- Following weeks of scrutiny for privacy and security, Zoom CEO Eric Yuan is taking ownership of "missteps," he told CNN Sunday. The new users and use cases added in the last two weeks are "very different" from existing enterprise customers with IT teams, he said.
- Yuan reinforced the security suggestions the company posted on March 20 regarding "Zoom-bombers," or gate-crashers. "I think we have all the security features built in," but the company should've enforced and educated new customers as they were added, he said.
- While entities, including public schools, are hesitant to use the service after its security issues, Zoom is working with New York schools to prevent withdrawal from the platform, according to Yuan.
Zoom's popularity skyrocketed in the last month as the coronavirus outbreak forced workers to stay home. However, its overnight popularity put its flaws under a microscope.
"We doubled down, tripled down on security" in the last few weeks, according to Yuan. He wants Zoom to embody a security- and privacy-first company.
Following closer inspection by users and white hat hackers, legal entities, including the New York Attorney General and Federal Bureau of Investigation, started to show interest in Zoom's security and privacy practices.
From a security standpoint, Zoom's methods are similar to its other video conferencing competitors. However, in its security white paper, Zoom's definition of end-to-end encryption differs from reality. Zoom calls are encrypted using transport layer protection, a type of encryption favored by other video conferencing platforms. The caveat means Zoom could access a video's transcripts.
"Sharing specific types of data is allowed and common for many companies," Morten Brøgger, CEO of Wire, told CIO Dive. Providing the choice to opt-into data collection and sharing is where Zoom failed.
Zoom's "chronic issues" with security, including a now-remediated flaw from last year that allowed bad actors to hijack webcams, said Brøgger. Collaboration platforms as a market could be using this time of mass adoption to put security first, so enterprises feel comfortable sharing sensitive information.