Videoconferencing company looks to address criticism over security and privacy
Zoom, which has been the target of sharp criticism over the security of its video collaboration offering just as demand for the technology has skyrocketed, is taking a multi-pronged approach in its efforts to defuse the situation.
The Lowdown: The company is looking to improve the security and privacy of its products while also bringing in outside expertise to help guide it during its 90-day plan to address problems that have come to the forefront in recent weeks.
The Details: In a blog post this week, Zoom Product Manager Deepthi Jayarajan outlined a half-dozen security updates the company is making to its security and privacy features, including making available an option in Zoom meeting controls called “Security.” The icon makes it easier for hosts to find and enable in-meeting security features, including locking the meeting, enabling the waiting room, and removing participants. The icon is only visible to meeting hosts and co-hosts and replaces the Invite button, which is now on the participants’ panel.
In addition, the Zoom meeting ID will no longer be displayed on the title toolbar, preventing outsiders from seeing active meeting IDs, including when Zoom screenshots are posted publicly.
At the same time, Zoom founder and CEO Eric Yuan said in a blog post this week that the company is creating a chief information security officer (CISO) Council and Advisory Board and taking on Alex Stamos – who once had been Facebook’s chief security officer (CSO) – as an outside advisor.
CISOs from such organizations as HSBC, NTT Data, Procore, and Ellie Mae are joining the CISO Council, which will help guide Zoom in such issues as privacy, security, and technology. Within the council will be the Advisory Board that will advise Yuan directly. Security officials from such companies as VMware, Netflix, and Electronic Arts are among the advisory board’s members.
Stamos, who was Facebook’s CSO from 2015 to 2018 and is currently an adjunct professor at Stanford, will be an advisor for Zoom as it conducts a comprehensive security review of its platform, which is part of the company’s larger 90-day plan.
The Impact: With most companies sending employees to work from home in the wake of the COVID-19 pandemic, demand for videoconferencing technology has increased sharply and Zoom has seen its business boom. The company says the number of free users jumped from 10 million to more than 200 million since December and that its app is the most downloaded in Apple’s App Store.
Mounting security and privacy concerns, however, threaten to puncture that success. Strangers have been locating and interrupting Zoom calls in a practice called “zoombombing.” There also have been questions raised about the degree of encryption on the Zoom platform, the company sharing personal data with Facebook, and recordings of Zoom meetings being exposed. Zoom is facing these issues while also competing against the likes of Microsoft, Google, Cisco, and RingCentral, which earlier this month unveiled its own videoconferencing service. Google this week banned employees from using the Zoom platform.
Background: Yuan admitted in an interview with the Wall Street Journal earlier this month that he and the company “messed up” on its security efforts and said he was taking steps to correct the problems. That includes developing end-to-end encryption of Zoom traffic, though the feature won’t be available for several months. The 90-day plan will evaluate and improve security and privacy on the platform, the CEO has said.
The Buzz: “Collaboration across the industry is one of the most effective ways to ensure we are implementing security and privacy best practices,” Yuan wrote in his blog post. “I am truly humbled that — in less than a week after announcing our 90-day plan — some of the most well-respected CISOs in the world have offered us their time and services.”
“We recognize that various security settings in the Zoom client, while extremely useful, were also extremely scattered,” Jayarajan wrote in her blog post. “The addition of this persistent Security icon helps augment some of the default Zoom security features in your profile settings and enables Zoom users to more quickly take action to prevent meeting disruption.”