Soon came another term – “Zoom bombing” – the practice of uninvited people entering and disrupting meetings and accessing secure content. Whilst catchy, “zoom bombing” raised serious security concerns regarding the platform’s ability to keep users and organisations safe. It didn’t end there, opening up an entire can of security worms – leaving Zoom to announce a 90-day freeze on feature upgrades to focus on security1.
Unfortunately, what this showed for Zoom is that security might well be an afterthought. In this blog, I take a closer look at some of the known – and mostly patched – security vulnerabilities of Zoom and show you how organisations can better safeguard their collaboration by using Microsoft Teams.
Zoom’s early failings quickly made the threat of video conferencing security risks a top issue, with organisations questioning the platform’s ability to protect their users and keep sensitive information secure, and for good reason. It turned out Zoom came with a long list of security risks including:
By late 2020, Zoom released security updates to resolve the above issues – and many more that surfaced throughout the year. However, what couldn’t be patched was the widespread perception that Zoom had never really been developed with security in mind. Rather, it was built to solely facilitate the online meeting.
There’s a reason you’ve never heard the term “Teams bombing”. Microsoft’s commitment to security is in an entirely different league to Zoom – with not only the Microsoft Teams platform but all of Microsoft 365 is “secure by design”. Security is built into the product from the ground up with new security features continuously added to further fortify the platform.
Let’s take a look at what security features you can expect within Microsoft Teams.
Meeting safety and security | Keep your meetings secure by configuring Microsoft Teams to prevent meeting invitations being forwarded to other parties. You can also specify who is able to take remote control and set policies to manage recording access. Organisations can also assess and control the risk of user and device access.
Prevent unauthorised access | Zoom lacks any policies for identifying risky sign-in behaviour and offers no control over the external domains that are either allowed or blocked for guest privileges. Microsoft Teams risk-based policies give organisations the ability to control access specific to the user context, the device health, location and more. You can even control which external organisations have access and what they can see.
Identity Management | This has become increasingly relevant for hybrid workforces. Microsoft Teams allows the organisation to set conditional access and risk-based policies. For example, if a user’s credentials are stolen and access is attempted from an unknown or suspicious location, Microsoft Teams can be configured to invoke additional conditions such as multi-factor authentication.
Block malicious content | Zoom has no safeguards to prevent users from sharing or downloading files with malicious content. Teams’ integrated security on the other hand helps to determine if content is malicious and blocks users from accessing it. You can also regulate access to content with sensitivity labels and protect data with encryption.
Safe Links | There is no link protection in Zoom. In Microsoft Teams, Safe Links – part of Microsoft Defender for Office 365 – offers protection for links in Microsoft Teams conversations, group chats, or from channels (currently in TAP Preview for Microsoft Teams). When enabled, Safe Links check URLs shared via Microsoft Teams in real time against a list of known malicious links. If compromised – when a user clicks the link – they are prevented from visiting the site.
Meeting recording | Policy-based recording ensures you remain compliant with your requirement to record meetings in Microsoft Teams, by allowing you to stipulate when calls and online meetings should be automatically recorded and captured for retention. A comparable feature is not available in Zoom.
As a collaboration platform, Microsoft Teams shares common infrastructure with other Microsoft applications such as SharePoint, OneDrive and Office. This gives Microsoft Teams added protection – benefiting from comprehensive and standardised security policies across the entire Microsoft 365 environment. Some of the standouts include:
Data encryption | Data is encrypted natively within Microsoft Teams – in transit and at rest – and is stored for an allotted time depending on your license.
Microsoft Threat Experts | Experts on Demand is a subscription threat hunting service from Microsoft that provides an organisation with security monitoring and analysis to help ensure you never miss a critical threat in your Microsoft environment.
Microsoft 365 Defender | Protects your entire Microsoft environment to natively coordinate detection, prevention, investigation, and automatic responses to malware or breaches.
Review your Microsoft 365 E3 or E5 subscription and understand which security features you have access to here.
Microsoft Teams comes with a range of built-in controls to help your organisation manage regulatory compliance:
Compliance Communication | This is tightly integrated with Microsoft Teams to help minimise communication risks by preventing negative behaviours like bullying, harassment and threats. Management can configure communication compliance policies so that inappropriate Microsoft Teams messages and content is automatically flagged via alerts.
Legal compliance | eDiscovery helps you to identify, collect and produce information that has been captured in Microsoft Teams. This is particularly helpful if you need to search and retrieve information for an audit, lawsuit or investigation. Legal Hold helps you manage content relevant to a legal case by preserving electronically stored information related to a specific topic or for certain individuals. Both of these features are not available natively in Zoom and require integrations to deploy. Microsoft also provides a range of Australian regulatory and policy compliance documents to help you comply with local policies and regulations.
It’s important to add here that if your organisation is currently using Microsoft 365, you already have access to Microsoft Teams as part your subscription. So, if you’re using Zoom and Microsoft 365, you’re paying for the same thing twice! With access to a secure, powerful and integrated solution – Microsoft Teams – Zoom isn’t worth the additional investment.
Perhaps you’re already aware that you’re paying for multiple collaboration solutions, but you face user pushback with some departments preferring one solution over the other. Consolidating your collaboration platforms, will not only be cheaper but it will make your IT teams day easier supporting and securing just one platform. It will also help keep your staff sane, as people won’t have to struggle learning and switching between different platforms, battling to get their Bluetooth headsets or webcams reconnecting to Teams after a Zoom meeting. Ultimately, you’ll be providing a more seamless meeting experience.
Given the security capabilities discussed, it’s no surprise Microsoft Teams has become the gold standard in the enterprise – hitting a record of 2.7 billion daily meeting minutes – a 200+ percent increase from 900 million on March 16, 20205.
As a Microsoft Gold Collaboration Partner, Data#3 is the safe pair of hands to help you securely collaborate and co-create, providing comprehensive strategies for Microsoft Teams, as well as your broader Microsoft ecosystem.
Contact a Data#3 Microsoft Teams specialist to discuss setting up a Microsoft Teams Foundation for your organisation – a secure environment to test Microsoft Teams security and compliance policies before you start consuming. Or if you’re already living and breathing Microsoft Teams, but think you can do more to ensure it’s secure, ask us about a Microsoft Teams Health Check.