Features | Interview

We Have Addressed Security Concerns: Zoom India chief

Sameer Raje speaks about exponential growth in India, controversies, public wariness and efforts to win back user trust

Ullekh NP Ullekh NP | 02 Jun, 2020

We Have Addressed Security Concerns, Says Zoom India chief

Sameer Raje

The Zoom app has seen a rapid growth in its users from 10 million earlier to 300 million following the COVID-19-related lockdown, but the company is mired in controversies. In April, India’s home ministry issued an advisory to users raising concerns about the prospects of cyber criminals using your videoconferencing app as an avenue to steal confidential information besides claiming that the software used in the platform is made in China and that some calls were being routed through servers in that country. Recently, India’s apex court has issued a notice to the Centre seeking opinion on whether your app should be banned over privacy and data security reasons. How do you respond to these charges?

Zoom is an American company, publicly traded on the NASDAQ, with a founder and CEO who is an American citizen, with headquarters in San Jose, California.

We have been helping some of the world’s largest financial services companies, leading telecommunications providers, government agencies, universities and others stay connected in a safe and secure manner. Many of these entities have done exhaustive security reviews of our user, network and data centre layers and confidently selected Zoom for complete deployment, and we actively engage with them to provide them with any information they need to make informed decisions.

Zoom has 17 data centres across the world, two of which are in India. Data of all paid users in India is routed through India-based data centres and that of all free users is routed through our data centres in the US. We also now offer a feature to our paid customers an option of controlling their data routing by opting out of certain data centre regions.

In our urgency to come to the aid of people around the world during this unprecedented pandemic, we added server capacity and deployed it quickly — starting in China, where the outbreak began. In that process, we failed to fully implement our usual geo-fencing best practices. As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect. We have since corrected this, and our blog post to explains how our system typically works, where our misstep occurred, and how we will prevent these kinds of problems in the future.

The home ministry advisory is based on CERT-In advisories. CERT-In issues advisories for any vulnerabilities of any software/application that are detected. While one of the CERT-In advisories for Zoom articulate how to safely use Zoom (i.e. using the Zoom security features), another one speaks of the vulnerabilities on our platform and the resolution for the same (i.e. by upgrading to higher version of Zoom in the same advisory). This is a normal practice followed in the software industry and is intended solely to apprise the public of the possibility of a vulnerability of any technology they might be using, and to highlight a solution (if available).

Beyond this, we are in touch with the Ministry of Electronics and Information Technology and the Ministry of Home Affairs (MHA), and communicating with them, in terms of sharing the facts about technology, security of our platform, and the privacy of our users using our platform. We are focused on providing the information they need to make informed decisions about their policies and initiate corrective steps if any.

The matter with SC is sub judice and we have faith in our courts, while we do believe that PIL is not accurate in assertions it makes.

India accounts for 18% of Zoom’s participants and the US 14%. Do you think your competitors are behind these negative reports of Zoom being ‘unsafe’ for use?

You are absolutely correct to say that Zoom has been growing exponentially. We would not like to speculate on the reason behind the spread of negative information about Zoom. We always have been true and focused on our customers, who in turn continue to support us. Our focus will always be to deliver happiness to our customers, while being honest about it, we are confident to overcome any difficulty that may arise, due to any influencing factors.

What are the advantages that Zoom offers over similar products?

The strongest advantage Zoom has over other products is it is simple and easy to use. Even a layman can start using Zoom in a few clicks and that is what makes it easy to adopt. Beyond this, users also are absolutely sure about frictionless, immersive video and audio experience even at low bandwidths. There are a host of other features which our users love us for. Beyond this, the central IT Teams love our features of dashboarding and reporting to ensure that they keep their end users happy. Hence Zoom is loved by users at both ends of the spectrum.

How many participants do you have in India? Do you plan to offer new features or make any such announcements for your users anytime soon?

Usage of Zoom has ballooned overnight – far surpassing what we expected when we first announced our desire to help in late February. To put this growth in context, as of the end of December last year, the maximum number of daily meeting participants, both free and paid, conducted on Zoom globally was approximately 10 million. In April, this figure was around 300 million daily participants.

Given how quickly our platform is adapting each day to better address all of these new users, we don’t want to speculate too much on what the future holds. For now, we’re focused on helping as many people and businesses as we can stay connected – whether they’re hospitals, schools, financial institutions, governments or users looking to stay in touch with colleagues, friends and family.

How do you plan to allay people’s fears and earn back their trust in the face of a widespread misinformation campaign?

This is a journey for us, and we have been working on it. From the 90-day plan (vowing to to proactively identify, address, and enhance the security and privacy capabilities of the Zoom platform) to reaching out to our customers and prospects through blogs, websites and webinars, we are putting facts out there and are being honest about it. In fact, many individuals and customers have been appreciative of this, and also about the speed and agility with which we have brought out changes some of these are mentioned below while rest can be found on our blog:

– Announcing of 90-day plan
– Formation of a CISO council
– Releasing of new updates latest one being Zoom 5.0 in a short span
– Acquisition of Keybase to offer end-to-end encryption

Also Read
Zooming Out
‘There’s a Zoom fatigue’

interview Sameer Raje technology video conferencing zoom