Zoom is serious about cybersecurity, and Warmly was up for the challenge of meeting Zoom’s security needs by investing early.
Execution
Zoom assessed Warmly on three aspects: governance, cybersecurity management and technical implementation of cybersecurity.
To investigate the governance capabilities of Warmly, the Zoom assessment team collected evidence of business structure, operational policies, cybersecurity policies, risk transference tools such as insurance and documentation of organizational structure.
It was important to Zoom to understand from Warmly the way their technology connected to users and the type of information that was collected. Warmly, while early-stage, brought on a CISO via VioletX and accomplished both GDPR and CCPA to meet Zoom’s expectations of enterprise-level data privacy practices.
The technical assessment of Warmly included an evaluation of their attack surface, which included a vulnerability assessment and a penetration test of the Warmly application and web presence.
Zoom and Warmly collaborated on observations that required remediation to align Warmly with the expected security posture of Zoom’s partners. In addition, Warmly provided a detailed architecture of their environment so that Zoom Cloud could clearly visualize the placement of security controls, in addition to the flow of information in and out of the Warmly environment.
Zoom is responsible for the secure communication of billions of meetings across the most prominent companies in the business ecosystem, as the primary platform that hosts the remote-workforce revolution. For this reason, their security process goes beyond that of asking for a SOC2. While many companies today rely simply on documents like a SOC2 report, Warmly was vetted with live data requests and a deep look into their technology.
The level of assurances required to allow a product such as Warmly into the Zoom app ecosystem is an essential part for Zoom to maintain the confidentiality and integrity of its application when integrating with platforms like Warmly.
What our clients say.
I’ve worked with VioletX across 2 companies now and they’ve provided thorough guidance, documentation and training that has allowed us improve our security policies and process. In healthcare, security is such an important component and VioletX helped us to get a deep, nuanced understanding so we could know where we’re at today and how to enhance our system as our business grows.
VioletX has been wonderful to work with. They are extremely responsive and professional. VioletX gives us the peace of mind that our data is safe.
An incident response plan is critical for any business to continue operations in the event of an emergency, especially in the case of a cybersecurity attack. Using realistic scenarios, VioletX's insights helped ServiceTitan staff to understand the nuances that result in a successful incident response. One that reduces downtime, maintains public trust, and follows regulatory compliance.
Working with VioletX is a great experience. They are responsive, collaborative and knowledgeable during all stages of our engagement. I am very grateful for their willingness to educate not only me but my entire company on the importance of cybersecurity. Ten out of ten would recommend to others!
VioletX does not try to force fit us into a rigid philosophy. When we found them, we had turned down many vendors. They were the first to say, "We are going to build something that fits you."
My leadership team told me that we were
passively shopping to be acquired. Things moved fast and I needed backup. VioletX professionalized our program in month.
Working with a Virtual CISO has given me the opportunity to take on cyber for my company. Vx fills in the blanks of information I don't know and I can take it from there.
I like to approve of every legal agreement that leaves our company. That said, hiring VioletX has been a huge weight off. I trust them to navigate customer closes for me.