Zoom has had a tough week. While usage has been setting new records they have had to cope with a slew of security gaffes that have received lots of media attention. Concern over some of these issues is justified. However, Zoom seems to be getting more than its fair share of condemnation from the security researcher community. What is going on?
Zoom, unfortunately for them, started a security research feeding frenzy. The confluence of a pandemic, Zoom’s growth, media attention, and some questionable security decisions has added up to a colossal headache. The attention is so bad that Zoom has had to call a 90-day feature freeze to focus on privacy and security issues. Ouch.
What is sad, for Zoom, is that growing from 10-million to 200-million daily users in a few months should be a triumphant moment. They have done a lot right to be prepared for this moment. What they clearly were not prepared for was the attention that this moment would bring to some questionable product security questions.
Zoom could not do anything to control when, and if, their product would swim into this feeding frenzy. All they could have done was prepare better.
Is your product, service, and company prepared to get Zoomed? Are you confident in both your security architecture and implementation?
If you aren’t sure and you don’t want to get Zoomed, do this:
⁃ Clear some engineering time to really focus on security and make it a habit.
⁃ Take an adversarial perspective on all of the key security architectural and implementation decisions.
⁃ Just accept that your product has some security warts. As I like to say, your baby is not that pretty. That’s ok. You can find and fix the problems if you focus.
⁃ Get your team trained on how to find and fix security architecture and implementation issues.
Just like Zoom you’ll have to mount a campaign to pay off your product’s security debts. The benefit is that you can control the timing of this investment rather than getting Zoomed at the worst possible time.
Carve can help you to mount a successful product security campaign so that you don’t get Zoomed. Get in touch with us to learn more.