How Zoom Secures Your Meetings
With recent security concerns at other communications companies (like this one from WebEx), we wanted to give you an updated primer on Zoom’s security. Security is our highest priority. We have built the most secure network with the most robust security features for our customers. In fact, many of the world’s most-trusted information security companies trust Zoom with their meetings, including Sophos, Trend Micro, Duo Security, Tenable Network Security, and Druva. Zoom is SOC2 compliant, certified by TRUSTe for privacy, and an active participant of the EU-US Privacy Shield Framework. Zoom also enables HIPAA compliance and we’ll sign a BAA.
Let’s look at some of these key Zoom security features that your enterprise can trust:
1. Secure Networking
Good news! All Zoom meetings are also protected by multiple security layers with flexible controls.
- Cloud Infrastructure: Zoom meetings run on our highly reliable, scalable, secure infrastructure platform in the cloud. A distributed network of low-latency multimedia routers resides on Zoom’s communications infrastructure. All session data originating from the host’s device and arriving at the participants’ devices is dynamically switched — never stored persistently.
- Encryption: Zoom secures session content by encrypting the web communications channel to https://zoom.us. Zoom also supports SSL/TLS (port 443) network-layer communications between the Zoom app and the multimedia router, as well as NIST AES 256 application-layer encryption.
- Post-Meeting Security: Once the meeting is over, no session information is retained on the Zoom routers or on any participant’s devices. If a meeting is recorded, the recording is located on that customer’s local machine or in the secure Zoom cloud if selected.
2. Scheduling Features
Here are some features you can access when you’re scheduling your meeting to make it more secure:
- Password Protection: Password protect your meetings by clicking Require meeting password and entering an alphanumeric password when you schedule your meeting. The password is automatically populated in the calendar invitation. This means that only people with both the meeting ID and password can join your meeting.
- Join Before Host Options: When scheduling, you have the option to either allow participants to Join Before Host, or not. If you don’t select this option, no one can join the meeting without you being there to start the meeting. This gives you greater control over the meeting. Even if you do select Join Before Host, you still get an email notification when they join before you.
3. In-Meeting Features
The meeting host has a variety of controls they can use to secure their meeting. For example:
- Lock the Meeting: When you’re in the meeting, click Participants at the bottom of your Zoom window. In the participants’ pop-up box, you will see a button that says Lock Meeting. When you lock the meeting, no new participants can join, even if they have the meeting ID and password.
- Expel a Participant: In the participants’ menu, you can mouse over a participant’s name, and several options will appear, including Remove. Click that to kick a participant out of the meeting. They can’t get back in if you then click Lock Meeting.
- Waiting Room: Protect participant privacy by keeping some participants in your virtual waiting room while you finish up meeting with others. Follow these simple instructions.
- Attendee On-Hold: If you need a private moment, you can put attendees on-hold. The attendee’s video and audio connections will be disabled momentarily. Click on the attendee’s video thumbnail and select Start Attendee On-Hold to activate this feature.
Other host controls include locking screen-sharing, enabling/disabling participant recording, watermarking screen shots, and disabling in-meeting chat.
4. Advanced Security Options
Some enterprises have additional security needs for video and web conferencing. Zoom at your service!
- Meeting Connector: The Zoom Meeting Connector is a hybrid cloud deployment method which allows a customer to deploy Zoom within the company’s internal network. The meeting administration is managed on Zoom’s infrastructure, but the meeting itself is hosted in the company’s internal network. All the meeting traffic, including audio, video, and content sharing stays within the company’s own network. This leverages your existing network security setup to further protect your communications.
- Single Sign-On (SSO): With SSO, a user logs-in using your company’s identity provider such as Microsoft Active Directory, Centrify, Okta, or Google to access a variety of applications. Zoom works with all SSO providers via SAML or OAuth so you can easily assign who gets access to Zoom. Zoom also offers an API call to pre-provision users from any database backend. With Zoom, you can map attributes to provision a user to different groups with feature controls.
Want more details on Zoom’s security features? Check out our Security Guide or sign up for a one-on-one demo with a friendly product specialist.