Sam Tayan, Managing Director at Zoom in the Middle East and Africa, provides insights on the various measures Zoom employed to ensure its user’s privacy and security in the past year.
Despite the recent security breaches faced by several communications platforms, there remains various platforms that ensure the security and privacy of their consumers. However, it is important to keep in mind the importance in wisely choosing the right communication platform to use considering the fact that the number of cyber-attacks and fraudsters operating online is increasing.
In the past year, Zoom saw a sharp increase in the number of consumers globally. This meant that our responsibility to ensure a safe and secure space for our consumers, especially throughout the pandemic grew simultaneously as well.
However, at Zoom, we feel a responsibility to help where we can. As more users start using our platform, we have been proactively engaging with them to ensure they understand Zoom’s relevant policies and the best ways to use the application, including many recent updates to Zoom’s security features that help users protect their meetings.
In fact, at the beginning of the lockdown, we started a 90-day plan, through which we doubled down on our commitment to security, and we are proactively working to better identify, address, and fix issues.
We enacted a 90-day feature freeze on all features not related to privacy, safety, or security. We released Zoom 5.0, featuring AES 256 GCM encryption, the Security icon and the “Report a User” feature, changed default settings for meetings (turning on passwords and waiting rooms by default), tighter Zoom Chat controls, and more. We also acquired Keybase, started building our end-to-end encryption offering for all users (free and paid) and began offering customized data routing by geography.
After that, we announced robust security enhancements with the upcoming general availability of Zoom 5.0, a key milestone in the company’s 90-day plan to proactively identify, address, and enhance the security and privacy capabilities of its platform. By adding support for AES 256-bit GCM encryption, Zoom provides increased protection for meeting data and resistance against tampering.
On the back end, AES 256-bit GCM encryption will raise the bar for securing our users’ data in transit. On the front end, we are the most excited about the security icon in the meeting menu bar. This takes our security features, existing and new, and puts them front and centre for our meeting hosts. With millions of new users, this will make sure they have instant access to important security controls in their meetings.
Therefore, it has become evident that creating strategies that showcase the best methods to create a private and secure platform for its users is essential to making them feel safe using the platform. It also protects an organization from cyber-attacks and privacy breaches.
Additionally, organizations must continue to act aggressively to anticipate and combat ever-evolving data security challenges and work hard to develop robust tools and policies to help uphold those commitments. At Zoom for example, we have done the below:
•End-to-end encryption: We launched our end-to-end encryption feature to free and paid users worldwide.
•Geo-fenced data routing: We implemented strict geo-fencing procedures around our mainland China data centre. No meeting content will ever be routed through our mainland China data centre (one of 19 co-located data centres routing traffic) unless the meeting includes a participant from China. Our paid customers can choose the specific data centres through which their data is routed.
•Internal access controls: We significantly enhanced our internal access controls. Among other things, we have restricted China-based employees’ access to Zoom’s global production network.
•Government Requests Guide: We implemented a Government Requests Guide, which provides that Zoom will subject any government request to a careful and thoughtful review, prioritizing the privacy, security, and safety of our users at all times. Zoom’s handling of requests from any government must now receive approval by Zoom’s U.S. legal department.
•Employee training: We have conducted robust training for employees focused on data protection and compliance.
Furthermore, we have security engineering and source compliance teams that conduct periodic reviews of source code. We are also establishing an Insider Threat Program that ensures that Zoom has necessary information on its current and prospective employees to assess insider threat risk and systems to flag warning signs of suspicious behaviour of current and prospective employees.
Over the last several months, we have reaffirmed our commitments to maintaining the highest standards of trust and security on a global level and are making sure we update our security system. We have worked hard to develop robust tools and policies to help uphold those commitments, with that said, Zoom takes user privacy, security, and trust extremely seriously.