There’s a growing list of companies and organisations announcing bans on the popular videoconferencing app Zoom over security concerns. 

A slew of businesses, organisations, and even countries, have banned the service after a litany of security flaws surfaced over the last few weeks. While the company and it’s CEO Eric Yuan have scrambled to patch the issues, its reputation is sinking fast.

Part of the problem is that the company, like the rest of the world, didn’t expect a global pandemic to force us all indoors. As such, videoconferencing services have become vital components of this new way of life, and Zoom is now one of the most popular. The app is simple to use and has a freemium option, which has seen a fairly big spike in enterprise usage – which is where the security issues are proving most concerning.

The two security issues that seem most concerning to businesses are ‘Zoom-bombing’ and the lack of end-to-end encryption. 

Google

Google has reportedly issued a company-wide memo telling employees who have the Zoom app on their work laptops that it will no longer work, although they can still use it on mobiles for personal use, according to an internal email leaked on 8 April.

The tech giant hasn’t specified why this decision was made, merely citing “security issues”, according to reports.

The FBI

As the coronavirus became a pandemic in March, and more of the world dived into remote working, the FBI sent out a warning about hackers invading and disrupting video conference calls.

Zoom was one of the companies singled out by the Bureau, which said that reports had come in from around the country of hackers hijacking meetings and using them to spread hate speech and pornographic images.

SpaceX

A couple of days after the FBI’s warning, reports suggested that Elon Musk had banned SpaceX employees from using the software.

It’s currently unclear if this ban extends to Musk’s other companies, such as Tesla. ‘Zoom-bombing’ is thought to be the main reason for the company-wide ban.

The Ministry of Defence

The UK’s Ministry of Defence (MoD) is also said to be anti-Zoom, following reports on 27 March suggesting the agency had advised government departments against its use.

However, it seems the message hasn’t been communicated as Prime Minister Boris Johnson recently revealed on Twitter that his cabinet has been using Zoom for meetings – with the ID of that meeting also unwittingly revealed in a photo.

The US Senate & Germany’s Foreign Office

Given that Zoom is a Chinese company, its lack of end-to-end encryption hasn’t gone down well in the Western world. Like Google and SpaceX, the US Senate is said to have told its members to avoid using the app, according to reports on 9 April. 

There are reports that the German government have placed restrictions on the software being used on fixed-connection computers.

According to Reuters, a memo to employees said: “Based on media reports and our own findings, we have concluded that Zoom’s software has critical weaknesses and serious security and data protection problems”.

Taiwan

Taiwan is the first country to completely ban the service, blocking its public sector bodies from using it. The software platform falls under the nation’s Cyber Security Management Act, ushered in last year, that bans organisations using services that have been “associated with security issues”. 

With the issues continuing to surface, Zoom has promised to become more security-focused – it has already hired Facebook’s former chief security officer Alex Stamos – but it will need to work quickly as its client list, stock and reputation are all in free fall.

Zoom customers will be able to choose which data centre regions their account can use for transmission of real-time meeting traffic, meaning that traffic now doesn’t need to be routed through China.

From 18 April, administrators and account owners of paid-for Zoom accounts can either opt-in or opt-out of a specific data centre region across the world, giving more control over how their traffic flows. 

The data of free users outside of China, moreover, will never be routed through China, with these users locked into data centres within their default region in which their account has been established.

The platform change has been implemented following a period of sustained criticism levelled towards the company for security concerns as well as privacy risks with its now extremely popular video conferencing platform. 

Last month, for example, it emerged that Zoom had been inadvertently sending a granular level of iOS users’ device data to Facebook through the mechanism of a sign-in integration. After this came to light, the company killed the integration and pledge to no longer transmit this data to the social media firm. 

In light of countless other complaints, the company last week moved to hire former Facebook chief security officer (CSO) Alex Stamos in a freelance advisory capacity to boost the platform’s integrity and robustness.

The backlash against the company reached a nadir last week after a host of organisations announced they were banning employees from using the platform. Even Taiwan distributed a declaration prohibiting government agencies and public sector employees from using Zoom, becoming the first country to ban the platform.

This ban was issued for security reasons, although many have suggested that, reading between the lines, the severity of the move was motivated by the revelation that some Zoom traffic was inadvertently routed through China. Diplomatic ties between the two nations are frosty, given that China does not recognise Taiwan’s independence. 

The swiftness by which Zoom has implemented changes to ensure traffic does not have to be routed through China, for both paid and free users, suggests the company is keen to mend its relationship with Taiwanese officials.

Paid-for Zoom users will be able to choose which data centre region their traffic is routed through, between the US, Canda, Europe, India, Australia, China, Latin America and Japan/Hong Kong. 

The Federal Communications Commission approved Google’s request to use part of a U.S.-Asia undersea telecommunications cable on Wednesday, April 8. Google previously warned that without approval from the FCC, the company would likely face significantly higher prices to carry traffic by other means. The FCC will allow Google to operate the segment for the next six months, pending a final disposition of the license application.

