Google, Microsoft talk up security after Zoom firestorm
- 13 April, 2020 09:03
As video conferencing platform Zoom continues to weather unfavourable headlines about its security, two big market rivals are doubling down on commitments to keeps users safe.
In recent weeks, Zoom has faced a barrage of criticism involving privacy and security failings, culminating in CEO Eric Yuan acknowledging this week that the company “moved too fast” but is now committed to being “open and honest with [customers] about areas where we are strengthening our platform.”
He also announced that Zoom had stopped development of new product features for 90 days to focus on security.
While rival video conferencing platforms haven’t faced the same level of criticism, both Microsoft and Google pointedly outlined what their respective Teams and Hangouts Meet offerings are doing to ensure meetings remain secure.
In a recent blog post, Jared Spataro, corporate vice president for Microsoft 365, stressed all of the security features Microsoft already offers Team users, including how it encrypts data and handles enforcement requests – two areas where Zoom has come under fire.
Spataro also noted that Microsoft doesn't use Teams data to serve ads or track participants' attention in meetings, something else Zoom has been criticised for.
“Now more than ever, people need to know that their virtual conversations are private and secure,” Spataro wrote in an April 6 post. "At Microsoft, privacy and security are never an afterthought. It’s our commitment to you—not only during this challenging time, but always."
Google took a similar approach, publishing its own blog post on April 7, summarising how Google Meet ensures meetings are secure.
In the post, Karthik Lakshminarayanan, director of product management for G Suite security and controls, and Smita Hashim, director of product management for Google Meet, Voice & Calendar, talked up Google’s efforts to combat abuse, block hijacking attempts, limit the need for frequent security patches and the platform’s “secure-by-design infrastructure.”
Though Zoom was not called out by name, the beleaguered platform has been criticised for problems in all of those areas in recent weeks.
“I think the moves of Microsoft and Google are partly defensive to reassure their existing users (both enterprise and personal), but also part offensive – trying to use the controversy over Zoom to take market share from them,” said Paul McKay, senior analyst at Forrester. “Zoom has been caught out in this regard because they have made claims in the past about their security which have later proven to be demonstrably incorrect.
"This has eroded a lot of trust in Zoom specifically, but I think their error here is not practicing good product security as part of development and making marketing claims which were not technically correct. They now have the next 90 days to prove if they meant what they said when their CEO responded to the issues last month."
Jarad Carleton, global program leader in cyber security at Frost & Sullivan, argued that many of Zoom’s problems stem from the “move fast and break things” culture it adopted early on. That mentality was easier to overlook because of the easy, intuitive and highly reliable nature of the platform.
But companies like Zoom that were not set up with a strong organisational security culture can later find themselves in a retroactive scramble to fix issues that should be dealt with from the outset.
Carleton thinks the recent attention on Zoom’s shortcomings will benefit users in the long run, forcing other video conferencing platforms to review their own security measures to avoid similar criticism. He also said that publicly announcing security audits could help show users that collaboration vendors take security and privacy seriously.
“Solutions such as Microsoft Teams, WebEx, Zoom and others are business tools, first and foremost,” Carleton said. “Any public criticism about security issues can impact subscription revenue, so the enhanced focus on security now as more people use them will only serve to enhance trust over the medium and long-term.”
While Zoom’s security flaws may have given a black eye to a platform that is now pulling in more than 200 million daily users, McKay believes other platforms have quickly re-doubled their security commitments because “Zoom-bombing” and session hijacking could be a danger to them, too.
“I think the impact of this is that it has forced all market participants to pay attention, not just those impacted,” McKay said. “If the industry doesn’t respond positively, then I think it could erode user trust as enterprises have now become fully reliant on these solutions to allow any modicum of productivity to be maintained in the current pandemic.”