RingCentral Meetings Security Response

RingCentral has offered video conferencing capabilities with RingCentral Meetings which are powered through our partnership with Zoom. Because we are a Zoom partner, many of their security related questions are ours as well. We want to help our customers understand the recent Zoom security and privacy questions that have dominated press headlines and let you know what we are doing to help mitigate risks for RingCentral Meetings users.
In addition, since we’ve recently launched our own video conferencing solution, called RingCentral Video, we also want to take the opportunity to explain our overall security and privacy measures at RingCentral.
At RingCentral, our relentless focus has always been on reliability, privacy, security, and transparency. Rest assured, we view this focus as the foundation of success - for both RingCentral and our customers.
Q: What can I do to help keep my RingCentral Meeting sessions secured?
A: There are a number of best practices that RingCentral recommends for ensuring that your meetings are as secure as possible. Please reference the following knowledge base article to learn more about how you prevent meetings abuse: RingCentral Meetings Security Features for Preventing Meeting Abuse.
Q: What are the current security advisories for RingCentral Meetings?
Q: What is RingCentral’s approach to security?
A: As a cloud company, we look at cyber security in four dimensions - Enterprise, Cloud, Product, and Customer Trust. We approach each as an essential priority to our business. We know that a strong company, and a strong service for our customers, requires muscles in each of these areas.
  • Enterprise Security: We have a multi-layered security strategy and implement a series of organizational, technical and operational cyber security measures. Throughout the year we engage in many security activities across the company. We measure several metrics to give us visibility into various dimensions of our cyber security. Throughout the year we perform multiple security assessments of various types, cyber security governance activities, and enterprise risk management activities.
  • Cloud Security: We employ several types of security technologies throughout our infrastructure and service environments, and our service operations includes a number of security activities.
  • Product Security: We perform a series of ongoing application security activities, testing our products’ security at multiple phases of the software development life cycle, using internal and external expertise, using a combination of commercial products, manual testing methods, and third-party assessments.
  • Customer Trust: We regularly engage in security audits using multiple audit firms and multiple frameworks, and we share multiple audit reports with our customers.
Q: How do you provide customers with transparency regarding RingCentral’s security?
A: Independent third-party verification and honest and transparent communication are the best ways to ensure we are continuing to provide our customers with the best transparency and assurance, not just the best security, in the industry. Each year we undertake multiple annual security audits, working with multiple audit firms, and using multiple frameworks. Our annual audits include SOC2 and SOC3. Our SOC2 audit report is available upon request and our SOC3 report is posted on our website. Our audits include the applicable HIPAA safeguards and the applicable requirements set forth in the FINRA regulations S-P (17 CFR §248.30) and S-ID (17 CFR §248.201). We have achieved and maintained our HITRUST certification for multiple years.
Q: What is RingCentral’s approach to data privacy?
A: Privacy is important, and transparency around data privacy is a golden rule here at RingCentral, as it needs to be for every company. When it comes to privacy, we protect the personal data of those who use our services and process customer data in accordance with our Privacy Notice. Privacy at RingCentral is an evolving program, adaptive of new laws and regulations, with a dedicated Privacy department. Similarly to how we approach security, we pursue data privacy with rigor and a dedication to continuous improvement. RingCentral complies with the privacy and security requirements of the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and HIPAA.
Q: How does RingCentral approach encryption?
A: Since unified communications involves multiple endpoints, it’s important to make sure encryption extends beyond data in a data center. At RingCentral, we implement encryption in our software and mobile apps. We use industry standard encryption with well-understood implementation designs. Depending on the communication modality, we use TLS, SIP over TLS, SRTP, and DTLS.
Q: Should end-users of RingCentral Meetings powered by Zoom be concerned about security and privacy, and what can users do to reduce any occurrence of ‘Zoombombing’?
A: Regarding RingCentral Meetings, two highly publicized issues are that Zoom’s iOS application shared certain user data with Facebook via an SDK in a manner that wasn’t clear in their privacy notice, and that Zoom had inadvertently routed some customer traffic through China. We want to report that neither of these issues are present in RingCentral Meetings. There have been other reported issues recently, for example of unauthorized participants (aka Zoombombing) entering Zoom meetings.
With respect to Zoombombing in particular, some effective security measures you should use in every RingCentral Meeting:
  • 1. set passwords for your meetings,
  • 2. lock your meetings once all of your participants have joined and
  • 3. use the waiting room feature to control participant access to your meetings,
  • 4. Set advanced sharing options to control who can share and when they can start sharing
Over the past several days, Zoom has announced several updates like as a default requiring passwords for every meeting, and we will work quickly with Zoom to apply these updates to RingCentral Meetings.
Q: What is RingCentral doing to continuously innovate and invest in security and privacy for its new RingCentral Video?
A: RingCentral Video is built on a new, state-of-the-art, high-availability infrastructure that leverages years of RingCentral’s experience as a global UCaaS leader for secure and reliable communications. Leveraging WebRTC, RingCentral Video enables a secure meeting experience without the need for browser plug-ins. Because WebRTC is an open standard, the security design is transparent and open to peer review. With WebRTC being part of the browser, updates are delivered quickly and as part of updating your browser.
Close X