Google thanked the FCC for approving its request in a recent statement, noting that “dedicated global network deployment and operations [teams are] continually increasing capacity to meet the needs of our users, and that includes our subsea cable system.”

Google agreed to operate a portion of the 8,000-mile Pacific Light Cable Network System that runs between the United States and Taiwan. The company teamed up with Facebook to help pay for the construction of the telecommunications link, but U.S. regulators blocked its use.

This blockage forced Google to confront regulators earlier this year, telling them it has “an immediate need to meet internal demand for capacity between the U.S. and Taiwan, in particular, to connect Google’s Taiwan data centre to Google data centres in the United States and to serve users throughout the Asia-Pacific region.”

In its response to Google’s statement, the Justice Department agreed that without temporary authority, “Google would likely have to seek alternative capacity at significantly higher prices.” 

With this approval, Google has also agreed to diversify its interconnection points throughout Asia and will continue establishing network facilities capable of delivering traffic to its ultimate destination, the department added.

Slack boss Stewart Butterfield has poured cold water over Microsoft’s figures for Teams adoption during the coronavirus pandemic. 

The CEO was speaking to Market Watch about his own company’s spike in users and the inevitable comparison to Microsoft Teams seemed to get under his skin. 

Butterfield said the week starting March 9 was the “most productive” in his company’s history with a surge of new users turning into a “steep vertical” in two weeks. It took the platform four years to reach 10 million users, but from 10 March to 25 March, that number had grown by 2.5 million. 

There are a number of cloud-based services that have seen a big spike in users following the spread of COVID-19. Videoconferencing tools have become vital tools for people to connect with friends, family and work colleagues and Slack is also benefiting from the lockdown. It has, however, also increased the scrutiny upon its rivalry with Microsoft, which seems to irk Butterfield. 

“You probably sense the frustration in my voice,” he said on Market Watch. “Microsoft has made a huge push the past three years with a free service, but can you find a single Slack enterprise customer who has switched to Teams?”

“If Microsoft is such a competitive threat to Slack as it says, we would not have grown in sales and $1 million customers. I mean, 44 million is an impressive number, but that is out of 200 million Office 365 customers. That’s about a 20% adoption rate.”

Butterfield’s comments come just two weeks after he announced a Teams call integration on Slack, that suggested the two would bury the hatchet, but the CEO and his company have a history of firing barbs at the enterprise giant. Butterfield previously called Microsoft’s behaviour “unsportsmanlike” and in a tweet, Slack referred to it as a “boomer”. Despite recently going public, and also it’s rapid growth, Slack and Butterfield still see themselves as a startup taking on the corporate giant. 

“The smaller startup has an advantage against the large, established company because its focus is narrowed on doing one thing better,” Butterfield added. 

Cloud Pro has approached Microsoft for comment. 

The Mozilla Corporation’s first CEO Mitchell Baker has rejoined the company to serve as its next chief executive after Chris Beard announced his intention to resign in August last year.

Baker, who was instrumental in the creation of the Mozilla Foundation, has been serving as the company’s CEO on an interim basis since December 2019 when Beard officially stepped down from his position.

The company has been attracted to her “innate knowledge of Mozilla” alongside a sense of urgency and transparency and a focus on long-term development, which she’s demonstrated since taking over from Beard.

​Microsoft has announced that it will assist all UK schools in getting set up for remote learning, in order to help students continue to learn while at home.

The company has pledged to work with the 27,000 schools in the UK, helping them run lessons remotely using Microsoft Teams, Office 365, as well as software such as Minecraft: Education Edition, Flipgrid, Skype in the Classroom and InTune.

The tools are available to use on mobile devices, tablets, PCs and browsers, and focus on encouraging teamwork by allowing collaborations, communication and file sharing in real-time. Microsoft emphasised that the tools “offer a safe and secure learning environment, using intelligent security features enhanced by machine learning to protect data and identities”.

Microsoft UK’s director of education, Chris Rothwell, praised teachers for “showing incredible resilience, imagination, and passion to ensure that they can help keep children safe and can keep learning while they at home”.

“Technology is helping teachers keep in touch with students and to maintain a connection to the school and each other,” he said. “This offer to support any school get fully set up for remote learning is so that every school and pupil can benefit, and that learning can continue while schools are closed.”

In order to support teaching staff, Microsoft has also launched webinars aiming to promote the benefits of Teams. The topics covered include creating an online classroom, keeping students engaged with online meetings, as well as assisting IT Administrators in setting up Teams for online collaboration.

Schools across the UK have been closed since 20 March, allowing only vulnerable pupils and the children of key workers, such as NHS staff, to attend. Latest reports indicate that schools are not planning to reopen after Easter break.

​Google has become the latest organisation to ban videoconferencing app Zoom over security concerns.

The tech giant sent an internal email to employees last week, according to BuzzFeed, warning that Zoom’s app would no longer work on their laptops.

Zoom, which is a competitor to Google’s own Meet and Hangouts services, has seen a spike in usage following the coronavirus lockdown, but the mass adoption has brought greater scrutiny of the service and a number of security flaws have come to the fore.

