specific authorizations. Zoom commercially has also acquired a number of other relevant attestations.
3. Nomadic E911
The Zoom Phone for Government applications offer enhanced 911 features (E911) that can be used in the event that an emergency call is placed using Zoom Phone for Government. This feature can be used to direct emergency services to an exact location based on the location of the emergency call itself. Zoom Phone soft and hard phones, when combined with Zoom’s Nomadic E911, can receive a call from an emergency call center to let the dispatcher know where a user is as they move around a facility, enabling the dispatcher to provide exactly the location of the user during an emergency.
It comes as a standard feature in Zoom Phone and is called Nomadic E911, and uses the Nomadic E911 technology, which helps modern day government agencies comply with the RAY BAUM’s Act, which requires modern organizations to report an instantly dispatchable location when it comes to personnel safety. It is very important for agencies to have this feature since they are embracing flexible working practices, which is helping to ensure employees are kept safe wherever they are.
It is important to keep in mind that nomadic E911 cannot be configured on Zoom Phones, so please see this guide for details.
4. U.S.-based staff and data centers
An example of this kind of solution would be Azure Public Cloud which is part of Amazon’s GovCloud infrastructure, along with co-locating data centers located in the United States. A US-based company is responsible for the deployment and management of the system. There is no commercial Zoom version available with this feature. It is available only with Zoom for Government.
5. Watermarking
The Zoom watermark is a feature that can be enabled by meeting hosts as a means of protecting confidential information shared during a meeting and preventing leaks.
-
As a part of the image watermark feature, a portion of a meeting participant‘s email address is superimposed on an image on a shareable screen. As well as being splashed throughout the content that someone is presenting, this image is also displayed as a video.
-
Watermarks are invisible, inaudible marks that are added to any offline recording of a meeting containing a user’s information. There is a possibility that Zoom can help detect who recorded the meeting if the audio file is shared without permission.
6. Authenticated login
As part of Zoom for Government’s efforts to ensure that users are authenticated as they log on to the client, we offer a single sign-on (SSO) feature, which makes it very safe and quick for users to login to the client. It is still possible to add an extra layer of security to the process by combining two-factor authentication with single sign-on if you are not able to use single sign-on. In order to achieve zero-trust architecture, two-factor authentication and single sign-on have become essential, which have been identified as key factors that will strengthen agencies’ security posture as a result.
“Elevating Public Sector Security Measures
Zoom for Government offers a range of security features and authorizations to ensure secure communication for the public sector. Both the government and commercial versions of Zoom are equipped with numerous security-focused options, from in-meeting controls to privacy notifications, to make security an integral aspect of government communications.
Effective and secure communication is critical for government operations. Whether sharing policy updates or working on a team project, government employees can trust Zoom for Government to provide fast, flexible and seamless exchange of sensitive information, all while fortifying the security stance of the public sector.”
FAQs
What is the security of Zoom for Government?
What is the best way to secure Zoom?
Is there a difference between Zoom and Zoom for Government?
What sets Zoom Commercial apart from Zoom for Government? / What are the key differences? Zoom for Government includes all of the same functionality as Zoom Commercial, but it works in a dedicated and secure infrastructure that was developed to meet the criteria of the FedRAMP Moderate baseline and the DOD Impact Level 2 certifications.
Simply select the “Share Screen” option from the conference controls on your computer. b. Click the Basic option to share your whiteboard, a selected application window, or your complete desktop.
Is Zoom encrypted and secure?
How do I protect my Zoom privacy?
- Join the meeting being held on Zoom.
- To enable the waiting room, lock the meeting, remove participants, or any other feature you need, you must first click the Security icon that is located in the meeting control.
What are key risks for Zoom?
- Cyber security risk
- Financial risk
- Competition risk
- Third-party risk
- Catastrophic risk
- Legal and compliance risk
- Reputational risk.
What are the safety issues with Zoom?
Who uses Zoom for Government?
Does Zoom Government have a time limit?
*Note that even though the meeting is begun without the host being present, it is still bound by the time limit that the host has set, which in this case is thirty hours.