Zoom assessed Warmly on three aspects: governance, cybersecurity management and technical implementation of cybersecurity.
To investigate the governance capabilities of Warmly, the Zoom assessment team collected evidence of business structure, operational policies, cybersecurity policies, risk transference tools such as insurance and documentation of organizational structure.
It was important to Zoom to understand from Warmly the way their technology connected to users and the type of information that was collected. Warmly, while early-stage, brought on a CISO via VioletX and accomplished both GDPR and CCPA to meet Zoom’s expectations of enterprise-level data privacy practices.
The technical assessment of Warmly included an evaluation of their attack surface, which included a vulnerability assessment and a penetration test of the Warmly application and web presence.
Zoom and Warmly collaborated on observations that required remediation to align Warmly with the expected security posture of Zoom’s partners. In addition, Warmly provided a detailed architecture of their environment so that Zoom Cloud could clearly visualize the placement of security controls, in addition to the flow of information in and out of the Warmly environment.
Zoom is responsible for the secure communication of billions of meetings across the most prominent companies in the business ecosystem, as the primary platform that hosts the remote-workforce revolution. For this reason, their security process goes beyond that of asking for a SOC2. While many companies today rely simply on documents like a SOC2 report, Warmly was vetted with live data requests and a deep look into their technology.
The level of assurances required to allow a product such as Warmly into the Zoom app ecosystem is an essential part for Zoom to maintain the confidentiality and integrity of its application when integrating with platforms like Warmly.