Zoom has now announced that it plans to address security concerns but it may be too little too late. The company’s video conferencing software has gained both popularity and notoriety over the past few weeks. That’s the result of an increase in the number of users taking advantage of Zoom as isolation and social distancing measures ramp up. But also of severe security leaks found in the software.
Those security concerns have been widely reported, slowing Zoom’s growth. But it has also prompted swift action from the company. To begin with, founder Eric S. Yuan laid out a 90-day plan to combat the issue. That plan has now been updated with the announcement of a new cross-industry collaboration.
Now, Zoom has announced the formation of a Chief information security officer (CISO) Council and Advisory Board. That will include leading security experts from the wider tech industry, including Alex Stamos. Mr. Stamos is Adjunct Professor at Stanford’s Freeman-Spogli Institute and a visiting scholar at the Hoover Institution. His role with Zoom will be as an ‘outside advisor.’
Beyond the addition of Mr. Stamos, Zoom also indicates that other security experts will be joining the effort to fix Zoom’s problems. That’s said to include CISOs from HSBC, NTT Data, Procore, and Ellie Mae, “among others” who haven’t been named. The Advisory Board, conversely, will include “security leaders from VMware, Netflix, Uber, Electronic Arts, and others.”
A multitude of security concerns plague Zoom and big corporations are taking notice
Zoom may now be ready to address security concerns but the initial discovery of leaks to Facebook wasn’t the only problem discovered. While the company almost immediately halted that breach from impacting users, it was discovered shortly afterward that other vulnerabilities were present. Namely, those vulnerabilities potentially let bad actors take control of webcams and mics belonging to Zoom users.
For Mac users, the problem was worse, with subsequent reports indicating that bad actors could take control of the devices themselves.
Making matters worse still, calls were shown to not be encrypted properly — or at least not to the degree that the company claimed. And video calls for some were routed through servers in China without explanation or need.
Summarily, Zoom’s problems stacked rapidly and were quickly made public.
As a result of that, organizations and user figures have halted or dropped off. Moreover, the announcement of a new cross-industry team to fix the issues may, in fact, be arriving too late. Reports now indicate that Zoom can no longer be used by Googlers, for example.
The company has not only told workers not to use it. Google will also be blocking Zoom outright on company-owned hardware, based on a recent BuzzFeed article citing company spokesperson Jose Castaneda. Google has told employees it will no longer work because it doesn’t live up to company standards for security.
Googlers aren’t the only ones abandoning Zoom either
The search giant isn’t the only major entity to have stopped using Zoom, at least for now, either. This week, both SpaceX and the New York City Department of Education are telling users to stop using Zoom. The latter organization hasn’t outright banned use but has asked schools to stop using Zoom — putting forward Microsoft’s services as an alternative.
Both Microsoft and Google have their own enterprise communications offerings. And each has currently been offered with a free trial period to meet the increasing demand for communications and collaboration apps caused by sheltering guidance around the globe.