It is important to remember that regardless of where information is stored, if you own it, then you own it.
Always make sure “Advanced Encryption Chat” is enabled when you set up a Zoom meeting.
Have a clear policy in your organisation that dictates the level of discussions that should be held over Zoom.
Consideration still needs to be given to encryption keys being held offshore. Zoom now guarantees Australian users the key generation will occur either in Australia or the US. It should be noted most video conferencing solutions do not provide end to end encryption, with encryption keys generated from specific servers located in secure data centres. There was significant attention around Zoom not having end to end encryption. This becomes particularly pertinent if Zoom is being used for telehealth or student counselling/welfare. Zoom has recently changed the mode of encryption to Galois/Counter Mode (GCM) with a guaranteed key length of 256 bit What this means for youĪs encryption keys are held offshore, information can be obtained through compel orders, issued by the countries where the cryptographic keys are located, which could also have privacy implications.
Cryptographic keys are managed in offshore servers.
ECB mode is not suitable for video conferencing or as a mode to use with AES, as it contains predictable patterns in its block cypher.
This is still a very good level of encryption, but there are two considerations to note: However, researchers have identified the key length is closer to 128 bit. Zoom indicates the level of encryption used is Advanced Encryption Standard (AES) 256 bit over TLS 1.2 in Electronic Codebook (ECB) mode. However, in making the right decision about whether to use Zoom for general use, education or telehealth, there are some considerations you need to think about: 1. There is no question that Zoom is performing well when it comes to user experience and break out meetings to support online training and education. A number of vulnerabilities were highlighted by cyber security researchers, which bring into question whether Zoom is a suitable product for organisations to use. One such tool that has received considerable negative media attention is Zoom. The recent events of COVID-19 have seen a significant rise in teleconferencing usage, with many organisations, such as government departments, schools and health practitioners, using a range of tools to support business as usual. The content of the article was updated on Monday 6 July 2020 to reflect Zoom’s latest release. This article was originally posted April 27, 2020.