Between December 2019 and April 2020, largely driven by the Coronavirus pandemic, Zoom’s daily meeting participants have increased by 2900% from 10 million per day to 300 million per day. This surge in popularity and Zoom’s uptake by public bodies and governments around the globe have, quite rightfully, prompted increased scrutiny on its security practices.
DevOpsGroup has taken the following actions to ensure we communicate as securely as possible. All of these steps are in addition to the published improvements/fixes made by Zoom:
- Enforced Encryption on all 3rd Party Endpoints
- Zoom has clarified its position on end-to-end encryption here. Whilst we leverage the Cloud Recordings connector, data in transit to and at rest is encrypted.
- Enabled password protection for all Cloud Recordings.
- Enabled password protection for all Personal Meetings, Scheduled Meetings and Instant Meetings. The password is shared to invited individuals in the invitation email or is delivered within a direct URL as provided by the meeting host.
- Removed China and Hong Kong data centres / Regions from hosting our meeting data. We remain connected to all other world regions to best support dial-in functionality from across the globe.
In addition, Zoom has begun preparing a release to support an upgrade from AES 256 ECB to AES 256 GCM Encryption on 30th May 2020. We work hard to ensure all DevOpsGroup Staff are always running the latest version of the client to benefit from both this and continual security improvements. We recommend that where customers are already using Zoom to communicate with us that they continue to keep their Zoom client up to date as well.