Zoom has been dealing with a massive backlash over security and privacy issues.

Edward Gately, Senior News Editor

April 23, 2020

12 Min Read
Video conferencing with associates
Shutterstock

Zoom has experienced sharp highs and lows since the COVID-19 pandemic ushered in a massive wave of video conferencing to accommodate remote workers.

Its user base grew by another 50% to 300 million in the last three weeks. At the same time, Zoom has been dealing with a massive backlash over security and privacy issues that has prompted a number of governments and organizations to ban using the video conferencing app.

On Wednesday, Zoom announced security enhancements with the upcoming general availability of Zoom 5.0, part of the company’s 90-day plan to identify, address and enhance its security and privacy capabilities.

Zoom said adding support for AES 256-bit GCM encryption provides increased protection for meeting data and resistance against tampering.

So what have these highs and lows meant for Zoom’s partners? We asked Laura Padilla, Zoom’s head of global business development and channels.

Channel Partners: Can you first talk about the explosive growth that partners have experienced because of the work-from-home shift?

Padilla-Laura_Zoom-2019.jpg

Zoom’s Laura Padilla

Laura Padilla: The whole world is experiencing this unfortunate pandemic, so as a result, we’re all shifting. We’re all changing the way we normally work and are having to do that at an extremely fast pace. Our architecture is built in a way for distributed environments and for video sharing anyway, and that’s one thing that we were natively built for, so we just lend ourselves very well for a working-from-home environment, and so users just naturally gravitated towards us. And we were excited and proud to be able to help the world right now.

We obviously have everything from governments like New Zealand, the U.K. Parliament is using us to run their business and their countries, 100,000 schools are using us to run their classrooms and keep children educated, and health care institutions and and hospitals. So all those different use cases have been something that we’re very proud that we’re able to support. But at the same time, it was very challenging to do that all within three weeks or so. We went from about 10 million users to about 200 million daily users in a matter of weeks. So it was a strain on our infrastructure. But again, because the way our product is built, it’s built for distributed access. And so we were able to scale and to grow with the usage as needed.

CP: Has this prompted new opportunities for partners to gain new customers?

LP: Absolutely. Our partner growth has been exponential. I know one of your questions was have partners stopped selling Zoom, but actually it’s been the opposite. What it’s actually helped us with is partners who were on the fence or maybe were selling some of our competitors more have completely shifted to selling us more because they just see that we’re better to service their customers. The request for Zoom has been so high from their customer base that it’s been inevitable. And so the demand, the pipeline and the number of customers coming in, we’ve had to hire lots of new contractors to be able to support the influx and usage, and also support all the requests from partners as well.

CP: At the same time there’s been all these questions and concerns about Zoom security and privacy. What have you been hearing from partners about this?

LP: Our partners have expressed questions from their customers that are similar to the ones that you’ve been hearing in the press and so forth. And so we’ve done briefings to their customers. I just did a webinar … to our whole partner base around our security and privacy policies, and how we’re addressing the demand. And we’re doing another one, and also for the APAC region as well. We’ve given them a whole slew of assets that they can use to address any customer concerns, as well as we’ve been doing personal calls and briefings to their customers to make sure we address any questions that they may have.

CP: What’s been the response from partners? Are they able to then go to their customers and reassure them?

LP: It’s been great. Actually, after the briefings, they left very confident and comfortable using the product. None of them have…

…stopped using it as a result from my knowledge. And with some of the CISOs we’ve engaged with, and some of the heads of security and IT that we’ve briefed, they’ve left very comfortable with the information we provided.

CP: Can you talk about the steps Zoom has shared with partners in terms of what it has done to increase its security?

Yuan-Eric_Zoom.jpg

Zoom’s Eric Yuan

LP: Zoom CEO Eric Yuan now does a weekly webinar that’s Ask Eric Anywhere, and we’ve published a 90-day plan to be able to further increase our security. But to be clear, security has always been top of mind for Zoom, and privacy has been as well. We’re just now further enhancing it. So, for example, some of the things that we’ve done in our product is we’ve now created for the host a security icon that’s super clear … where once the meeting’s started, they can lock the meeting so that they’re not disrupted by somebody they do not want in the meeting or may hijack their meeting. They can enable a waiting room so they can see whoever wants to join the meeting. You can either admit them or not, depending on who the person is. You can also decide whether you want to allow participants to share their screen, to chat during the meeting and rename themselves. And if even after all of that your participants still decide to do something that is not welcome in the meeting or disruptive, you can also remove that participant instantly just from that security icon. So we’ve done quite a bit to be able to help users protect their meetings on top of also a few things for our free users.

And for our pro users, those who have one pro license, we’ve also put on default password protection. Our enterprise customers are really affected by this because most of them have single sign-on as part of their enterprise configuration. And so this is just an added enhancement for them. But, by default, those meetings are predominantly already safe because of that.

CP: There’s been several Zoom competitors that have been trying to gain customers by highlighting Zoom’s security issues. Any response to that?

LP: That makes me smile a little bit. It’s extremely common for software companies to have some sort of issues with hackers or other situations. The dark web issue, for example, that’s unfortunately a common issue and we hired a third-party security forum to investigate whether that was as a result of Zoom and if those claims are accurate. They are not accurate, and they have not found anything to show evidence that as a result of Zoom that passwords were stolen. What probably happened … is that people tend to use the same password for multiple applications … and one of those other applications probably resulted in somebody breaching them and stealing some of those passwords, and they happen to use that same password on Zoom. And then they were able to use those credentials to get into Zoom. That wasn’t as a result of Zoom or or anything that we’ve done.

