Educause Security Discussion mailing list archives
Re: Zoom - Penetration Test
From: "Shankar, Anurag" <ashankar () IU EDU>
Date: Fri, 23 Sep 2016 20:14:28 +0000
Sean, Sorry I don’t have an answer for you but we too investigated the possibility of using Zoom (for Telemedicine/PHI) in 2014. We had to move because they said end to end encryption allows them to essentially claim the conduit exception (which we didn’t think they could) and were not willing to sign a BAA. I believe they do now. Regards, Anurag --- Anurag Shankar, Ph.D. Email: ashankar [at] iu.edu Phone: +1 (812) 856-6978 Center for Applied Cybersecurity Research, Pervasive Technology Institute, Indiana University 2719 E. 10th Street, Suite 231, Bloomington, IN 47408 From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Clark, Sean (OIT)" <Sean.Clark () UCDENVER EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Friday, September 23, 2016 at 2:01 PM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Zoom - Penetration Test We are looking to use Zoom for highly confidential data and are asking them, per our usual process for evaluating cloud services for security and complaince, to provide us with evidence of a third party penetration test, and appropriate remediation. Zoom has refused to perform a pen test or provide evidence that a pen test (and remediation) has been performed, but they have said that some of the organizations that use their product have performed pen tests of their app. Have any of you performed a pen test of the Zoom app, or seen evidence of such? Sean Clark Information Security Officer Director of IT Security and Compliance Office of Information Technology CU Denver | CU Anschutz Sean.Clark () UCDenver edu 303-724-0486
Attachment:
smime.p7s
Description:
Current thread:
- Zoom - Penetration Test Clark, Sean (OIT) (Sep 23)
- Re: Zoom - Penetration Test Paul B. Henson (Sep 24)
- Re: Zoom - Penetration Test Nicholas Garigliano (Sep 26)
- Re: Zoom - Penetration Test Shankar, Anurag (Sep 26)
- <Possible follow-ups>
- Re: Zoom - Penetration Test Shankar, Anurag (Sep 23)