Zoom 5.0: Next Step in Security 90-Day PlanZoom 5.0: Next Step in Security 90-Day Plan
A slew of changes around Zoom’s security and user experience aim to give users and admins greater control over their solution and data.
April 22, 2020
While Zoom is facing a battle on multiple fronts, recent activity suggests that the cloud video provider is finding its footing and digging deep to respond to user security concerns. As evidence, yesterday it took another step forward in its 90-day security plan with updates wrapped up in the newly announced Zoom 5.0.
With the new version, Zoom has two main goals in mind, Oded Gal, head of products for Zoom, told No Jitter in a briefing. The first, really for the non-enterprise audience, is to better explain how to find and access existing security features. The second, for all, is to tighten up data security by adding support for the AES 256-bit GCM encryption standard.
What’s in the New Version?
In terms of Zoom 5.0, the release adds a blend of user experience elements, default settings, and Zoom network updates.
On the network side, the AES 256-bit GCM encryption standard applies to data in transit. Zoom will implement systemwide support for the GCM standard on May 30. In addition, Zoom will now allow account admins to designate a data center region of choice and will allow them to set the routing on an account, group, or user level, according to Zoom. They also will be able to view how their meetings are connecting to Zoom data centers via the Zoom dashboard, which includes any data centers connected to HTTP tunnel servers, as well as conference room Connectors and gateways.
To give admins and users greater control of their meetings, Zoom 5.0 updates allows:
The ability for hosts to be able to report malicious users via a security icon in meetings and disable the ability for participants to rename themselves. Additionally, for education customers, screen sharing now defaults to host only.
The waiting room feature set as the default for education, Basic, and single-license Pro accounts. All hosts can also turn on the waiting room feature when a meeting has already started.
Meeting passwords set as default for Basic, single-license Pro, and K-12 users. Account admins can define password complexity, including length, alphanumeric, and special character requirements. Zoom Phone admins can adjust the length of voicemail PIN.
Passwords set by default to all cloud recordings, except for the meeting host.
Larger organizations can link contacts across multiple accounts, so Zoom users can find meeting, chat, and phone contacts.
Non-personal meeting ID (PMI) meetings now have an 11-digit ID, and meeting IDs and invite options have been moved from the main Zoom interface to the participant’s menu, to make it harder to accidentally share a meeting ID.
Users can opt to have Zoom Chat notifications not show a chat snippet.
Beyond the 90 Days, Working with Partners
While yesterday’s announcement didn’t touch on partner relationships, Gal described how Zoom has been working with partners to ensure what Zoom does for the software side of things that it also does for the hardware side.
And as we approach the first-month mark of Zoom’s 90-day plan, Gal assured that what it learns from this process is just the start. Zoom enacted the 90-day plan to build the processes and teams needed to address security and privacy concerns and will become an indefinite part of Zoom's approach moving forward, Gal said.
