Zoom unveils new security offerings at Zoomtopia
With the advent of flexible work, technology providers have been challenged with supporting an “always verify, never trust” mode of operation, not only to deal with a new generation of threats. In addition to our current offerings, we have also added three new security features to our range of security features. In addition to these features, Zoom Mail Service (beta) offers end-to-end encrypted (E2EE) messages, Zoom Phone voicemail includes advanced encryption, and enterprise auto-updates can be enabled automatically.
As part of our annual Zoomtopia customer conference, our security team announced a number of exciting security updates on the following topics:
Contents
Email security with end-to-end encrypted email
We are pleased to announce the release of Zoom Mail and Calendar, the next step in the evolution of our platform and productivity suite. There is a new Zoom desktop client that supports popular email services as well as Zoom Mail Client (beta), which means that you will be able to access your existing email accounts from within Zoom Desktop Client (beta). Aside from the Zoom Mail and Calendar Clients, we are also announcing the add-on Zoom Mail Service (beta) and Zoom Calendar Service (beta) hosted entirely on Zoom’s infrastructure, alongside Zoom Mail and Calendar Clients. With the launch of Zoom Mail Service, email messages sent directly between active Zoom Mail Service users will be encrypted end-to-end (E2EE).
There are several benefits associated with Zoom Mail Service’s end-to-end encryption feature. It ensures that your emails remain secure and private. Using the Zoom Mail Service, users can receive and send encrypted emails between them, which means that the customer will control the encryption keys and therefore have access to the contents of the emails, including attachments and the subject line, which is an advantage over the current encryption method. There are a number of items that will remain available to Zoom servers as long as they are required to provide the service. Examples of these are sender and recipient names, attachment number and size, and timestamps.
You and the person you are emailing must both use email addresses assigned to you through Zoom Mail Service, and each email address must be associated with one or more devices. In order to provide end-to-end encryption through Zoom Mail Service, you and the person you are emailing must use related email addresses. In order to indicate that the email has been sent and received end-to-end encrypted, a green shield icon will appear at the bottom of the message if it has been encrypted end-to-end. There will be no end-to-end encryption for emails sent to and from email accounts not hosted by Zoom, but they will be encrypted at rest by Zoom to verify that they are secure and an orange shield icon will appear at the bottom of the message indicating that they are (as “server encrypted”). Upon receiving email messages from third-party email services, Zoom Mail Service encrypts those emails as soon as possible after they have been received.
Zoom offers a compelling solution to small-to-medium-sized businesses that are concerned with security and privacy when it comes to their communications. A beta version of the service will be available to U.S. and Canadian customers on paid plans. Please refer to our pricing page for more information on Zoom business plans and how they differ from one another.
Enhanced security for Zoom Phone voicemail with advanced encryption
There is no doubt that voicemails contain sensitive information, especially when they are left in highly regulated industries such as law and finance. We are extending Zoom Phone‘s capabilities to include advanced encryption to its voicemail services in addition to our rollout of E2EE.
Users on the Zoom Phone Power Pack plan are able to access their account, group, or phone management settings from their Zoom Phone accounts to turn on advanced encryption for Zoom Phone voicemail (beta) for specific users or all users under their account if they have the Zoom Phone Power Pack plan enabled. Upon enabling voicemail, zoom servers will receive and record the voicemail messages, which will then be encrypted with a key that is only known to the device that the voicemail is intended to be sent to. These keys may also be shared with the user‘s account administrator if the enterprise user has the escrow feature enabled in their account.
A new feature of Zoom Phone’s Power Pack is the addition of advanced encryption for Zoom Phone’s voicemail (beta). Those Zoom Phone Power Pack customers who have not yet taken advantage of this feature can reach out to their account team and request that it be enabled for their account in the near future.
More options for enterprise customers to stay up to date
Our broader consumer base was introduced to automatic updates last fall, with the aim of providing you with an easy and straightforward way to stay up-to-date with the Zoom desktop client by making it easy for you to keep it updated. Our enterprise customers now have the option to automatically update their Zoom software in their organizations, which helps provide them with even more options and flexibility as they wish to roll out Zoom updates to their users automatically.
The account administrator had the option in the past of deploying only single versions of Zoom for both Windows and macOS to their users. In order to improve your organization’s security posture, our new enterprise automatic updates feature – or enterprise auto-update – allows you to keep your users on the latest versions of Zoom software. This enhances the security position of your organization as well. In Zoom dashboards, administrators can choose which users you would like to update to the latest version of Zoom based on what account has Zoom Device Management enabled.
The admins can also select from two frequencies to push new versions of our software as part of the feature introduced in 2021: the “Slow” frequency, which will distribute fewer updates and will place a greater emphasis on stability, and the “Fast” frequency, which will distribute the newest updates and features as quickly as possible. A Zoom administrator can also choose exactly when new versions of Zoom are to be automatically installed to their users, or if they want them to be installed only when a user’s Zoom desktop client has not been used for a certain amount of time.
As soon as the enterprise auto-update feature is available, Zoom will be able to provide it to its customers.
A platform built on trust
We are committed to building a platform that you can count on and trust – for your online interactions, for your information, for your business, and for your finances. In order to build this trust, Zoom offers multiple encryption options, which are a vital part of our evolving security strategy, as they help build the foundation for that trust.
The rest of our security Zoomtopia sessions can be found here. You can also check out our security Zoomtopia sessions to learn more about how Zoom approaches security, privacy, safety, and compliance.
FAQs
Is Zoom end-to-end encrypted now?
Is Zoom encrypted and secure?
How secure is Zoom now?
The following capabilities related to the meeting’s internal security are offered to the meeting host: Encrypted meetings are enabled by default, with E2EE encryption available as an optional extra. Make sure attendees have somewhere comfortable to wait. Demand that the host be present before the beginning of the meeting.
Is Zoom a security risk?
Is Zoom secure 2023?