Zoom is making rapid security changes after being banned from a number of high-profile businesses including Siemens, SpaceX and Standard Chartered following high-profile criticism from the InfoSec community. Where does this leave Zoom and what can other businesses learn from its meteoric rise in popularity exposing weaknesses?
Public concerns about Zoom’s security originally stemmed from an incorrect statement from Zoom that its service offered end-to-end encryption, which turns out not to be the case. This is not merely a semantic distinction, as the potential attacks and security vulnerabilities are radically different (and greater) in an architecture where communication does not remain encrypted for the full path between end points.
This episode illustrates the importance of recognizing the nuances of how security technology is implemented and communicating accurately about how those architectures work. Security decisions matter, which is why enterprises put such extensive resourcing behind securing their digital operations. All companies promoting their security are well advised to ensure what they say is strictly accurate.