With social distancing measures designed to slow the spread of the coronavirus making remote workforces the new norm for many enterprises, organizations are increasingly turning to technology for communication and collaboration. One of the results of this is a huge surge in the use of videoconferencing app Zoom for meetings. Consider that at the end of December 2019, the number of daily participants on Zoom was approximately 10 million. By March 2020 that number reached more than 200 million daily meeting participants. While the Zoom app’s easy-to-use interface continues to attract users, its security shortcomings and risks should make organizations rethink using it for business communication.
Zoom is offered as an enterprise app, but it was never designed to be an enterprise-grade SaaS, and as a result it falls short of not only security and encryption, but provides no control to the enterprises to mandate the use of the of platform in a compliant and secure manner. The rapid growth of Zoom has turned a spotlight on the app’s security practices with widely publicized issues over the last several months ranging from:
- Rising incidents of “Zoombombing” where uninvited attendees disrupt video conferences with inappropriate images or content
- Allegations that Zoom was sharing data with third parties resulting in two lawsuits filed in California. A March 26th report from Motherboard highlighted that the Zoom iOS App sent data to Facebook even if the user did not have a Facebook account
- Misrepresentation by Zoom about using an end-to-end encryption system to secure communication
- Non-compliance with regulations like GDPR by storing information and encryption key in China for users and enterprises located outside of China.
While Zoom has addressed some of these issues, it seems clear that in the development of the app, user experience was prioritized at the expense of enterprise security. In a recent NPR article on security issues associated with Zoom, Patrick Wardle, a researcher who previously worked at the National Security Agency was quoted as saying “things you just would like to have in a chat and video application — strong encryption, strong privacy controls, strong security — just seem to be completely missing.” Such concerns have led organizations like Google, SpaceX and NASA among others to ban the use of Zoom.
Locking down enterprise communication with secure, purpose-built enterprise-grade collaboration platforms is always critical but becomes even more so in the current environment as remote working makes teams more distributed. It is imperative now more than ever for organizations to adopt secure enterprise-grade collaboration platforms that encrypt conversations end-to-end and protect against the inherent risks of using unsecure apps for business communication.
Zoom’s track record has shown it to be one of these unsecure apps and organizations should beware of the risk of exposing sensitive information in using this app. TechCrunch summed this up best in saying “for now Zoom at your own risk.”
Enterprises don’t have to take security and privacy risks with NetSfere’s robust, secure and scalable enterprise-grade messaging solution that encrypts conversations end-to-end while bringing together the ultimate combination of text, voice and video with industry-leading security, administrative controls, and compliance.