But also on the encryption piece, we meet industry standards when it comes to encryption. If you really want to define what end-to-end encryption means when you use a video recording or video meeting, nobody really is able to do that. Cisco can’t do end-to-end encryption in their meetings. They offer a very limited feature version that nobody uses when it comes to end-to-end.

Longer term, we are going to design a new crypto graphic design for our product. And there’s a whole slew of other things that we’re also doing to ensure that our security is now much higher standard than even most of our competitors may have.

CP: Does Zoom have anything planned to assist partners whose business may suffer as the pandemic continues?

LP: Unfortunately, that’s a reality that I think we’re all living in today. There are businesses that are being impacted by this work from home. It differs by industry, of course, what the impact may look like. Fortunately, we haven’t been told that any of our…

…partners are at that place today. That may change depending on how long this lasts and how long people have to be out of work and stay home. We will have to revisit that on a case-by-case basis.

CP: Is there anything else you would like to share?

LP: The other thing that we just announced and talked about was the control of Zoom data routing. Say, for example, I am in the United States so by default my data center where my data is routed is in the United States. Let’s say I don’t want any of my data to touch Europe, for example, or countries in Europe. I will be able to now to deselect those regions and select where I want my data to route as well. I think that is a unique feature that customers can be able to take advantage of and enhance security as well around their data and where they want that to live. The only possible downside to that is, if you do deselect several regions because of our distributed architecture, you may experience some latency as a result of deselection and some performance.

Fuze: Organizations Must Ensure Customer Data Protection

The global shift toward remote work has not only highlighted the critical role of video conferencing tools in maintaining business continuity, but has underscored the importance of security.

Conry-Chris_Fuze.jpg

Fuze’s Chris Conry

Chris Conry, Fuze‘s CIO, said organizations must adhere to the following key pillars in order to ensure customer data protection and security in video conferencing: security by design; penetration testing and monitoring; vulnerability management; and encryption “everywhere.”

“It’s no secret that security and privacy requirements are more important than ever before when it comes to business communications, especially with video conferencing,” he said. “Unauthorized access and/or information leaks can have a significant negative impact on an organization. For example, leaked product details or breached financials, personal or health information can cause irreversible damage to a company’s customers, reputation and competitive advantage in the market.”

Organizations should be mindful that their video conferencing solution includes sound data protection and security rigor, Conry said. Secure practices should be embedded throughout the development life cycle, from design through build and deployment, he said.

Common mistakes can lead to vulnerabilities, and therefore opportunities for cybercriminals, he said.

“There are a few — some universal — bad habits, regardless of the application being used, and then some more specific to meeting solutions,” Conry said. “Not being protective of your user credentials (i.e., using complex passwords and not sharing them with others or across multiple systems) and not leveraging multifactor authentication whenever possible are basics that are still unfortunately not broadly adopted. Similarly, not keeping your devices and apps up to date with the latest revisions is a recipe for trouble, as software providers are constantly releasing security patches and software updates to optimize security.”

Ensuring that meetings are set to private and are password protected are key ways to protect against data leakage and unauthorized access, he said. But these easy-to-enable features are often overlooked, he said.

“The recent events that forced the majority of global employee bases to work remotely … have likely highlighted gaps or weaknesses in many corporate security tech stacks,” Conry said. “Those that were diligent about identity management, endpoint security and asset management before COVID-19 are less likely to be compromised or leave their businesses at risk to bad actors.”

Vonage Reports Massive Usage Surge

Vonage‘s video conferencing minutes across all industries skyrocketed last month, and peak minutes were up 435% month-over-month from February.

Industries that help keep essential systems running experienced video conferencing traffic surges between February and March. Month over month:

  • Video traffic from technology companies increased 287%;

  • Video traffic from social media platforms and messaging apps increased 271%;

  • Business service providers experienced a 222% increase;

  • Financial services firms experienced a 155% increase; and

  • Media industry companies experienced a 120% increase.

Mario DeRiggi is Vonage’s senior vice president of channel sales. He said many organizations are turning to partners for guidance on how to move to quickly and securely transition to a virtual work environment.

“Across all industries, programmable video solutions powered by APIs are playing a key role in business continuity, enabling…

DeRiggi-Mario_Vonage.jpg

Vonage’s Mario DeRiggi

…organizations to stay connected and deliver services in a personal, seamless and secure way while keeping employees safe,” he said. “Vonage is dedicated to helping its partners and their customers by not only providing guidance on how they can quickly and easily set up their remote workforce to minimize disruption, but also to equip them with the necessary tools and resources to have a high level of preparedness and business continuity processes in place for the future.”

Vonage expects organizations to continue seeking advice from partners beyond the immediate need as they adopt video conferencing solutions to help transform their businesses, and keep their workforce productive and engaged long term, DeRiggi said.

“Programmable video communications solutions will continue to enable partners to help their customers to more easily navigate a world in which more work will be done remotely, and in which customer interactions will require scalable, secure and high-quality video technology,” he said.

On Wednesday, Vonage announced the launch of its Contact Center AI Virtual Assistant to help organizations respond to peaks in call volumes as the COVID-19 health crisis continues.

Read more about:

Agents

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like