Apr 06, 2020 Do You Need End-to-End Video Meeting Encryption?
Posted at 11:45h in Nemertes Blog
Before you rush to implement work-from-home, take some time to understand your security needs, and ensure that solutions in use support them.
The rush to work from home as a result of the coronavirus pandemic has led to a rapid adoption of video-based meeting services, often without organizations having the time to perform necessary due diligence to evaluate security and compliance capabilities.
Of late, a few security-related issues have arisen around Zoom Meetings, leading Zoom founder Eric Yuan to pen a blog post stating that he has implemented a 90-day feature development freeze to focus resources on addressing security issues. As you can imagine, Zoom’s competitors have used these issues to reinforce their own commitments to security as they attempt to differentiate themselves in the marketplace.
Most recently, Zoom’s encryption model has come under attack, underscoring an issue that isn’t unique to Zoom. Like Cisco and Symphony, Zoom offers end-to-end encryption for its messaging app. However, Zoom doesn’t provide end-to-end encryption for meetings. Rather, it encrypts voice and video data in transit between the Zoom client or Zoom Room endpoint to Zoom’s servers, but once the data reaches the servers, Zoom must decrypt the data to support recording, transcription, and a variety of other features.
Zoom isn’t alone in this respect. For meeting vendors to offer advanced features such as transcription and recording; take advantage of emerging AI capabilities like facial recognition; or support third-party integrations, they must be able to unencrypt video and audio data to analyze it. The common model for encryption among meeting applications is data at rest (on the provider’s servers) and in motion (e.g., endpoint to server).
Read the rest of this post on NoJitter.com