Teleconferencing app Zoom announced Wednesday that it has implemented data center routing capabilities for account administrators — a key step in the company’s efforts to improve Zoom’s security posture.
With data center routing, admins can choose which data center region their account-hosted meetings and webinars use for real-time traffic. The feature is meant to allay fears that Zoom chats and encryption keys were being sent to Chinese servers, where the data could be hijacked by Chinese intelligence.
Furthermore, Zoom said it’s in the process of upgrading to the AES 256-bit GCM encryption standard, a more widely tested and trusted solution compared to the 256-AES ECB encryption scheme it has relied on to date. Zoom has also grouped its security features together in a new security icon in the meeting menu bar, and added a tool for meeting hosts to report abuse.
Overall, Zoom’s 5.0 update is part of the company’s response to criticism from cybersecurity researchers that its platform was littered with privacy and security issues.
The novel coronavirus pandemic has dramatically increased the need for collaboration and videoconferencing software, with millions of employees working from home and relying on software tools to stay connected. Zoom was an early beneficiary of the videoconferencing boom — the company grew from 10 million users in December to more than 300 million users today — but the platform’s weaknesses were quickly exposed after experts found security flaws in the app’s code and privacy issues with user data management.
Facing mounting criticism, Zoom CEO Eric Yuan announced on April 1 plans to stop development on all new app features and focus entirely on security. Zoom said today’s announcement marks a key milestone on its 90-day plan to identify, address, and enhance the security and privacy capabilities of its platform.
“We take a holistic view of our users’ privacy and our platform’s security,” said Oded Gal, CPO of Zoom. “From our network to our feature set to our user experience, everything is being put through rigorous scrutiny. On the back end, AES 256-bit GCM encryption will raise the bar for securing our users’ data in transit. On the front end, I’m most excited about the Security icon in the meeting menu bar. This takes our security features, existing and new, and puts them front and center for our meeting hosts. With millions of new users, this will make sure they have instant access to important security controls in their meetings.”
Zoom 5.0 is slated for release within the week, Zoom said. Adoption of the AES 256-bit GCM encryption standard is scheduled for system-wide account enablement on May 30.