Product Marketing Manager, Security

Webinar Recap – Ask Me Anything with Eric Yuan & Zoom Leadership: March 17

Webinar Recap – Ask Me Anything with Eric Yuan & Zoom Leadership: March 17

In this month’s “Ask Me Anything” webinar hosted by Zoom CEO, Eric S. Yuan, we provided an update on our progress since our last executive session on Feb. 17, 2021. 

Eric was joined on the webinar by Gary Sorrentino, Global Deputy CIO; Richard Farley, Deputy CISO; Randolph Barr, Head of Product Security; Lynn Haaland, Chief Privacy Officer and Chief Compliance and Ethics Officer; and Rod Schultz, Head of Product Security and Privacy. Brendan Ittelson, Chief Technology Officer, joined us for the Q&A session. 

If you missed this month’s session, you can watch the recording here:

Reflecting on the past year

1:41-7:28: Eric began the webinar by recognizing it’s been one year since the World Health Organization (WHO) declared COVID-19 a global pandemic and how much has evolved since then. 

It’s also been about a year since we held our first “Ask Eric Anything” webinar as part of our 90-day plan, during which time we focused wholly on enhancing the privacy and security of our platform. Since then, we’ve accomplished quite a bit as a team. 

  • 2020
    • April–June: We released Zoom 5.0, which included a number of security enhancements and features to help users protect their meetings; acquired Keybase, a secure messaging and file-sharing service; launched our CISO council; and enabled control over data routing.
    • July–August: We improved Waiting Room notifications and the implementation of default passcode and Waiting Room options at the top of meeting schedulers.
    • September–October: We expanded support for two-factor authentication and released phase one of our end-to-end encryption offering.
    • November–December: To help users combat meeting disruptions, we implemented the At-Risk Meeting Notifier that scans public social media posts and other websites for publicly shared Zoom Meeting links and alerts their account owner. We also made enhancements to authentication profiles and implemented a warning of partially encrypted traffic.
  • 2021
    • January–February: We implemented more end-to-end encryption feature parity, and expanded end-to-end encryption to support meetings of up to 1,000 participants, and launched our Trust Center. We also implemented a feature that warns when there is unencrypted traffic, giving users the option to block this specific traffic.
    • March: We are launching an upcoming new feature called the Chat Etiquette Tool — read more about this in the product updates section below.
  • Ongoing: As part of our commitment to privacy and security, we’ve continued to build out our strong security team to support all of our new users and use cases. We’ve made over 200 new hires to the security and privacy staff within the past year. 

Fireside chat

7:29-32:55: Gary Sorrentino led a fireside chat with members of the security and privacy leadership team, chatting with Richard Farley, Randolph Barr, Lynn Haaland, and Rod Schultz about Zoom’s ongoing commitment to privacy and security across our platform. From the development freeze involved in our 90-day plan to best practices for expanding a security program to our support for education — the fireside chat highlighted just how much Zoom’s security and privacy efforts have evolved over the past year to support the new changes our users have faced.

Upcoming product and security updates

32:56-35:40: Rod spoke to some of the key product and security updates we have in the pipeline for this year. These include:

  • Chat Etiquette Tool: Launching on March 21, this tool automatically identifies keywords and text patterns in Zoom Chat and in-meeting chat and helps prevent users from sharing unwanted messages, such as those that include inappropriate language. It is important to note that the Chat Etiquette Policies are defined by account admins, not by Zoom, and that the tool does not send reports/flags to account admins or anyone else. The customers who are interested in this tool can reach out to their customer success managers (CSMs) for access to this tool.
  • Bring Your Own Key: We plan to implement configuration for Bring Your Own Key (BYOK) for our enterprise customers. This feature allows customers to choose to configure and encrypt their supplied data at rest with their own encryption key, instead of a default encryption key generated by Zoom.
  • Phase two of end-to-end encryption: With phase two, we plan to update our end-to-end encryption offering with better identity management and single sign-on (SSO) integration. We will provide more details on this at a later date.

Q&A

35:41-43:10: For the Q&A session, the panel fielded relevant questions from the audience. From Zoom’s HIPAA compliance framework to tips for securing the hybrid workforce, the questions prompted a lively discussion from the entire panel.

Thank you!

Whether you attended this month’s session live or watched after the fact, thank you for your interest in learning about our approach to security and privacy! We’re continually evolving our efforts to help make the Zoom experience seamless, safe, and secure for every user.

To learn more about our latest security efforts, be sure to visit the Trust Center or Zoom’s blog.

Don’t forget to share this post