Beyond the noise — 7 reasons it’s safe to run Zoom
Prior to joining Five9, I spent 6 years at Cisco as SVP & GM of the collaboration business (including Webex). Before that I was the President of one of the largest cybersecurity companies and spent 20 years building security software to protect folks from the bad guys.
While at Cisco I brought my passion for security to the table and we made numerous security improvements to Webex while making it easier to use. Since I’ve left, the team continues to make Webex easier and more secure.
I never anticipated the usage of these business technologies coming into the home, but that’s what they’ve done, most notably with Zoom. Over the last several weeks, my kids have switched to distance learning. Like many others, our school tried a popular meeting product first and found it wasn’t up to the task — and within days they’d switched to Zoom. With my kids in daily Zoom meetings it was with annoyance and personal concern that I read the headlines of sick individuals “Zoom bombing” unsuspecting users, schools and so on.
My personal concerns mirrored that of many others. At a time when the industry was serving great global need, could we count on the security bonafides of Zoom to be the most depended upon platform? Should I allow Five9’s business to continue relying on Zoom?
Zoom provided me unfettered access to their engineers and security experts to answer all my questions. Through these conversations, I was able to get insight into some of the most important security capabilities which have been challenges for other meetings products.
After spending time with them, it is my opinion that Zoom has set the bar for the entire industry creating a product that is not only at least as secure as the competition, but also implements those security capabilities in a way that doesn’t sacrifice usability and ease of use.
I’ve summarized the top 7 facts about Zoom security that I found to back up this claim:
- Zoom has a highly secure Personal Meeting ID (aka PMI) solution. The Personal Meeting ID has become an incredibly popular way to meet (35% of all meetings are taking place on PMI’s), especially in the WFH era where ad-hoc meetings are common. Zoom has an industry-leading capability here with full password capabilities on their PMI’s and now requires them by default.
- Zoom has an elegant approach to locking meetings from unwanted guests (so called “ZoomBombing”) called “waiting rooms”. This allows for a meeting to be closed but let’s new users enter a waiting room where they can be admitted by the host or by another user. Other meetings products have the ability to LOCK the meeting, but the implementations are less elegant and generally require the host to admit each new entrant.
- Going further on Zoom bombing, Zoom recently made it even easier to discover the controls to manage this with a new easily accessible “Security” button in the meetings control bar (also on mobile). Very impressive how quickly this was done.
- Encryption. There are two primary questions about encryption. First, what encryption is used. Zoom uses AES-256 ECB moving to GCM. This is industry best in class for encrypting conversations on your computer or phone, and securely transmitting those to Zoom systems. Second, the question of E2E encryption. The promise of E2E Encryption is that the contents of your conversation are encrypted on your computer using keys that are not available to anyone until they land on the far end computer. E2E encryption place severe limitations on functionality like joining from conference rooms, sharing screens, joining before the host and more. Due to these limitations, there has been no industry standard defined. E2E under current limitations isn’t viable for any video conference provider today.
- Zoom has an innovative way to prevent copying of shared content called virtual watermarks. They’ve set a new bar here for protecting your content. You won’t find this in other products.
- Zoom has support for Virtual Backgrounds. Folks have gotten very creative with these which have popped up on social media. The virtual background also serves as an important security feature for large enterprises to prevent sharing of whiteboards or other confidential information which may be visible in the background and inadvertently transmitted in the video.
- Zoom has industry-leading capability for admins to control sharing options of participants, for example an Admin can prevent desktop sharing, and only allow app sharing. This is a critical security feature to prevent users from inadvertently sharing documents, messages or other pop-ups that may contain confidential information.
This is not an exhaustive list, I’ve left out other security advantages Zoom has such as client update capabilities, local data residency support and fine-grained controls of meeting recordings which are critical to highly regulated industries like government, education, healthcare and financial services.
With the exception of number 3, all of these security capabilities in Zoom existed before the recent “Zoom bombing” incidents. In fact, they’ve enabled Zoom to win the business of many of the largest enterprises in the world.
At a time when unprecedented numbers of people are counting on video conferencing technologies more than ever before, it is frustrating to see some actors fanning the flames of fear, uncertainty and doubt. I feel a moral obligation to share the facts of the situation as I know them. As a public company CEO and as a cybersecurity expert, my personal opinion is Zoom is a safe bet for everyone.
Disclaimers: As stated above, Five9 is a customer of Zoom. Five9 also has partnerships with Zoom and other UC providers — integrating Five9 Contact Center with their systems. Personally, I make angel investments in early stage tech companies. One of my investments is in neat.no a hardware company making room systems that work with Zoom. Zoom is also an investor in neat.no.
