EXECUTIVE SUMMARY:
The 90-day security marathon:
Earlier this year, Zoom endured legal scrutiny and heavy public criticism due to a rash of “Zoombombings,” exposing the platform’s cyber security weaknesses. In a bid to regain public trust, Zoom launched a 90-day security marathon, beginning on April 1st 2020, and ending on July 1st, 2020. How did the company’s efforts measure up?
In May, Zoom acquired Keybase, an identity management start-up that can assist with end-to-end encryption. Despite hot debate, ultimately, the company chose to pursue end-to-end encryption for all users, both paid and non-paid.
Other facets of the security improvement marathon included:
- A redesigned bug bounty program
- Additional penetration testing
- The hiring of well-known Silicon Valley security talent
- A CISO council
- Designing and developing new security features
And more.
Across the three month interval, engineers installed 100 new security features, and CEO Eric Yuan says that security is now built into the company’s DNA. Nonetheless, Yuan also says that there’s more work ahead. “Privacy and security are ongoing priorities for Zoom, and this 90-day period –while fruitful—was just a first step.”
Security by design:
Cyber security experts see Zoom’s situation as a reminder that security should be fully embedded into systems from the beginning. Fixing security later means taking resource intensive, cost-draining damage control type measures. How can you effectively build security into your applications? Read this Cyber Talk article for quick, easy steps to take.
For more on this story, visit Forbes.