ZOOM with caution:

Why your IT department (if they're smart) doesn't want Zoom anywhere near their enterprise grade network.

PUBLISHED: 02 April 2020

Zoom's recent surge in popularity due to the global Coronavirus lockdown has delighted the non IT savvy masses, many who are fans of the platform because their colleagues or friends have told them just how great it is. 

Thankfully this exact same surge has also finally put a magnifying glass over some serious concerns about the platform, much to the relief of beleaguered IT professionals around the globe who are becoming inundated with arguments to 'innovate' and allow it's use in secure environments.

To be brutally clear, Zoom is just one of a growing number of dime-a-dozen apps with privacy and security issues that have become a popular download for public use due to the current pandemic climate.  These types of apps are easy and convenient for users with no IT skills to click, join and even host meetings, chatrooms or collaboration areas  for free.  These attributes make Zoom a darling for those who don't require or who are generally unaware of strict security and information privacy requirements in the environments they work in. Now though, due to it's growing list of published and serious vulnerabilities and recent lawsuit concerning the peddling of data to 3rd parties, Zoom has been exposed by many sources, including the FBI to be an app that poses significant privacy and security concerns for any organisation that has a responsibility to protect sensitive client data or meet information privacy principles of any sort.

Despite Zoom's marketing suggesting that its meetings are secure and protected by "end-to-end encryption", the claim was spectacularly debunked by The Intercept  and Zoom was shown to have been culpable of dishonestly taking artistic licence with the true meaning of that term.  Using its own definition of this industry standard to assure users of its 'robust security'.  In fact Zoom was shown that it could itself access un-encrypted video and audio from meetings running through its platform.

Whilst other major cash earning companies such as Facebook, Microsoft and Google have been forced into transparency in recent times over 3rd party use of user data on their free platforms. Zoom so far has refused to publish any transparency report that would compel them to disclose the real risk to user privacy and expression, thus denying the tool of reporting that would hold them accountable to subscribers and end users of their service alike.

Zoom's deceptive marketing tactics, it's poor security record, the many known and recently published vulnerabilities in both its software and platform make this an application that is certainly not fit for purpose in any organisation that is required to be serious about its client's or its own information privacy, network security.

Globally, entities such as government, law enforcement, healthcare and insurance are favourite targets for cyber and ransomware attacks due to the value of the types of confidential personal data stored and transmitted by them.  It is the responsibility of the digital governance structures within these organisations to renew, with vigour, a strategy to educate their user base that platforms such as Zoom have no place in any Enterprise environment serious about its obligation to data protection and integrity.

The serious trade-off between security and convenience is not a risk that should even begin to be discussed when secure platforms already exist that would cater for use.