Securing video communications
Rising work-from-home (WFH) trends pushed Zoom into the spotlight like never before. With daily active users increasing dramatically to 300 million from 20 million, Zoom was on a roll. Success came at a steep price however because Zoom’s security came into question.
Zoom’s Head of Enterprise at APAC, Raagulan Pathy said, “On April 1, 2020, we pledged to make a number of enhancements to address security and privacy concerns, and we hired several security experts, including Jason Lee, former Salesforce Senior Vice President of Security Operations as Chief Information Security Officer. We also saw Alex Stamos joining Zoom in the capacity of an advisor. “
According to him also, a Zoom CISO Council and Advisory Board, have engaged in an ongoing dialogue about privacy, security, and technology issues and best practices — to share ideas, and collaborate.
“As a result, at the end of the 90-day plan, we released over 100 features to improve privacy, safety and security, including Zoom 5.0, which saw AES 256-bit GCM encryption enabled for all meetings, reporting functions, and the implementation of passcodes and waiting rooms as default settings for meetings. We also enabled customised data routing by geography, and acquired Keybase to start building end-to-end encryption for all users,” he said.
Raagulan shares further major developments for the Zoom platform, with Enterprise IT News.
EITN: What are the top major developments for the Zoom platform?
Raagulan: Since the stay-at-home mandates began rolling out in early 2020 due to the Covid-19 pandemic, Zoom has witnessed a surge in users as people across the globe continue to stay connected with their loved ones and work remotely on the Zoom platform.
With more than 300 million daily meeting participants in mind, Zoom took to Zoomtopia 2020, its annual conference and virtual event this year to unveil a host of new features and offerings, such as OnZoom and Zapps, as well as a handful of updates to its Zoom Phone, Webinar platforms, and security updates – all which are aimed at improving the in-meeting experience for its users.
Some of the key announcements revealed at Zoomtopia are as follows:
- End-to-end encryption (E2EE)– Zoom will become even more secure for its users. Starting next week, Zoom’s end-to-end encryption (E2EE) offering will be available as a technical preview, and Zoom will proactively solicit feedback from users for the first 30 days. Zoom users – free and paid – around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions. With Zoom’s E2EE, the meeting’s host generates encryption keys and uses public key cryptography to distribute these keys to the other meeting participants. Zoom’s servers become oblivious relays and never see the encryption keys required to decrypt the meeting contents.
- OnZoom– Zoom is also committed to helping entrepreneurs and businesses. OnZoom is an online events platform and marketplace for paid Zoom users who want to create, host, and monetize classes, concerts, or fundraisers via the Zoom Meetings platform.
- Zapps– Both enterprise and free users will be able to improve productivity and create more engaging experiences. With Zapps (apps for Zoom), users will be able to use their favorite apps like Atlassian, Asana, Box, Dropbox, PagerDuty, and Slack directly within the Zoom platform. This means no more switching between multiple applications on your desktop. Now you can quickly navigate to apps within the Zoom interface to streamline permissions, grant document accessibility, and collaborate on screen
- We have also updated Zoom Phone for more security. Beyond streamlining the process of setting up devices, we also have security updates, such as AI-powered spam detection designed to block unwanted interruptions with support for up to 42 countries and territories.
EITN: What will these developments look like to your enterprise customers? How can they take advantage of these new developments/features?
Raagulan: For the enterprise customers, we are providing them with tools and platforms at their fingertips to leverage, so that they can have a better experience, and can use Zoom to take their work experiences to the next level.
Our users also don’t need to go out of their way to take advantage of these solutions. One thing about these new features is that they are implemented seamlessly within the application.
Zapps are accessible from a button on the Zoom interface, and enterprise customers will be able to do more during their virtual meetings. Users can access a selection of best-of-breed applications they require from within Zoom, so that they can collaborate on, and share documents, access cloud recordings and workspaces all at the click of a button, allowing them greater levels of productivity and access over meetings.
Similarly, E2EE provides greater levels of security for users, as long as the setting is enabled by the host of the meeting, or the group. The feature also requires the use of Zoom Rooms, the desktop client, or mobile app.
At the same time, we’ve also kept this simplicity in mind for the OnZoom platform. In order to host and monetise virtual events, hosts will need to follow a simple set of procedures to get registered, before being able to go live with their respective events.
EITN: Can you share some top business KPIs your customers have and how your platform is helping them achieve it?
Raagulan: Since the emergence of Covid-19 late last year, with organisations and schools across the globe forced to move online, Zoom has been working around-the-clock to ensure that businesses, schools, and other users across the world can stay connected and operational during this global pandemic.
We can’t speak on behalf of our customers on the topic of KPIs, but we can share some use cases and achievements from our clients.
One notable example is PropNex, Singapore’s largest real estate agency. As Covid-19 spread across the world and Southeast Asia, however, many of PropNex’s typical day-to-day operations that took place on-site or in-person became impossible. By executing site tours to virtual meetings on Zoom, during the last 10 weeks of Circuit Breaker in Singapore, PropNex closed over 50% of the newly launched properties in Singapore.
The company also leveraged Zoom Video Webinars to provide company-wide training to empower its employees to sell over the platform and use Zoom Webinar’s robust feature set to tailor their webinars to prospective customers.
At the same time, businesses such as Singapore’s GIC use Zoom as a solution to connect their teams over geographies. Through the use of a single app that is compatible across different devices and platforms, GIC has been able to connect offices across 40 countries, in different markets, different time zones, and different locations.
EITN: Can I have a summary of feedback from customers / potential customers, when so many security flaws and vulnerabilities were reported in the media, earlier this year?
Raagulan: When these security issues were raised, fortunately, and thanks to Zoom’s quick security response, we were able to address the issues quickly and gain back the trust from our customers. Zoom made the decision to freeze its planned product development for 90 days, and switched all resources to privacy and security.
Many praised us for our fast response and commitment, highlighting that it is a rare case of a company acknowledging their problems, admitting they made mistakes and misleading statements, and laying out concrete steps to fix it
EITN: The E2EE offering looks interesting. Could you share more details about this, and how are you making E2EE possible when there are so many components in the value chain from your platform right up to the customer?
Raagulan: We’re excited to announce that starting this week, E2EE will start as a technical preview, and we’re proactively soliciting feedback from users for the first 30 days, Zoom’s end-to-end encryption (E2EE) offering will be available on both free and paid plans.
Zoom’s E2EE uses the same powerful GCM encryption users get now in a Zoom meeting. The only difference is where those encryption keys live. In typical meetings, Zoom’s cloud generates encryption keys and distributes them to meeting participants using Zoom apps as they join. With Zoom’s E2EE, the meeting’s host generates encryption keys and uses public key cryptography to distribute these keys to the other meeting participants. Zoom’s servers become oblivious relays and never see the encryption keys required to decrypt the meeting contents.
This offering is another stride toward making Zoom the most secure communications platform in the world. This phase of our E2EE offering provides the same security as existing end-to-end-encrypted messaging platforms, but with the video quality and scale that has made Zoom the communications solution of choice for hundreds of millions of people and the world’s largest enterprises.
The rollout represents phase 1 of 4 of Zoom’s end-to-end encryption plans announced in May and is designed to help prevent the interception of decryption keys that could be used to monitor meeting content.