We are thrilled to announce support for Zoom in the Obsidian CDR platform. Obsidian now enables organizations to safely embrace the leading video communications service as the business critical application it has become. Security teams can get visibility into how Zoom is being used and discover security risks resulting from weak configuration and inappropriate use of video conferencing.
Video Communications Are Now Business Critical
Video communications solutions have become ubiquitous in recent weeks, as essentially all meetings have gone virtual. All the board meetings, employee training sessions, water cooler conversations, happy hours, preschool classes, and virtual goat yoga classes are happening on video. The numbers are staggering. Zoom usage went from 10 million daily users in December to over 200 million in March, according to Zoom founder and CEO Eric Yuan. In a few short weeks, video communications have morphed from a business enabler to a vital communication tool as critical to businesses as email.
Organizations that hadn’t invested in company-wide services and usage policies are under pressure to fill the gap. With the rush to adopt and increasing usage, many security teams are discovering the risks associated with improper configuration and misuse of video communications. While Zoom is the poster child of these risks, they are by no means the only platform with security and privacy challenges. SaaS-based communications applications have often been overlooked by security, but are now front and center.
Many first-time users are still figuring out how to translate in-person meeting experiences to virtual platforms. Questions that are straightforward to answer in physical meetings, become challenging to track on a video conference;
- Can we tell who attended the meeting?
- Can we control who is in the room?
- Did someone unexpected or unknown show up after the meeting started?
- Did someone record the meeting?
Many users haven’t figured out how to “close the doors” of their virtual meeting rooms while making it easy for the right folks to participate. Unfortunately, bad actors are taking advantage of this situation to launch attacks. Cybersecurity researchers recently discovered more than 500,000 Zoom passwords on the dark web for less than a cent each. Some of these accounts for sale belonged to well-known financial services as well as educational institutions.
Over the past few weeks, everyone is talking about unauthorized people joining Zoom meetings and posting inappropriate or lewd messages. Zoombombing, while a serious issue, is just the tip of the iceberg when it comes to damage potential. How about if someone joins a management team call or a board meeting and quietly listens in and records the meeting? These attacks can easily be automated with bots that join unprotected corporate meetings automatically and send recordings to the cloud. Now that is scary.
Secure Collaboration with Obsidian
While businesses are concerned about vulnerabilities in the cloud applications services they are using, an overwhelming majority of security failures are the result of avoidable human error. In order to protect against risks and breaches caused by admins and users, security teams must have visibility. They must ensure that SaaS applications are configured properly and are being used appropriately according to security best practices. Across an organization’s many SaaS apps, this is a big responsibility.
Obsidian helps customers tackle this challenge with posture management and activity monitoring. The Obsidian Cloud Detection and Response platform aggregates, normalizes and enriches data around user access and activity from an organization’s SaaS applications. Obsidian has built deep integrations with leading SaaS-based communications and collaboration platforms such as Slack, G Suite, Microsoft Office 365, and now Zoom. Security teams can monitor users’ activity to protect against accidental oversharing and insider threat, and to detect and respond to account compromise and data breaches.
Obsidian’s Zoom integration lets security teams not only monitor who is using the service, but how they are using it. Obsidian generates insights and alerts related to a variety of risks and threats, including:
- App misconfigurations that violate security best practices
- Risky user behavior that expose accounts to takeover and misuse
- Suspicious logins and inappropriate activity that indicate account compromise or insider threat
This integration between Obsidian and Zoom is the latest addition to a set of rich integrations that Obsidian has built with SaaS-based products such as G Suite, Office 365, Box, Dropbox, Slack, GitHub, and Salesforce to enable secure collaboration in a cloud-first world. Obsidian helps security teams identify permissive or overly broad file sharing, dangerous third party application access, and other data risks.
In a follow-up blog post, we will get into specific security capabilities that Obsidian offers Zoom customers. We are also hosting a 30-minute demo of the platform’s support for Zoom on May 19th at 10am PT with our VP of Product, Sean Borman. In the meantime, if you are interested in learning more about our solution or trying out Obsidian for your SaaS apps, sign up for a demo or drop us a note at [email protected].