SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Quantum Computing
#
Cloud Services
#
Productivity

Zoom launches post-quantum encryption to secure user data

Thu, 23rd May 2024
Author image
By Shannon Williams, Journalist

Zoom has announced the enhancement of its security framework by introducing post-quantum end-to-end encryption (E2EE) in Zoom Workplace. This development makes Zoom the first Unified Communications as a Service (UCaaS) provider to implement such advanced encryption in video conferencing.

The rollout of post-quantum E2EE is presently available for Zoom Meetings, with Zoom Phone and Zoom Rooms expected to follow suit. This move addresses the increasing necessity to safeguard user data against advanced adversarial threats. One significant threat, identified as "harvest now, decrypt later," involves attackers capturing encrypted network traffic with the intent to decrypt it later once quantum computing becomes more powerful.

Zoom's initiative aims to protect user data from potential future threats posed by quantum computers capable of breaking classical encryption. While these potent quantum machines are not yet generally available, Zoom's proactive stance upgrades its encryption algorithms to withstand such advanced threats whenever they materialise, be it five years from now or later.

Michael Adams, Chief Information Security Officer at Zoom, remarked, "Since we launched end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022, we have seen customers increasingly use the feature, which demonstrates how important it is for us to offer our customers a secure platform that meets their unique needs.” Adams added, "With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected.”

When E2EE is enabled for meetings, Zoom's system only provides participants with access to the encryption keys needed to secure the meeting. This protocol applies to both post-quantum E2EE and standard E2EE. As Zoom’s servers do not hold the required decryption key, any encrypted data relayed through them remains indecipherable. To further guard against "harvest now, decrypt later" attacks, Zoom's post-quantum E2EE employs Kyber 768, an algorithm being standardised by the National Institute of Standards and Technology (NIST) under the Module Lattice-based Key Encapsulation Mechanism (ML-KEM) in FIPS 203.

Zoom’s upgrade underscores its commitment to evolving its security measures in tandem with changing technological threats, ensuring continued user protection. The initiative reflects Zoom’s broader mission to deliver a secure, efficient platform for modern workspaces. Zoom Workplace, powered by Zoom AI Companion, integrates solutions such as meetings, team chat, phone, scheduler, whiteboard, spaces, and more, aimed at optimising communications, productivity, and employee engagement.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Proofpoint launches AI-driven Digital Communications Governance solution
Blackwired unveils ThirdWatch to combat direct cyber threats
Exclusive: Bugcrowd's Nick McKenzie discusses the evolving role of CISOs
Rubrik partners with Cisco to enhance cyber resilience strategies
BigID & Cohesity expand partnership for enhanced data security
Top stories
Forescout's 2024 H1 Threat Review reveals surge in cyber threats
Andre Schindler promoted to SVP at NinjaOne amid growth
Absolute Security acquires Syxsense to boost resilience platform
The GRC Group acquires Pentest People to expand cyber division
Cybercriminals use legitimate software for attacks increasing