Zoom has grown in popularity because of the COVID-19 pandemic and a rapid shift to remote work, but your customers may also be hesitant to use the platform because of its well-documented security issues earlier this year.
However, the company has rolled out new security features since then and is now rolling out an end-to-end encryption offering as a technical preview for 30 days as the company seeks feedback form its users, the company announced during its two-day virtual Zoomtopia event.
The enhanced encryption for both free and paid users comes after Zoom in May announced plans to build an end-to-end encryption (E2EE) model into the popular videoconferencing platform to increase meeting security. In a press release, the company says this initial roll out is the first of four phases in releasing the E2EE model.
Zoom earlier this year took 90 days to address security concerns with the platform after reports of meeting hijackers easily joining calls as usage skyrocketed in the early days of the COVID-19 lockdown. The company added on new security features like better meeting controls, stronger password protections, and enhanced encryption.
According to the company, its E2EE uses the same GCM encryption currently offered to Zoom users, but where those encryptions live has changed. Zoom’s cloud typically generates encryption keys and distributes them to meeting participants using Zoom apps as they join. With this new offering, the meeting’s host generates encryption keys and uses public key cryptography to distribute keys to the other meeting participants.
Read Next: Zoom Publishes Draft of Encryption Design
That turns Zoom’s servers into oblivious relays that never see the encryption keys required to decrypt meeting content, according to the company.
All participants must have the setting enabled to join a call that is end-to-end encrypted. Hosts can enable the setting at the account, group and user level, and can be locked at the account or group level, according to the company.
In the first phase, all participants must join from the Zoom desktop client, mobile app or Zoom Rooms.
“End-to-end encryption is another stride toward making Zoom the most secure communications platform in the world,” said Zoom CEO Eric S. Yuan in a statement. “This phase of our E2EE offering provides the same security as existing end-to-end-encrypted messaging platforms, but with the video quality and scale that has made Zoom the communications solution of choice for hundreds of millions of people and the world’s largest enterprises.”
At least in this version, enabling E2EE will disable some features, like joining before the host, cloud recording, streaming, live transcription, breakout rooms, polling, 1:1 private chat and meeting reactions.
The company is planning to roll out better identity management and E2EE SSO integration as part of the second phase, which is tentatively scheduled for 2021.