The issues being reported with Zoom range from its standard of encryption to its resistance to hacking, but Google hasn’t specified which area it is concerned about.

“We have long had a policy of not allowing employees to use unapproved apps for work that are outside of our corporate network,” a Google spokesperson, told BuzzFeed. 

“Recently, our security team informed employees using Zoom Desktop Client that it will no longer run on corporate computers as it does not meet our security standards for apps used by our employees.”

Employees are still allowed to use the service to stay in touch with family and friends via a web browser or via mobile, but Google has added its name to a growing list of organisations – as well as entire countries – that have moved to ban the software.

The company has owned up to many of the faults it’s accused off. It’s CEO Eric Yuan suggested the company has simply moved “too fast” and were not able to put in place the required level of enterprise security. He also said the company’s new goal was to become a “security-first” organisation.

One of its first big changes in this regard is the removal of the meeting ID from the app’s title bar. This has come in an update to its Linux, Mac and Windows apps and follows on from reports of ‘Zoom bombing‘, where uninvited guests were crashing meetings.

The UK’s Prime Minister, Boris Johnson, recently posted a screenshot of a cabinet meeting over Zoom – with the ID visible to his 2.2 million Twitter followers.

An organisation might start its venture into cloud in one particular area of its work. Perhaps there is a cloud platform offering support for artificial intelligence (AI), machine learning or an Internet of Things (IoT) implementation that is useful for new product or service development, or for streamlining work with an existing product or service. 

Once cloud is established as beneficial in the area it has initially been brought in to help with, it often makes sense to see how it can be used elsewhere in the business. There might be other client facing areas of the business that can benefit, such as employing cloud based AI chatbots for end user engagement, or perhaps there are back-office areas where cloud might be useful such as accounting and payroll services, with AI features that can assist with and speed up monthly close.

A business-led approach

What’s important as use of cloud grows is to continuously view its implementation as business led, and not IT led. In the boardroom the Chief Data Officer role becomes central as they look for points where the agility of cloud can deliver benefits right across the business, while the Chief Finance Officer role might change fundamentally from constantly weighing up capital expenditure to focusing more on operational expenditure. Making those moves can ensure cloud is embedded in the business, but the question then becomes, how much cloud is enough, and how do you keep cloud provision in tune with an organisation’s needs?

Analysing how well cloud usage fits with current and potential future business needs might seem like a difficult thing to do. Getting it right will likely involve a mix of time-specific work around broad business planning and ongoing activity. 

In the former area, if the business is planning a new rollout and requires specific effort such as test and dev, research or fabrication, specific additional cloud resources might be required. In addition, Ramanan Ramakrishna, Cloud CoE Lead and member of the Global Cloud Leadership team at Capgemini, suggests organisations should take a look at cloud providers. He says that “on a quarterly to half yearly basis [companies] should look at the evolution of the PaaS and SaaS offerings from the leading providers and consider them for their cloud strategy,”, just to make sure they are taking best advantage of what’s on offer. 

Rob Greenwood, technical director at Cloud and DevOps consultancy, Steamhaus, tells Cloud Pro that outside of scheduled evaluations, those responsible for cloud within an organisation, right up to the Chief Technical Officer, should keep their ears to the ground in “an on-going process, constantly being aware of new releases and announcements from your cloud provider of choice and evaluating if and how these would supplement your current usage”.

Signs that you are under-provisioned

Amid all this checking on what’s out there and on what your own needs are, it is important to look a little deeper to make sure provision across the board within your organisation is adequate. Ramakrishna points out a few really useful warning signs that an organisation could be under provisioned. “Organisations where capital expenditure on infrastructure is rising year-on-year should analyse whether their cloud adoption is conservative,” he says, suggesting that “close attention should be given to ascertain whether the on-premise infrastructure is designed for handling peak volumes instead of a more optimal strategy of sizing for average volumes  and bursting into the cloud for handling peaks”.

“Another tell-tale sign is if small pockets of cloud purchases are being made from individuals within the business directly,” he says. “This might suggest a lack of coherent cloud strategy and hence cloud not being used in an optimal enterprise manner.”

Under provisioning cloud requirements in this way can have a negative impact on business growth, and here, again, the Chief Finance Officer and Chief Data Officer should work together to spot these tell-tale signs and leverage cloud appropriately to mitigate them. 

Mix your approaches for best results

Ensuring the business has enough cloud, distributed across the right parts of the organisation, is crucial to present agility and future growth. The strategy required to achieve this is mixed, and blends a range of approaches. 

There will be some forward-looking strategising to meet the ambitions of the business. There will be constant scanning of cloud provision technologies to identify areas where the business could benefit. These will combine with actively seeking out signs of under-provisioning, and ensuring that key leadership roles, most particularly the Chief Finance Officer and Chief Data Officer have eyes across the business. Together these strategies can ensure that the business not only has enough cloud, but is using that cloud to its best advantage.