Zoom achieves new global security standards for core products with ISMAP registration
Zoom is now registered with the Information system Security Management and Assessment Program (ISMAP). Find out what this means for our customers.
Updated on December 15, 2022
Published on November 08, 2022
With flexible work comes a new collection of threats, tasking technology providers with supporting an “always verify, never trust” mode of operating. We’ve stepped up to the plate, growing our list of security features to now include three new offerings. These include our end-to-end encrypted (E2EE) feature for Zoom Mail Service (beta), advanced encryption for Zoom Phone voicemail, and enterprise auto-update.
Here are the details on the exciting security updates announced at Zoomtopia, our annual customer conference:
Today, we announced the next step in our platform evolution and productivity suite, Zoom Mail and Calendar. With Zoom Mail Client (beta) and Calendar Client (beta), you will be able to access your existing email accounts from popular email services within the Zoom desktop client. In addition to the Zoom Mail and Calendar Client release, we also announced a new Zoom Mail Service (beta) and Calendar Service (beta) hosted entirely on Zoom’s infrastructure. Zoom Mail Service will offer end-to-end encryption (E2EE) for emails sent directly between active Zoom Mail Service users.
Zoom Mail Service’s end-to-end encryption feature is designed to enhance the privacy of your email communication. It will support end-to-end encryption for emails between Zoom Mail Service users, meaning that the customer — not Zoom — controls the encryption keys and therefore access to email contents, including any attachments or the email’s subject line. Information such as the sender and recipients, attachment number and size, and timestamps will remain available to Zoom servers as they are necessary to provide the service.
To use end-to-end encryption in Zoom Mail Service, you and the person you’re emailing must use email addresses assigned through Zoom Mail Service and have one or more devices associated with each email address. End-to-end encrypted emails sent and received by other Zoom Mail Service users will be marked with a green shield icon at the bottom of the message. Email messages to and from email accounts that are not hosted by Zoom will not be end-to-end encrypted, but will still be encrypted at rest by Zoom and marked with an orange shield icon (as “server encrypted”) at the bottom of the message. Zoom Mail Service encrypts incoming emails from third-party email services as soon as possible upon receipt.
For small-to-medium businesses with a focus on security and privacy, Zoom offers a compelling solution. Customers on paid plans in the U.S. and Canada will be granted access to the beta. For more details on Zoom business plans, please see our pricing page.
When it comes to leaving sensitive voicemails, especially in industries like legal and finance, security is paramount. In addition to our rollout of E2EE to Zoom Phone, we are now adding advanced encryption to Zoom Phone voicemail.
To enable advanced encryption for Zoom Phone voicemail (beta), account administrators on the Zoom Phone Power Pack plan can visit their account, group, or phone management settings to turn this feature on for specific users or all users on their account. Once enabled, voicemail messages are received and recorded by Zoom servers which encrypt them with keys only known to their intended recipients’ devices. For enterprise users with the escrow feature enabled, these keys might be also shared with the user’s account administrator.
Advanced encryption for Zoom Phone voicemail (beta) is now available where Zoom Phone Power Pack is sold. Customers on the Zoom Phone Power Pack plan can reach out to their account team and ask for this feature to be enabled for their account.
Last fall, we introduced automatic updates to our broader consumer base to give you simple and straightforward ways you can keep your Zoom desktop client up to date. And now we’re expanding these efforts with automatic updates for enterprises, which helps provide more options and flexibility for enterprise customers hoping to roll out Zoom updates automatically to their users.
Previously, account administrators could only deploy single versions of Zoom for Windows and macOS for their users. Our new enterprise automatic updates feature — or enterprise auto-update — is intended to enhance your organization’s security posture by making it easy to keep your users on the latest versions of Zoom software. For accounts with Zoom Device Management enabled, administrators can select which users they are ready to update to the newest version of Zoom in the Zoom dashboard.
Similar to the 2021 feature, admins can also select from two frequencies to push out new versions of our software: a “Slow” option with fewer updates and a focus on stability, and a “Fast” option to distribute the newest updates and features as soon as possible. Admins may also select a specific time to automatically install new versions of Zoom to their users, or whether to install them when the user’s Zoom desktop client is inactive.
Zoom’s enterprise auto-update will become available in the upcoming weeks.
We’re committed to building a platform you can trust — with your online interactions, information, and business. Multiple encryption offerings help build the foundation for that trust, and are a key part of our evolving security strategy at Zoom.
To learn more about Zoom’s approach to security, privacy, safety, and compliance, check out the rest of our security Zoomtopia sessions.