Unlocking New Zoom Security Enhancements: E2EE for Zoom Phone, BYOK, and Verified Identity
As today’s organizations face a complex and advanced threat landscape, we want to help equip them with the tools they need to mitigate risk. Our customers’ needs sparked the rollout of our new end-to-end encryption (E2EE) offering last October, and now we’re taking the next step in our security journey by expanding our E2EE offering to Zoom Phone, as well as developing two exciting new technologies: a Bring Your Own Key (BYOK) offering and Verified Identity.
Here are details on the exciting updates announced at this year’s Zoomtopia:
E2EE for Zoom Phone
Previously only available in Zoom Meetings, our E2EE offering will be extended to Zoom Phone. Users will have a new option to upgrade to E2EE during one-on-one phone calls that occur via the Zoom client.
During a call, users can click “More” to find the option to enable end-to-end encryption. The upgrade takes under a second and helps add an extra layer of security to users’ phone calls occurring over Zoom. Additionally, users will have the option to verify E2EE status by providing a unique security code to one another.
E2EE for Zoom Phone will be available in the coming year.
Visit this support article to learn how to currently enable E2EE for Zoom Meetings on your account.
Bring Your Own Key (BYOK)
We’re creating a BYOK offering to allow customers with strict compliance requirements or data residency needs to provision and manage their own encryption keys.
With our BYOK offering, both Zoom and the customer are responsible for establishing a security framework. Customers using BYOK will own and manage a key management system (KMS) in AWS, which will contain a customer master key (CMK) that Zoom cannot access or see. Zoom will interact with the customer’s KMS to obtain data keys for encryption and decryption and will use these data keys to encrypt and decrypt customer assets before those assets are written to long-term storage. Zoom will not store plaintext data keys in long-term data storage.
BYOK is a separate offering from E2EE and is not designed for real-time use cases like streaming video. It’s best used for the secure storage of larger assets, such as recording files.
With social engineering and phishing attacks becoming more sophisticated, protecting personal information is more important than ever. Identity authentication and attestation can help determine if a meeting guest is who they say they are.
An identity verification program allows you to have safer discussions involving sensitive information, enables specialized services, and prioritizes identity protection. It deploys multi-factor authentication to decrease risk, relying on a combination of the following items to vet users:
- Who you are: Role in an organization, credentials, and networks in use
- What you have: Devices, authentication apps, codes, biometrics, and email addresses
- What you know: Passwords, security questions, and profile information
To make attestation and authentication integral to the Zoom experience, we’re working with Okta to help verify users as they join Zoom Meetings. Once they’re in a meeting, a user will have a checkmark next to their name and can share their verified profile information — including name, email address, and company domain — with meeting participants. Meeting hosts can use in-meeting security controls to remove a participant if for some reason they are not verified or the displayed information seems incorrect.
Displaying verified profile information via Okta will be available sometime next year, and is the start of Zoom’s long-term identity attestation and verification initiative strategy.
A platform built on trust
Zoom strives to be a platform built on trust — trust between users, trust in online interactions, and trust in our services. Multiple encryption options and identity verification help build the foundation for that trust, and are a key part of our evolving security strategy at Zoom.