Why does Informatica use Zoom?
Zoom is a secure video conferencing system that protects Informatica information and meets our compliance, regulatory, and customer data security requirements. As a cloud-based system, it offers scalability and feature deployment capabilities not possible with on-premise solutions. As part of the evaluation we did 2 years ago, the network encryption capabilities and flexibility in the security defaults and options met our SOC2, HIPAA, GDPR and other contractual and regulatory requirements. Many of the security settings Informatica chose to enable in our enterprise-wide rollout are not available in the free-tier version, and other settings have been enabled and locked to prevent employees from putting Informatica and customer data at risk. Additional security can be applied at the discretion of the Informatica meeting host.
Has Informatica had any security issues with Zoom?
Over the past 12 months, Informatica has hosted over 400,000 Zoom meetings, with 2.4 million participants and consumed over 88 million meeting minutes. We have had no reports of toll fraud, malware distribution, system compromise, session hijacking or “ZoomBombing”. Informatica uses the enterprise version of the Zoom service, which enforces stronger defaults and security settings not available in the free-tier version – which is what has caused most of the noise in the press.
How does Informatica keep Zoom secure?
Informatica continuously monitors our Zoom usage and deployed endpoints to ensure Informatica information remains secure and safe. Here’s a few of the security measures Informatica IT and Security teams use to keep customer and employee data safe while using Zoom:
-
Secure meeting hosting defaults.
-
All Informatica-hosted meetings that enforce “Join Before Host” also require that the host authenticate to the meeting to prevent impersonation;
-
Encryption is enforced and cannot be disabled where technically possible (e.g. analog phone calls cannot support encryption);
-
To prevent impersonation, employees cannot change their Zoom account names, but meeting attendees can update their display name if authorized by the meeting host
-
Zoom’s built-in session recordings are disabled by default, can be enabled by the host, and storage is defaulted to the zoom cloud to prevent inappropriate access. As with any video conferencing technology, there is nothing to prevent an attendee from recording a session they’ve been invited to attend;
-
Employees cannot change the authorized toll-call regions to limit the potential for toll fraud.
-
- All IT-managed applications and endpoints are monitored for suspicious changes. As part of Informatica’s Global Security Office monitoring responsibilities, the injection of malware, or suspicious changes to any IT-managed binary such as the Zoom application, would trigger alerts to the Informatica Security Operations Center, to prevent malware from tampering with the zoom binaries.
- User education training. Globally-accessible articles, updated regularly by IT and the Global Security Office contain security best practices and instructions on how to use other, optional security settings within Zoom. Note that many of these settings are not available within the free version of the Zoom service.
Why are some companies banning the use of zoom or prohibiting it from being installed?
Some highly-regulated customers prohibit the use of any software that is not managed by their IT department. Banks and financial institutions, including some Informatica customers, prohibit their teams from installing Zoom on their laptops and request that any meetings be conducted over their video conferencing platform. They have specific requirements around record-keeping and audit trails of conversations, for example. Other companies, outside of regulated industries, will make policy decisions based on their own criteria.
If a customer’s company has banned Zoom, what alternatives should we use?
We do not offer an alternative to Zoom at this time. If the customer's policy is that the use of Zoom is prohibited, private classes may be hosted on the customer's provided system. Informatica does not prohibit the use of customers' systems like Skype, WebEx, etc. For public training, students occasionally choose to use their personal PC or Laptop.