������ý

“Employees and students at ������ý can feel safe when using Zoom,” says Monika Allöv Andersson, responsible for the Zoom service at ������ý IT Department. “No traffic moves outside of Scandinavia and no data are stored in the cloud. Furthermore, the use of SSO login (KauID) further strengthens security.”

In the latest version of Zoom there is a new tool where you quickly can set up security settings for a meeting, which makes it easier to handle any uninvited guests.
Monika Allöv Andersson also has a few additional tips on what users should think about.

“Problems with Zoom-bombing can easily be resolved by the users themselves by
setting up passwords for meetings. Also, be careful not to spread the link in social media or other public spaces.”

More about Zoom via SUNET

• SUNET’s Zoom does not run in Zoom’s general cloud solution, but via separate infrastructure. At the moment, a mix of an organisation’s own hardware and AWS (Amazon Web Service) is used in Sweden. When the pressure on the service eases off, the AWS part will be discontinued and only the organisation’s own infrastructure will be used.

• SUNET’s Zoom uses Swamid (federated login) for identification, which means that passwords are not stored in the Zoom service. This means that cases of hacked Zoom passwords do not affect SUNET’s Zoom.

• Zoom’s flaws in terms of encryption were difficult to exploit in practice and these have now been corrected through an upgrade of the Zoom client. The flaw in so-called end2end encryption remains, but it is difficult for an attacker to exploit it in practice.

• There is a chain of GDPR agreements between Zoom, via NORDUnet, SUNET and the university, but SUNET does not transfer any sensitive personal data to Zoom (e.g. personal identity numbers).