Overview
IdRamp provides identity orchestration for a multi-cloud, decentralized, Web3.0 world. We automate the composable enterprise so your organization can deploy applications and services wherever you want, using the identity features you need. IdRamp provides Zero Trust control over disparate multi-cloud environments, ID systems and applications. We combine traditional identity management with the latest web3.0 innovation and blockchain identity and design distinct user experiences with any combination of features, including biometrics, fraud detection, MFA, document proofing and much more.
Supernova Award Category
Digital Safety, Governance, Privacy, and Cybersecurity
The Problem
Zoom video conferencing has transformed from just another office tool into a daily, and sometimes near-constant business activity. A global pandemic and mass migration to working at home have made Zoom one of the fastest growing apps with meeting participants increasing by 2900% in 2020 alone, and with it VTC hijacking– also called “Zoom bombing”— virtual gate crashing or interrupting a digital meeting by saying or showing things that are offensive, obscene or racist. It is usually conducted one by an anonymous intruder, who wants to cause chaos and disrupt a meeting in progress. While Zoom created waiting rooms and added other features to help administrators regulate participants and prevent disruption, the fundamental weakness of being able to join a meeting with just a Zoom account and a link wasn’t solved. Researchers pointed out that “the majority of Zoom-bombing cases… began with a participant in the call posting the link publicly and inviting trolls and miscreants to attack it.”
The Solution
IdRamp customers started to raise concerns about Zoom security headlines and wanted a better way to protect their virtual businesses in Zoom. IdRamp and Bak2.life established a simple goal and solution: Make securing a Zoom event easy with a new service called Zoom Security Groups. Bak2.life now provides a low-cost, low-friction way for any licensed Zoom user to easily secure a webcast or highly confidential virtual meeting. The new application called Bouncer is powered by the Idramp Zero Trust identity platform. Bouncer is a practical, easy-to-implement security tool that allows you to prevent unauthorized access, improve Zoom security, and eliminate the risk of sharing Zoom links. With Bouncer, Zoom meeting hosts can scale security to any meeting size, protect paid virtual events, and add powerful new security features to any Zoom account. In short, the solution validates and certifies meeting attendees, to ensure that only users that have been authenticated can access a room.
The results
Before, Zoom bombing attacks were so common that back in 2020, the FBI‘s Boston office warning in 2020 that it had “received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.” Now, Bouncer customers have total control over who attends their meetings, even if the private meeting link has been shared with others. If someone doesn't meet the security levels set by the administrator, and cannot be authenticated, they don’t get in. Period.
Metrics
Currently, Zoom has come out as one of the top VTC solutions. The tool boasts over 200 million daily users currently. Almost all calls for zoombombing target meetings happening in real time (93% on 4chan and 98% on Twitter), suggesting that these attacks happen in an opportunistic fashion and that zoombombing posts cannot be identified ahead of time, allowing defenders to prepare.
The Technology
Bouncer features include custom participant permission lists for your organization or multiple organizations, the familiar process of two-factor email authentication, and the latest, most secure tech in zero trust identity - passwordless verifiable credentials. Passwordless verifiable credentials are a quick and easy way to verify an email address with a cryptographic guest pass. With these security features Zoom bombing becomes impossible - even with insider help.
Disruptive Factor
In August 2021, Zoom reached an $85 million dollar settlement over user privacy, related to 'Zoombombing'. This type of disruption has an answer and that is Bouncer.