Do You Need End-to-End Video Meeting Encryption?

The rush to work from home as a result of the coronavirus pandemic has led to a rapid adoption of video-based meeting services, often without organizations having the time to perform necessary due diligence to evaluate security and compliance capabilities.

Of late, a few security-related issues have arisen around Zoom Meetings, leading Zoom founder Eric Yuan to pen a blog post stating that he has implemented a 90-day feature development freeze to focus resources on addressing security issues. As you can imagine, Zoom’s competitors have used these issues to reinforce their own commitments to security as they attempt to differentiate themselves in the marketplace.

Most recently, Zoom’s encryption model has come under attack, underscoring an issue that isn’t unique to Zoom. Like Cisco and Symphony, Zoom offers end-to-end encryption for its messaging app. However, Zoom doesn’t provide end-to-end encryption for meetings. Rather, it encrypts voice and video data in transit between the Zoom client or Zoom Room endpoint to Zoom’s servers, but once the data reaches the servers, Zoom must decrypt the data to support recording, transcription, and a variety of other features.

Zoom isn’t alone in this respect. For meeting vendors to offer advanced features such as transcription and recording; take advantage of emerging AI capabilities like facial recognition; or support third-party integrations, they must be able to unencrypt video and audio data to analyze it. The common model for encryption among meeting applications is data at rest (on the provider’s servers) and in motion (e.g., endpoint to server).