DoControl + Zoom: Protecting Business-Critical Recorded Assets

By now you have most likely used Zoom. At this point, your grandparents have probably used it. Founded back in 2011, the video conferencing service came into the mainstream during the coronavirus pandemic. As the world adjusted to new hybrid and remote working models, they turned to virtual communication applications to connect every identity relevant to the business (i.e. internal users, 3rd party vendors/external collaborators, contractors, partners, etc.). While there were a number of alternative solutions, Zoom’s user-friendly platform quickly became the popular choice for personal and professional video conferencing.

In what is now considered the new normal, Zoom meetings became essential to the business. These meetings generate a significant amount of data through video, audio, and text-based files and recordings. The information stored within these recorded assets is often very sensitive in nature; and the risk that becomes elevated is the simple fact that people tend to share sensitive information verbally, as opposed to over text (i.e. email, Slack, etc.).

DoControl is thrilled to extend our integrated technology partner program to include Zoom. This new partnership provides granular data access controls to secure sensitive data within the Zoom application. Our No-Code SaaS Security Platform integrates with Zoom to first gain visibility into specific details on users and cloud recordings, next be able to enforce strong password protection for high-risk users, as well as provide secure access to sensitive video recordings and text-based files, and last but not least establish robust data access control policies to protect sensitive data.

Let’s zoom into the integration in a little bit more detail (pun intended).

1. Enforcement actions: Integrating DoControl with Zoom allows security teams to establish granular data access control policies across every identity and entity within Zoom, as well as all other business-critical SaaS apps (i.e. Google Drive, Microsoft O365, Box, Slack, etc.). We provide a rich catalog of pre-established workflows, that we call ‘playbooks,’ which are fully customizable to whatever triggering events, notifications, approvals, remediation flows, and other conditions that align to your security program requirements. As mentioned above, these recorded files contain highly sensitive information and need to be prioritized from a data security perspective. DoControl’s enforcement actions add a foundational layer of protection as these files are generated in high volume. Security should scale with the business.

‍

Figure 1. Passcode protection for recorded sessions is automatically initiated, every step (approval, remediation, and time-bound element) is configured over an easy to use drag and drop canvas.

2. Personally Identifiable Information (PII) scanning: Data classification gets you closer to isolating the data that is truly sensitive. DoControl provides the ability to scan every individual file for specific keywords or tags that are relevant to your business. Security teams can create workflows that have conditions whereby if a file fails a certain scoring threshold (i.e. 90%) for PII, that triggering event will prevent the distribution of that file. This automation will mitigate the risk of data over exposure and exfiltration, preventing the loss, leakage, and misuse of sensitive Zoom assets.

Figure 2. Recorded files are automatically scanned for PII. Conditions are set for the meeting host to approve the file, if they do not respond within 30 days the file is removed from public access.

3. Visibility: You can’t protect what you don’t know exists. The first thing we do before any enforcement action or any other remediation capability is to provide full visibility into the environment. DoControl provides full exposure to users, assets, groups, domains and more within the Zoom instance. Beyond the automated remediation through enforcement actions mentioned above, within the console security teams have access to self-service tooling. Any anomalies that are surfaced can be addressed immediately, and in just a few simple clicks. 

Read more details on the integration by visiting our marketplace listing, check out the press release, and download the solution brief. If you’re interested in seeing a customized solution demonstration you can request one here. If you’re an existing DoControl customer and want to start taking advantage of this integration, please reach out to your DoControl account team to get started.