Proactive Zoom Security Measures

Dear Colleagues: 

You may have read recent articles and news stories regarding security and privacy concerns with Zoom. As much of what we previously did face-to-face is now happening over Zoom, it’s important we understand what potential security issues exist within this platform, how some of these concerns may be addressed by enabling existing Zoom security features, and the new measures Zoom is taking to protect its users. SJSU IT and eCampus is committed to working with faculty, students, and staff to ensure appropriate security precautions are in place and to relaying our community’s concerns to Zoom.     

SJSU IT is actively monitoring news coverage of Zoom. Our Information Security Officer and Zoom account administrator are reviewing reports from information security researchers who have uncovered and documented vulnerabilities as they are published. We are in daily contact with other CSU Zoom administrators, Information Security Officers, and security industry leaders to ensure we understand the ramifications of any issues.  

eCampus and SJSU IT Resources
SJSU IT and eCampus have created an extensive Zoom FAQ, available here, answering questions found on various websites and forums. Ongoing training for Zoom is available from eCampus and within the next few days. eCampus will also be rolling out new training for faculty on Zoom security, privacy, and the Do’s & Don’ts of working with Zoom. We’re also sharing a quick-reference Do’s and Don’ts sheet.

SJSU IT Proactive Changes to Zoom Defaults
To improve overall Zoom meeting security and control who joins a Zoom meeting, we will be changing the default setting to only allow authenticated users to join meetings. This will require all participants to authenticate to SJSU Single Sign On before entering a meeting. Hosts will be able to change this default setting to not requiring authentication when scheduling a meeting with external participants. Please look for a message in the next few days with additional details and the specific date this change will be made. 

Zoom’s New Security Toolbar Icon for Hosts
Meeting hosts will now see an option in the Zoom meeting controls called Security. Visible only to hosts and co-hosts of Zoom Meetings, the new Security icon provides easy access to several existing Zoom security features. The Security icon replaces the Invite button in the meeting controls. The Invite button has been moved to the Manage Participants panel, and hosts can add additional guests there. This new icon will help hosts quickly find and enable many of Zoom’s in-meeting security features.

Zoom toolbar with new security button

By clicking the Security icon, hosts and co-hosts have an all-in-one place to quickly:

  • Lock the meeting
  • Enable the Waiting Room (even if it’s not already enabled)
  • Remove participants
  • Restrict participants’ ability to:
    • Share their screens
    • Chat in a meeting
    • Rename themselves
    • Annotate on the host’s shared content

Google Hangouts Meet Added to Canvas
In order to provide our faculty with additional options who are hosting small-session discussions, eCampus and SJSU IT have enabled Hangouts Meet as an option in Canvas.

It is also important to note that the Chancellor’s Office carefully assessed Zoom’s security provisions during the procurement process and ensured that the systemwide contract prohibits the company from selling personal data from any member of our CSU community. Based on what is known today, the Chancellor’s Office does not perceive that Zoom puts students’ staff or faculty members’  privacy at risk when used with good practices.   

While we use Zoom as part of our CSU-provided and vetted set of online tools, we are not advocating for Zoom. It is up to individual community members to decide if Zoom is the appropriate tool for their needs. To assist you in making this important decision, SJSU IT has developed and shared a frequently asked questions and answers document relating to Zoom use, privacy, and security and will keep you up-to-date on any Zoom issues that may impact our SJSU community. If you have any questions, please do not hesitate to reach out to us.  

 

Best regards, 

Hien Huynh
Information Security Officer

Simon Rodan
Professor, College of Business, Statewide Senator and liaison to the statewide Information Technology Advisory Committee  

Bob Lim
VP Information Technology and Chief Information Officer 

Ahmed Banafa
Cybersecurity Expert and Faculty member at the College of Engineering

Leslie Albert
Associate Professor, College of Business, Director of the Center for Organizational Resilience

Google Cloud Platform Workshop

In a first among the CSU system, Google partnered with the SJSU IT Division to host a workshop on some cutting-edge cloud technologies: Artificial Intelligence, Machine Learning, Decision Learning, and Data Engineering. Close to 500 Spartans (including students, faculty, researchers, and staff) signed up to attend the January 8-11 event in Clark Hall, though we could only fit 50 into a packed room. The workshop brought one of Silicon Valley’s biggest tech giants to campus and augmented academic knowledge with hands-on opportunities from a field expert, delivering on IT’s promise to bring enterprise-grade academic technology advancement to SJSU.

In a follow-up survey, 100% of respondents rated the workshop as Very Good or Excellent and 100% said they would attend a future workshop hosted by IT.  “The content of the workshop is very informational and advanced in the cloud platform field. The hands-on labs are interactive exercises those make me understand the concepts well and be involved in the learning process,” said one.

When asked valuable the session was in supplementing academic knowledge, 90% of the responders rated the workshop Very Good or Excellent. SJSU IT looks to roll this success forward into future events. Participants in the workshop expressed interest in a number of other topics for possible future workshops, with Artificial Intelligence and Blockchain leading the way followed by Cybersecurity and Virtual Machines.

Google’s instructor remarked that the attendees at SJSU were some of the quickest, most engaged he’s worked with. The feeling was mutual, with one attendee stating, “The instructor was very knowledgeable with what he teaches and gives very good presentations. He was very helpful with the labs.”

While many of participants were SJSU students, there were plenty of researchers, faculty, and staff, all gaining practice and experience with enterprise-level tools to carry into the classroom or implement within the university’s IT and research infrastructures. “Overall the topics covered on GCP was exceptional. SJSU is currently exploring the implementation of cloud-based BI and Predictive analytics strategy. The timing of these workshops is just perfect and they allow the technical team to perform comparisons and benchmark for the ideal solution that is beneficial to SJSU,” said Ravi Pisupati, a Senior Analyst & Project Manager with SJSU.

Thank you to everybody involved in making this event a success. It certainly didn’t go unnoticed, as one attendee commented, “The room had a speedy WIFI connection and wonderful setup screens. Thanks for organizing everything so well for us. Their effort and hard work made the intensive experience much easier.” I could agree more and want to specifically thank Joseph Chou and Willie Simon for their work on this event.

Best Regards,
Bob Lim