Amid swiftly mounting security concerns from the public, Zoom has announced the creation of a collaborative security council and advisory board. Both will include “security leaders from across industries” to tighten Zoom’s cybersecurity measures.
Zoom’s user base has grown immensely in the last month due to coronavirus-related social distancing measures. That increased presence has brought also increased scrutiny into how the company handles and protects user data.
The announcement comes just a week after CEO Eric Yuan’s assurance that the company is actively looking into reports of privacy and security flaws. Yuan stated at the time that Zoom would be putting all feature updates on hold for the next 90 days to pool engineering resources and identify fixes.
Zoom’s new security council and advisory board could prove to be just what the software needs to keep its users safe. But the new groups will need to act fast before tech experts — and the public at large — lose much more faith in the software.
Collaboration is the name of the game — Zoom’s solution to better understanding its own security flaws is outsourcing. The company’s new Chief Information Security Officer (CISO) council and advisory board will both pull their members from the wider tech community.
“Collaboration across the industry is one of the most effective ways to ensure we are implementing security and privacy best practices,” the announcement reads.
Already the Zoom CISO Council includes tech leaders from big companies like HSBC, NTT Data, Procore, and Ellie Mae. Yuan says the council will be tasked with engaging in an “ongoing dialogue” about cybersecurity.
The Advisory Board will act in a similar capacity, albeit with more hands-on assistance directly to Yuan himself. Security leaders from Netflix, Uber, VMware, and Electronic Arts have already signed onto the board. Yuan hopes the creation of this board will enable him to be a more “effective and thoughtful leader.”
How bad is Zoom’s security, really? — For the uninitiated, here’s a short list of security flaws that have been reported in Zoom since February: video chats have been left open to random hackers; the app’s attention-tracking feature has been shown to bypass browser security; its iOS app was found to share data with Facebook, even if users didn’t have an account; a vulnerability was shown to reveal users’ Windows login information; and, its encryption has been proven inconsistent, with the company often inflating claims of security.
TL;DR: based on these and other reports, Zoom’s security is very flawed indeed.
Bonus: Alex Stamos? — A sizable chunk of Yuan’s latest blog post is dedicated to Alex Stamos, a name that is probably unrecognizable unless you happen to work deep in cybersecurity research.
Stamos is an adjunct professor at Stanford University right now, but prior to that he served as Facebook’s Chief Security Officer for three years. He left that post after some heated disagreements over how to handle Facebook’s part in misinformation spread by Russia during the 2016 presidential election. He’s also worked as a cybersecurity executive for Yahoo.
Stamos says he was approached by Yuan last week after tweeting about Zoom. He penned his own blog post about his appointment, wherein he speaks to his interests in how collaborative digital tools like Zoom can be best utilized without empowering those who wish to abuse them.
Zoom’s leadership is putting serious time and resources into finally living up to its promise to protect its users. It’s promising that the company’s strategy is to bring expert advice from outside Zoom’s walls. Now its new team members will need to work quickly to bring about change in the company before the public loses much more faith in its products.