Zoom has lifted the lid on a selection of security-focused updates designed to shield users from advanced threats.
At its annual Zoomtopia conference, the video conferencing company announced three major new additions: end-to-end encryption (E2EE) for Zoom Phone, a new bring your own key (BYOK) service and an identity verification scheme.
The company says the new features will expand upon protections already in place (such as E2EE for Zoom calls), and will hope they also go some way to erasing its past security hiccups from memory.
“Zoom strives to be a platform built on trust – trust between users, trust in online interactions and trust in our services,” wrote Karthik Raman, Principal Product Manager.
“Multiple encryption options and identity verification help build the foundation for that trust, and are a key part of our evolving security strategy.”
Zoom security updates
The most significant of the security features announced at Zoomtopia is perhaps the identity verification program, which was described as the start of a new long-term strategy.
Under this scheme, which is being developed in partnership with identity management company Okta, users will be asked to verify their identity before joining a meeting. The system will vet users by assessing a combination of data points, including account credentials, security questions, multi-factor authentication, device ID and more.
Once inside, a blue checkmark will appear next to their name in the roster to show they have successfully passed identity checks.
“With social engineering and phishing attacks becoming more sophisticated, protecting personal information is more important than ever. Identity authentication and attestation can help determine if a meeting guest is who they say they are,” explained Raman.
This way, he says, customers can freely share classified information over Zoom calls in the knowledge that no intruders are present.
The BYOK service, meanwhile, is designed to give companies with extensive compliance requirements a way to protect large assets (such as meeting recordings) more effectively. Customers that enroll will take control of a key management system within AWS, which will contain a master key that no other party can access – including Zoom itself.
And finally, Zoom is bringing end-to-end encryption to Zoom Phone, its cloud phone system. The company says the feature will add a layer of protection to one-on-one calls by shielding against server compromise.
The new identity verification scheme and E2EE for Zoom Phone will come into effect “some time next year”, while a beta for the BYOK service will roll out over the next few months.