Zoom's new security authorization might mean expanded use by defense components
A large number of entities were awaiting this fresh approval, a senior official confirmed.
Videoconferencing and software service platform Zoom for Government recently earned a provisional Defense Department Impact Level 4, or IL4, authorization from the Defense Information Systems Agency.
This designation follows an authorization to operate with conditions the platform achieved last year from the Department of the Air Force, for conducting IL4 meetings.
Such mechanisms are meant to guarantee that the right level of information security is met when government agencies use cloud-driven products and services. Some authorizations are typically issued by impact levels that reflect sensitivities of the information that would be processed via the cloud—and the potential impacts if it were compromised. As noted, Zoom for Government reached IL4, which accommodates controlled unclassified information.
Together, these new approvals will likely enable wider use of Zoom’s capabilities across and beyond Pentagon components.
“Today we have more than 100 active DOD customers and nearly 40 DOD customers who were waiting for this authorization,” Zoom’s Head of U.S. Public Sector Matt Mandrgoc told Nextgov on Tuesday. “In addition, there are a large number of DOD defense contractor partners who are waiting for this same provisional authorization.”
Defense and federal agencies’ usage of videoconferencing software from Zoom and others skyrocketed beginning in early 2020, when organizations across the nation were forced to pivot to remote, teleworking environments to keep personnel safe as the COVID-19 pandemic hit. More recently, Mandrgoc noted, the DOD has reaffirmed a fresh commitment to more hybrid work conditions.
In operation, the Zoom for Government platform utilizes Amazon Web Service’s GovCloud and U.S.-based co-located data centers.
Though complex engineering was required, the approval pursuit for its latest designation was relatively smooth, in Mandrgoc’s view.
“Once the DISA Joint Validation Team engaged with us regularly, Zoom for Government moved through the process in less than six months,” he said.
With that provisional authorization from DISA, all of the platform’s services—Zoom Meetings, Zoom Phone, Zoom Chat, Zoom Webinar, Zoom Rooms and the Zoom client—will be available for use by military and defense civilian organizations requiring IL4-authorized solutions. A service will essentially operate through the Non-classified Internet Protocol Router Network or NIPRNet, the DOD network for exchanging “sensitive but unclassified” information and data.
“Zoom Phone is one of very few cloud phone systems that meet this impact level,” Mandrgoc noted. “The addition of Zoom Phone in the provisional authorization opens a great opportunity for DOD and Defense Industrial Base workforce to move off legacy on-premise systems.”
The ATO-C for IL4 from the Air Force permits—with conditions—the use of Zoom for Government at that impact level—without the reliance on the NIPRnet via the internet—provided that the host administers the conditions set by the authorizing official.
Looking ahead, it also appears that the company is relatively interested in expanding its authorizations across further classification domains, including IL5 and IL6 for hosting more sensitive government information and secrets.
“We are a customer-first platform, so if those levels are being requested we will strive to achieve them. We have been in dialogue with missions wanting us to fill a gap at higher impact levels. Secure communication is critical to the mission of DOD, and we are committed to serving that mission,” Mandrgoc said. “We are honored to support the White House, for example, for important collaboration on matters of national importance.”