Zoom achieves new global security standards for core products with ISMAP registration
Zoom is now registered with the Information system Security Management and Assessment Program (ISMAP). Find out what this means for our customers.
Updated on April 07, 2023
Published on March 05, 2021
While last year was characterized by a collective, sudden shift to a remote workforce, 2021 is poised to become the year of the hybrid work model. As some employees return to work safely, others may remain home, or a mix of both.
While this hybrid workforce creates flexibility and scalability, it presents a complex IT challenge that will require a more thoughtful approach to security — a strategy designed to secure employees no matter where they are or what they do.
To secure this modern workforce, IT teams should follow these four steps:
A distributed workforce results in disparate data. With employees sharing information around the globe, using both personal and corporate devices, it can be a challenge for IT to monitor all this activity. This is only compounded by the pressing issue of privacy. As this distributed workforce operates in unique environments, employees need to carefully handle customer data to ensure user privacy is always a priority. This makes an effective endpoint data protection strategy crucial.
To secure all endpoints, IT should start by deploying comprehensive mobile device management (MDM). With MDM, they can manage and secure employees' mobile devices — laptops, smartphones, and tablets — regardless of the mobile service provider or operating system in use.
Since these devices will live on both corporate and personal networks, IT teams need to re-evaluate the way they approach networking security as well. To protect in-office employees, IT teams should deploy agile networking solutions that offer real-time monitoring and anomaly detection. When it comes to personal networks, IT should train employees on how to secure their home networks, encouraging them to follow simple best practices, such as changing default passwords and keeping firmware up-to-date. IT must also ensure a VPN option is readily available for all employees, but especially for those who jump back and forth between the office and home and are constantly on the go.
For a hybrid workforce to be successful, companies must use current circumstances to their advantage. As Bring Your Own Device (BYOD) becomes the norm, IT teams can strategically leverage these personal devices to their advantage via multi-factor authentication.
Through multi-factor authentication, IT can use personal smartphones and other devices to verify a user. It reduces the chance of data compromise while making security part of an employee’s daily routine. To help keep devices secure from advanced threats, IT should also encourage employees to routinely check which devices are registered under multi-factor authentication, ensuring they recognize all the devices on there.
Multi-factor authentication ladders into a zero-trust model, in which authentication and validation are required before employees can access relevant applications and the correct data level. This kind of approach is fundamental for securing the hybrid workforce, empowering employees to work from wherever while still safeguarding a company’s assets.
Zoom’s own IT team has already implemented this strategy. We offered employees a robust BYOD program last year that was designed to both enable collaboration via personal devices and safeguard company information via multi-factor authentication. By leveraging BYOD to carry out a zero-trust approach, our IT team aims to strike the right balance between flexibility and security.
One of the most effective ways to increase an organization’s security is to arm its teams with up-to-date training.
Training and continuous learning help employees understand the role end users play in the overall security posture of an organization. This creates a culture of security, where all parties feel invested in the overall protection of an organization, even if they’re disconnected from a physical location.
Zoom will continue to prioritize robust security training for all our employees, as it upskills our talent and helps keep our employees aware of any advanced threats that may impact them.
At Zoom, we’re enabling effective collaboration across the hybrid workforce with flexible and scalable solutions. Between Zoom Meetings, Zoom Video Webinars, Zoom Phone, and Zoom Rooms, we empower users to work from anywhere — the office, home, or both — safely. Our solutions are built with security top of mind, with each offering including a set of features designed to safeguard the Zoom experience.
Our robust 256-bit AES-GCM encryption helps protect the crucial information shared across all our solutions. However, for Zoom Meetings specifically, we’ve created an end-to-end encryption (E2EE) feature, which uses the same powerful 256-bit AES-GCM encryption that supports standard Zoom Meetings, with the only difference being where the keys live. With E2EE, Zoom’s servers don’t generate and manage encryption keys. Instead, the meeting’s host creates the encryption key, distributing it to attendees’ devices. With decrypted information never leaving that specific meeting, this feature helps increase privacy and security for our users. It makes sophisticated technology easily accessible to Zoom users everywhere — all they have to do is toggle the E2EE feature on before they start a meeting.
The hybrid workforce requires a hybrid approach to security, one that leverages both technology and training to foster an agile strategy. By embracing the new needs of the hybrid workforce, organizations will create a realistic and scalable approach to security that will evolve as the business does. Businesses can future-proof operations while empowering safe and effective collaboration.