Webinar Recap – Ask Me Anything with Eric Yuan & Zoom Leadership: Feb. 17
In this month’s “Ask Me Anything” webinar hosted by Zoom CEO, Eric S. Yuan, we provided an update on our progress since our last executive session on Jan. 27, 2021.
Eric was joined on the webinar by Hillary Ross, Security Product Marketing Manager; Max Krohn, Head of Security Engineering; Velchamy Sankarlingam, President of Product and Engineering; and Ron Emerson, Global Healthcare Lead. Brendan Ittelson, Chief Technology Officer, joined us for the Q&A session.
If you missed this month’s session, you can watch the recording here:
1:12-4:25: Eric discussed a few achievements that have occurred since our last Ask Me Anything webinar. These include:
- Frost & Sullivan recognition: Frost & Sullivan, a market research firm, has recognized Zoom with its 2020 Company of the Year Award. This honors our dedication to providing customers with innovative solutions that drive growth and deliver new capabilities.
- General availability of Zoom Rooms features: With the expansion of new Zoom Rooms features, we strive to enable organizations to safely re-enter the office and sustain an “everywhere workforce.”
- Safer Internet Day: For this year’s Safer Internet Day, we shared video tips for parents and teachers on how to create a safe digital learning experience on Zoom.
4:26-5:59: Max Krohn covered some new updates involving our end-to-end encryption (E2EE) feature:
- Changes to encryption white paper: As part of our commitment to transparency and security, we strive to keep our end-to-end encryption white paper updated with new information. The most recent version of the white paper can be found on our GitHub page and includes updates from our phase one E2EE implementation, as well as details around phases two and three.
- One-on-one chat with private keys: As part of the release of Zoom 5.5 in January, one-on-one private chats are now available in meetings using end-to-end encryption.
- Reactions and feedback: We’ve also re-enabled participants’ ability to provide real-time nonverbal feedback and reactions to information being shared in Zoom Meetings leveraging E2EE.
- Breakout Rooms: We are working on making Breakout Rooms available in meetings that have enabled end-to-end encryption. We will continue to provide updates on our progress.
Engineering security overview
6:00-9:55: Velchamy spoke to all the progress Zoom has made on its engineering security program. He explained Zoom’s engineering security vision — to build a scalable and mature security program to deliver secure applications and services — and how Zoom’s Security Development Lifecycle (SDLC) is core to achieving this vision.
Our Security Development Lifecycle is a defined process that we’ve implemented to make sure security and privacy remain a priority in each phase of our product and feature development, from design to production. Our SDLC encourages a continuous focus on software and technology security, educates stakeholders about security considerations, creates a process for new and existing features to undergo security reviews, provides specific guidelines for security testing, and sets up a well-documented process that can be continuously improved upon. This SDLC guides our security architecture, testing, and automation.
Healthcare & HIPAA
9:56-19:37: Ron Emerson shared how we’re continuously expanding and enhancing our platform to help our healthcare customers operate even more efficiently in the face of new challenges.
Our Zoom for Healthcare offering can be deployed in a variety of ways to meet the diverse needs of our healthcare customers — from administration and medical education to telemedicine applications and patient-centered care offerings. The platform enables HIPAA compliance, allowing our healthcare customers to leverage Zoom while maintaining privacy, security, and compliance.
We also have a Business Associate Agreement (BAA) available. A BAA is a legal contract that describes how business associates or subcontractor business associates — what Zoom is to our healthcare customers — adhere to HIPAA, and outlines responsibilities and risks they take on in providing services to healthcare customers. We’ve recently updated our BAA so that Zoom for Healthcare customers can now utilize Zoom Phone, have the ability to access cloud recordings and the administrator dashboard, and create in-meeting chat logs.
Ron also revealed that we will be expanding access to Zoom for Healthcare by removing the $200 minimum previously required to obtain a Business Associate Agreement.
19:38-45:00: For the Q&A session, the panel fielded relevant questions from the audience. From security’s role in a safe return to the office to successfully using filters for Zoom Meetings, the questions prompted a lively discussion from the entire panel.
Whether you attended this month’s session live or watched after the fact, thank you for your interest in learning about our approach to security and privacy! We’re continually evolving our efforts to ensure the Zoom experience is seamless, safe, and secure for every user.
To learn more about our latest security efforts, be sure to visit the Trust Center or Zoom’s blog.