Networking, Content, Security Staff Acquisition & Development

Zoom Creates New Security Advisory Panel, Hires Former Facebook Security Chief

Security Advisor Alex Stamos
Security Advisor Alex Stamos

Zoom, the high flying video conferencer heavily criticized for its haphazard cybersecurity, has created a new security panel and an advisory board, and hired former Facebook chief security officer Alex Stamos as an outside advisor.

The San Jose, California-based company is slated to host its first weekly webinar led by chief executive and founder Eric Yuan on Wednesday April 8, 2020 to provide privacy and security updates and address questions in real time.

Zoom officials said establishing the CISO (chief information security officer) council is part of its three-month plan to “better identify, address, and fix issues proactively and improve the safety, privacy, and security of its software platform.” Earlier this week, Zoom reportedly got back in the federal government’s good graces with its positive response to the scrutiny directed its way primarily for reveling in its growth and popularity while neglecting to adequately handle the attendant cybersecurity risks.

Department of Homeland Security: Views on Zoom

A memo issued by DHS’ Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Risk and Authorization Management Program -- a watchdog overseeing software used by federal agencies -- sanctioned use of the Zoom for Government product but not the developer’s free or commercial offerings, a Reuters report said. In a separate statement, DHS and FedRAMP said the message was a best practice guide for government users, the report said.

Zoom officials reportedly declined to comment.

In a preceding blog post, Yuan said the platform was designed for enterprise users and admitted that the company was caught flat-footed by a flood of teleworking users springing from the coronavirus pandemic. “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home,” he said. “We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.”

Zoom has been duly chastised, Yuan said, by the bevy of complaints over its security lapses. “We appreciate the scrutiny and questions we have been getting – about how the service works, about our infrastructure and capacity, and about our privacy and security policies,” he wrote in the blog. ”These are the questions that will make Zoom better, both as a company and for all its users. We take them extremely seriously. We are looking into each and every one of them and addressing them as expeditiously as we can. We are committed to learning from them and doing better in the future.”

Zoom: Security Action Items

Along those lines, Zoom posted an extensive list of actions it will take to fix gaps in its cybersecurity profile. The full list, which spans training, tools, and support to help users get a better grasp on account features and how best to use the platform, appears in Yuan’s blog.

CISOs from HSBC, NTT Data, Procore and Ellie Mae are among a group who have agreed to occupy Zoom’s CISO council. Its advisory board includes security specialists from VMware, Netflix, Uber, Electronic Arts, and others.