author photo
By Bruce Sussman
Fri | Apr 24, 2020 | 5:30 AM PDT

If there's a symbol of remote work (and play) during the COVID-19 pandemic, it has to be Zoom.

Over the last few weeks, cybersecurity and privacy leaders have both criticized the company and defended it.

Zoom-bombing problems; calls and encryption keys routed through China; "end-to-end encryption" that was not really end-to-end; and more.

Then the company came up with a rapid response plan to fix privacy and cybersecurity concerns within 90 days.

Apparently, the company's quick moves are building confidence in the platform as more people than ever are using Zoom to stay connected and productive. 

Zoom sets another user record

This week, Zoom's CEO Eric Yuan announced that its 300 millionth user signed up for the service. That's nearly unbelievable when you consider Zoom's growth over the last few months.

Check out this growth:

  • 10 million daily users in December 2019
  • 200 million daily users in March 2020
  • 300 million daily users on April 22, 2020

Zoom answers cybersecurity concerns

It seems that nearly as quickly as customers are signing up, Zoom cybersecurity upgrades are rolling out.

Cyber attorney Michael Simon of XPAN Law Group is not surprised by these upgrades:

"This is a big market opportunity for them. This chance is not gonna come twice. How many companies do you know get the chance in three weeks to quintuple their market share? There's not many of those."

And not many companies act the way Zoom has after a privacy lawsuit along with bad press over cybersecurity.

"I mean, their response has been tremendous. Their response has been, I would use the word ahistorical. I mean, there's no cover-up here."

Listen to our complete interview with Simon on the SecureWorld podcast:

Michael Simon is far from the only Zoom defender out there. Many are on social media, such as the CEO and founder of tech company Okta.

Zoom's new data routing controls 

This week, the company rolled out a data control plan SecureWorld first reported on last week. Paying customers can opt out of certain data centers (like China or Hong Kong) to make sure their meetings and encryption keys never go through there. 

And geo-fencing will make the default data center in your region the first choice for your meetings unless congestion requires it to go somewhere else.

This follows revelations that some Zoom traffic from the U.S. and Canada was being routed through Chinese servers. 

CEO Eric Yuan immediately jumped on the company blog to apologize:

"In our urgency to come to the aid of people around the world during this unprecedented pandemic, we added server capacity and deployed it quickly—starting in China, where the outbreak began. In that process, we failed to fully implement our usual geo-fencing best practices. As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect."

Zoom cybersecurity upgrades in version 5.0

Zoom also announced version 5.0 will launch April 25-26, 2020, so you may see an update at the end of a meeting in the next few days.

Version 5.0 improves cybersecurity by increasing encryption from 128-bit to 256-bit GCM, "which provides more protection for meeting data and greater resistance to tampering," says Zoom.

Also, on the Zoom-bombing front, hosts and co-hosts can now report users to Zoom's Trust & Safety team, who will review any potential misuse of the platform and take appropriate action.

Additional Zoom cybersecurity upgrades underway

These new features are in addition to previously announced initiatives around privacy and security at Zoom. Here are things underway:

  • Conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases
  • Preparing a transparency report that details information related to requests for data, records, or content
  • Enhancing their current bug bounty program
  • Launching a CISO council in partnership with leading CISOs from across the industry to facilitate an ongoing dialogue regarding security and privacy best practices
  • Engaging a series of simultaneous white box penetration tests to further identify and address issues

Yes, this is Zoom's moment in time. And the company appears to be doing everything possible to seize it.