The first 90-days of Zoom’s new focus on security has proved successful

Share on facebook
Share on twitter
Share on linkedin
Share on email

When work from home orders started coming from companies around the world due to lockdown’s limiting movement, there was a rush to make use of tools that would make working from home easier.

One of those tools was Zoom, but as the platform saw a tidal wave of people using the service, gaps in the software started to show up.

Many of the issues were related to security which we don’t have to tell you is a big problem.

As a result Zoom announced a feature-freeze for 90-days so that it could focus its engineering resources to address trust, safety and privacy issues.

Now, with those 90-days having elapsed, chief executive officer and founder of Zoom, Eric Yuan, has detailed what improvements have been made to the platform.

“We enacted a 90-day freeze on all features not related to privacy, safety, or security. With all of our engineering and product resources aimed in this direction, we released over 100 features,” Yuan wrote in a blog post.

Many of those features were rolled out in Zoom 5.0 which dropped in late April. These included:

  • AES 256 GCM encryption (available to all users, free and paid)
  • UI updates – Security icon, green encryption shield with datacentre location click through
  • Report a user
  • Meeting defaults – password, waiting room, and limited screen sharing
  • Other features – host disable multiple device login, unmute consent, cloud recording expiration, tighter Zoom Chat controls, and more.

Zoom has also acquired Keybase says Yuan and it has started building end-to-end encryption for all users, free or paid.

But more than this Yuan says that in future, security will be top of mind during the product and feature development phase.

The firm has also conducted a comprehensive security and privacy review which was done by third party experts. These experts included: Lea Kissner, Alex Stamos, Luta Security, Bishop Fox, Trail of Bits, NCC Group, Praetorian, Crowdstrike, Center for Democracy and Technology, and organisations in the privacy, safety, and inclusive spaces.

“The contributions of everyone on this list have been tremendous and we are so grateful for their help,” wrote the Zoom CEO.

Perhaps most importantly, however, given how popular the platform has become, Zoom is preparing a transparency report. These reports give us insight into how many government requests for data Zoom has received.

As TechCrunch points out, Zoom was meant to give us this on 30th June, but that date has passed. We will now get this data in the firm’s Q2 fiscal report.

Other improvements including the creation of a chief information security officer council with leading CISOs in the industry.

“This council, led by our Deputy CIO Gary Sorrentino, has met four times over the past three months and advised on important matters such as regional data center selection, encryption, meeting authentication, and features such as Report a User, Passwords, and Waiting Rooms. The council has proven to be such a success, we will extend this program with CISO Roundtables,” says Yuan.

Zoom now also hosts a weekly webinar where it provides privacy and security updates to its community.

That feature-freeze then was a good move on Yuan’s part. The changes implemented are widespread and it is a good start but the CEO himself notes that this is a long journey.

“I am proud of, and humbled by, the role Zoom has played in connecting the world in crisis, and in all that our team has accomplished in the past 90 days to better secure our platform,” he said.

“But we cannot and will not stop here. Privacy and security are ongoing priorities for Zoom, and this 90-day period – while fruitful – was just a first step. Throughout this report I have provided information on new processes and people that will help Zoom on our journey to becoming the most frictionless and secure video communications platform in the world,” Yuan concluded.

[Image – CC 0 Pixabay]

Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.