New Delhi, May 8 (IANS) Video meet app Zoom which has become a case study on security and privacy engineering has left enterprises confused whether they should buy an enterprise license for Zoom right now, ban it from all company devices, or proceed with a trial to see how it works.
According to a report from global market firm Forrester, for these firms, context and risk tolerance matter the most.
“Don”t ban Zoom outright as you won”t be able to stop users from adopting it. For security and risk pros, widespread adoption of Zoom increases their firm”s attack surface. But adoption of Zoom mirrors Slack and other consumer IT technologies that land and expand in the enterprise by making things easy and targeting users, not buyers,” said Jeff Pollard, VP, Principal Analyst Serving Security and Risk Professionals.
Don”t assume the Zoom alternatives are more secure and more private.
“If Zoom commits to security and privacy as its recent actions indicate, then at some point down the line Zoom could be one of the most heavily scrutinized and secure videoconferencing tools available. That”s going to take a long time, as these issues require more than simply releasing patches,” Pollard added.
Zoom is undoubtedly not the only platform for sensitive corporate communication with security issues.
Zoom got hit first but that also means they took their beating earlier than others.
“If the company moves fast and fixes things, and continues with the transparency seen in its weekly updates regarding the status of fixes, it could come out ahead in the long run,” the report mentioned.
Now, Zoom faces a host of privacy and security flubs because it failed to follow a simple rule: Every company must secure what it sells.
Communication platforms can have great UX and decent security without good privacy, but if they have bad security and bad privacy practices, it doesn”t matter how good the user interface is the whole show falls apart.
Researchers discovered numerous privacy and security flaws in Zoom, many of which have since been addressed, while the company plans to address others in future updates.
“For Zoom to prove long-lasting commitment to security and privacy, it needs to formally hire a CISO with expertise in post-breach environments, or one that understands the need to tie security to customer-facing requirements,” said Pollard.
Zoom acquires security startup Keybase
Zoom on Thursday announced the acquisition of secure messaging and file-sharing service Keybase, as part of its 90-day pledge to address privacy and security issues with its own platform.
The acquisition, for which financial terms were not disclosed, is aimed at eventually building end-to-end encryption on Zoom.
According to Eric S Yuan, CEO of Zoom, the first step is getting the right team together.
“Keybase brings deep encryption and security expertise to Zoom, and we’re thrilled to welcome Max and his team. Bringing on a cohesive group of security engineers like this significantly advances our 90-day plan to enhance our security efforts,” Yuan said in a statement.
Since its launch in 2014, Keybase’s team has built a secure messaging and file-sharing service leveraging their deep encryption and security expertise.