90-Day Security Plan Progress Report: April 29
Every week we’re making significant product changes that further enhance safety and security on our platform as part of our 90-day security plan. Today’s “Ask Eric Anything” webinar focused on Zoom 5.0, which we released this week and includes support for enhanced encryption and several other security features.
Eric was joined by Zoom CPO Oded Gal and Zoom CIO Advisor Gary Sorrentino, who gave an update on our CISO Council. Zoom CTO Brendan Ittelson and Alex Stamos, a privacy advisor to Zoom, also joined for the Q&A.
Here are some updates from the past week and what’s coming:
Key takeaways from this week’s session
Release of Zoom 5.0
Zoom 5.0 includes new features and enhancements to give you unparalleled control over your meetings and data. It also includes support for 256-bit AES GCM encryption, one of the most secure encryption standards available, and the new Report a User feature within the Security icon, which sends a report on platform misuse to Zoom’s Trust & Safety team. Get more info on our Zoom 5.0 webpage.
How to update your Zoom client
System-wide account enablement to 256-bit AES GCM encryption will occur on May 30, 2020, and only Zoom clients on version 5.0 or later, including Zoom Rooms, will be able to join Zoom Meetings starting that day. To update your client, visit the Zoom download page. IT administrators should visit the Zoom 5.0 IT administrators page to manage this update for various endpoints in their environment.
Zoom’s CISO Council
Zoom CIO Advisor Gary Sorrentino will be heading up Zoom’s CISO Council, which will feature 39 global CISOs that will engage in an ongoing dialogue about privacy, security, and technology issues and best practices. Gary is a former managing director for J.P. Morgan Asset & Wealth Management where he was the Global Head of Client Cyber Awareness and Education. Gary also led J.P. Morgan’s data privacy program and their cybersecurity efforts.
Here are some of the topics that were addressed live from webinar attendees this week:
What is GCM?
GCM (Galois/Counter Mode) is an authenticated encryption algorithm that provides data integrity in addition to confidentiality and is widely used for its performance. Zoom has moved from 256-bit AES encryption using ECB to 256-bit AES GCM encryption in meetings.
What are we doing about companies potentially banning Zoom due to security concerns?
The Zoom executive team put together a letter outlining our policies, security program, and dedication to providing a secure and safe platform. You can read it here. Some of the largest organizations in the world have done exhaustive security reviews of Zoom and use our platform for their critical communications.
Will the Security icon be available on the webinar platform?
We do not currently have plans to add the Security icon to the webinar platform, as webinars are typically “one-to-many” and don’t typically require the same level of interactivity between participants as Zoom meetings.
Is it possible for a Zoom user to record a meeting without other users knowing?
No, Zoom is required by law to inform users when they are being recorded and has clear audio and visual prompts when a recording is started.
When requiring participants to register to join a meeting, do they have to have a Zoom account?
Zoom meeting participants do not have to sign up or register to attend meetings. However, if a meeting host would like to require their participants to register, they can choose one of the following options:
- Allow only authenticated users to join, which means they must have a Zoom account and be signed in to join. The host can also choose to admit only those authenticated users with a specific email domain.
- Choose to require meeting or webinar registration, in which case users do not need an account to join.
Thank you for your support
Thank you to all who attended today’s session and submitted questions! We appreciate your engagement and are grateful for your support as we make Zoom the world’s most secure enterprise communications platform.
If you missed this week’s session, you can watch the recording here:
Editor’s note: This blog post was edited on Aug. 2, 2021 to include the most up to date information on Zoom encryption.