Skip To Content
Search/Translate

Zoom

Jeffco Public Schools has chosen to add Zoom as a supported video conferencing system for staff and student communications. Zoom is an addition to the previously offered WebEx and Google Meet.

We have waited for the enterprise K-12 version of the Zoom platform to be configured and tested before deploying to our users. The enterprise version is being offered for free to K-12s for the rest of this school year.

To use Zoom, we will be registering both of our domains with Zoom (Jeffco.k12.co.us for staff, and Jeffcoschools.us for students) and then rostering our staff users through Clever. Rostering will ensure that user configurations are managed to mitigate against online classroom hijacking (or bombing). We also have access to detailed system logs which allow our Information Security staff to keep our users safe and quickly respond to potential incidents within the system.

Zoom has been in the news a lot lately. They have received a lot of positive press because of their ease of use and cross-platform capabilities which have led to rapid adoption by everyone ranging from late night talk show hosts to grandparents.

Zoom has also received negative press involving security and privacy. The negative press has typically related to Zoom-bombing or technical concerns. Bombing can occur in any conferencing platform where meeting schedulers send meeting IDs to participants. Jeffco’s Zoom system is configured to mitigate against bombing by adding passcodes to meetings by default. Jeffco has also enabled waiting rooms by default to minimize bombings and stop students from joining meetings without a staff member being present.

Our implementation will be governed by Zoom’s K-12 privacy policy. We also intend to apply Jeffco’s data protection agreement to add additional contractual protections to our users.

Zoom adoption is consistent with Information Security’s focus on finding and promoting cloud-based tools that have robust and transparent logging capabilities that are directly accessible by our district administrators along with the following:

  • Identification – We want to ensure that our users are uniquely identified in our systems and that we are using good usernames and passwords so people can’t impersonate us.
  • Least Privilege – We only want to store information in our systems that is necessary. Unnecessary data = unnecessary risk.
  • Data Protections – We want to ensure that our tools are using technologies like encryption to keep data safe at rest and in transit.
  • Privacy – We want to ensure our cloud providers are not doing anything questionable with our data: selling it, sharing it for advertising purposes, or keeping it for longer than necessary.

These are important because we lack many of the compensating security controls our networks and internally hosted systems have provided us for years. We have typically been able to use information gathered from system, device, network, and firewall logs to keep our users safe. Now we really only have our cloud services' security controls to lean on when something goes wrong. We also must assume that all of our providers support lines are incredibly bogged down, which limits our ability to lean on vendor support to make timely decisions when something goes wrong.

Zoom has been quick to accept and adjust to technical concerns with their product. Todd Beardsley from Rapid7 has a great blog post digging deep into all the technical concerns highlighted in the media and Zoom’s responses. Jeffco IT staff will continue to monitor the security and privacy of Zoom and all district supported tools. We will make adjustments, including discontinuing use if necessary, to our online offerings as technologies quickly evolve.

Website by SchoolMessenger Presence. © 2020 Intrado Corporation. All rights reserved.