The situation

Zoom video conferencing has transformed from just another office tool into a daily, and sometimes near-constant business activity. A global pandemic and mass migration to working at home have made Zoom one of the fastest growing apps with meeting participants increasing by 2900% in 2020 alone.

Video conferencing may not always be fun, but it provides a critical aid to continue business during one of the most difficult times of our generation. And because it radically transforms the cost of mass virtual engagement, it is not going to subside—even when we return to our offices.

Any mass adoption of a technology attracts those who want to exploit it for profit or mischief, and Zoom is no different. Zoom went from 10 million daily meeting participants in December 2019 to almost 300 million four months later— an astounding achievement that created a number of painful security headaches.

News stories began reporting on the prevalence of “Zoom bombing”—virtual gate crashing—where random people disrupted meetings. While Zoom created waiting rooms and added other features to help administrators regulate participants and prevent disruption, the fundamental weakness of being able to join a meeting with just a Zoom account and a link wasn’t solved. Researchers pointed out that “the majority of Zoom-bombing cases… began with a participant in the call posting the link publicly and inviting trolls and miscreants to attack it.”

And there was a worse problem than Zoom bombing: eavesdropping. The Citizen Lab, a research institute at the University of Toronto, described Zoom as “a new gold rush for cyber-spies.” Zoom was safe for socializing and lecturing, it said, but was not suitable for any forum where sensitive or secret data and discussion had to take place.

Zoom responded quickly with a new password feature and more secure configuration options but the core vulnerability was not resolved. To require a participant to use a password doesn’t get around the fact that passwords can easily be forwarded by email or hacked directly.

Now consider scale, and the problem becomes the exponential of a headache. You can monitor every attendee on a 10-person call, but what about a hundred attendees—or a thousand or more? 

The best defense is the one you can easily implement to defend yourself—and one that does not require an engineer to implement for every meeting. Digital security must protect people from innocent mistakes like sharing meeting links and passwords.

A solution

As specialists in enterprise digital identity, IdRamp has been securing virtual meeting and collaboration platforms since the early days of web conferencing. IdRamp customers started to raise concerns about Zoom security headlines and wanted a better way to protect their virtual businesses in Zoom. Bak2.life provides simple, easy to use digital security tools. Their customers were also sharing concerns for better virtual meeting security.

To support this need, IdRamp and Bak2.life established a simple goal and solution: Make securing a Zoom event easy with a new service called Zoom Security Groups. Bak2.life now provides a low-cost, low-friction way for any licensed Zoom user to easily secure a webcast or highly confidential virtual meeting. The new application called Bouncer is powered by the Idramp Zero Trust identity platform.

Bouncer features include custom participant permission lists for your organization or multiple organizations, the familiar process of two-factor email authentication, and the latest, most secure tech in zero trust identity—passwordless verifiable credentials. With passwordless verifiable credentials, you can verify an email address with a cryptographic guest pass that the participant stores in a digital wallet. 

With these features and in a few simple steps, Zoom bombing becomes  impossible—even with insider help. Every attendee you invite is verified in real time as they join the event. If they can’t be verified, they can’t join! 

Event security policies can be unique for individual meetings or shared across multiple meetings; for example, you may want different policies for employee and customer events. No coding or API integration is required. No special network configurations or appliances are required. Configuration and deployment is achieved with an easy-to-use interface and just a few simple clicks.

The future

Our goal at IdRamp is to help you achieve Zero Trust security at your pace and without upheaval to your internal systems and processes. When you’re ready to eliminate passwords and improve security across other services, you can update to IdRamp’s industry-leading ecosystem management platform. It provides advanced policy-based filters, automated GDPR consent, custom factors, and verifiable credential management. You can also use the IdRamp platform to create new products and services like the Bak2.life Bouncer.

Our full suite of identity management tools enables you to build powerful Zero Trust ecosystems that plug and play with industry leading identity management systems and enterprise applications. 

Protect your Zoom events. Enable Bouncer today!