Zoom Video Communications : The Role of Trust in the New World of Work

Security & Privacy, Thought Leadership, Zoomtopia

The Role of Trust in the New World of Work

Hillary Ross

September 23, 20216 min read

Today's cybersecurity landscape is more complex than ever before. Businesses are hoping to implement and scale new ways of working while building a flexible yet effective security strategy.

At this year's Zoomtopia, our security and privacy thought leaders explored this complicated landscape, discussing new Zoom enhancements designed to mitigate risk, offering insights, and exploring the role of trust in the new world of work. Here are some highlights:

The "Keys" to Enhancing Your Security With Zoom

"It feels like every other day there's a new headline of an enterprise under attack from ransomware," said Karthik Raman, Principal Product Manager at Zoom, setting the scene for the first security session at this year's Zoomtopia.

With enterprises grappling with such nuanced threats, Raman reflected that many must be asking themselves, "How do I make rational investments in my vendor portfolio to diminish enterprise risk instead of adding to it?" He, along with Max Krohn, Head of Security Engineering at Zoom; and Aurora Brigham, Lead Product Manager at Zoom, strived to answer that question. They presented three upcoming Zoom defense-in-depth technologies designed to help people make rational investments: end-to-end encryption for Zoom Phone, our BYOK offering, and Verified Identity.

Starting with the evolution of Zoom's E2EE offering and ending with a look ahead at Zoom's long-term identity attestation and verification strategy, this Zoomtopia session showed that Zoom's evolving security strategy is rooted in one goal: be a platform built on trust.

Evolving Privacy and Compliance Policies and Programs for a Growing Platform

Chief Compliance, Ethics, and Privacy Officer Lynn Haaland sat down with Head of Product Security and Privacy at Zoom, Rod Schultz, to talk through a unique topic: how do you maintain a comprehensive privacy and compliance program in the face of massive scale?

Haaland, whose background spans from the U.S. Department of Justice to PepsiCo, walked us through her decision-making process and the best practices she's garnered during her career. These tips included:

• Set the compliance team up as a resource
• Connect with your cross-functional teams and collaborate on translating requirements into a reality to create a smooth process
• Communicate the business value, efficiency, and cost savings that come from mitigating risk
• Continue to innovate and bring new ideas within a regulatory framework
  • As an example, Zoom recently released tools - such as in-product privacy notifications and the Active Apps Notifier - that are designed to provide users awareness of what's exactly happening with their data

Discover all of Haaland's thoughtful recommendations and her unique perspective in the session's on-demand recording.

CISO Expert Panel: Security for the Hybrid Workforce [Link]

Many leaders are examining what it takes to build a flexible working model, but this new approach raises a few security questions. Gary Sorrentino, Deputy CIO at Zoom, explored these questions along with a panel that featured Jason Lee, CISO at Zoom; Joanna Burkey, CISO at HP; and Vugar Zeynalov, CISO at Cleveland Clinic Health System. The group discussed a range of topics, including tips for securing a hybrid workforce, the threats emerging during this time, and how to attract and retain top talent.

Here are a few standout recommendations from the CISO panel, all of which you can find in the on-demand recording:

Security tips for hybrid work

"As people start looking at going hybrid, there are really three things I believe are important and you need to maintain secure control over: company data, devices, and identity and access management." - Jason Lee, CISO at Zoom

The threat landscape

"If I look for a common thread in some of the new attack vectors, we're seeing complexity targeted a lot. Attackers are smart, and they know how interdependent our partner ecosystems are, they know how intertwined supplier systems and the exchange of data can be…Hybrid work is complex due to the various ways it can manifest. Now we have to look at that complexity and look at the exposures for our specific ways of working." - Joanna Burkey, CISO at HP

Attracting and retaining talent

"We've partnered with HR to establish a talent pipeline from local communities and universities, as well as develop a success profile to define skills and capabilities to identify candidates that would be successful in our culture. For existing professionals, train them so they can leave yet treat them so they don't want to." - Vugar Zeynalov, CISO at Cleveland Clinic Health System

APAC & EMEA security roadmap sessions [Link]

Both APAC and EMEA security roadmapping sessions, led by Sergio Aguilera, Head of Solutions Engineering, APAC; and Peter Sany, CIO Advisor for DACH, explored Zoom's security journey - what we've done and what's next.

The presenters walked through features and updates since last year's Zoomtopia, such as end-to-end encryption, the Chat Etiquette Tool, archiving, Active Apps Notifier, and more. They also explored the aforementioned new Zoom security enhancements: end-to-end encryption for Zoom Phone, our BYOK offering, and Verified Identity.

EMEA - Data Privacy at Zoom

Deborah Fay, Deputy General Counsel; and Glory Francke, Sr. Counsel, led a compelling session on Zoom's approach to data privacy, discussing our methodologies and approach to operationalizing privacy. The approach is organized by three elements: people, program, and process.

People

• We strive to make privacy personal by increasing our in-house privacy expertise and growing and expanding our privacy team.

Program

• We are reimagining our approach to training, with the goal that every Zoomie becomes a privacy pro and we can build a data stewardship culture.

Process

• We're strengthening Zoom's privacy muscles by improving our 'privacy by design process,' which is designed to improve privacy controls and transparency for our users.

We know privacy isn't a project that's ever complete, it's akin to maintaining good health - it requires an ongoing effort.

Stay in the know

Whether you're looking for new features or unique industry insights, we hope these Zoomtopia sessions helped you learn a bit more about our approach to security and privacy here at Zoom, and how trust informs everything we do.

To learn more about Zoom privacy and security, explore our Trust Center.

Don't forget to share this post