Zoom’s rapid adoption highlights security concerns; Microsoft and Google are better positioned
Microsoft (Nasdaq: MSFT) and Google (Nasdaq: GOOGL) were relatively well prepared for the unexpected demand for videoconferencing, with global data centers and strong security measures in place, while Zoom’s security was not ready for the same scaling. There have been numerous reports of “Zoombombing,” which is when hackers join a Zoom meeting and disrupt the workflow, particularly in online classrooms. While some educators did not use password protection to make their online classrooms private, TBR believes this security lapse also occurred because Zoom lacks end-to-end encryption. Microsoft and Google Cloud have experienced difficulty with outages but have performed well in terms of security with end-to-end encryption in Teams and Meet. The regularity of these hacks has led to a recent investigation by the FBI and caused some government agencies, companies and educational institutions to ban the use of Zoom. In TBR’s special report Security measures taken to combat impacts of COVID-19 on businesses will have long-term implications, Senior Analyst Nicole Catchpole discusses the security concerns with Zoom and other cybersecurity threats that have risen amid the COVID-19 pandemic.
Zoom, Microsoft and Google remove pay barriers, increasing usage and setting the foundation for a much larger base of paying customers post-COVID-19
Use of videoconferencing solutions is skyrocketing, but modernization of these platforms will be a long-term strategy
Zoom, Microsoft and Google are offering their video-collaboration tools for free to support the unexpected global shift to remote work and learning environments. For six months, Microsoft is removing paywalls for Government Cloud and certain Office 365 subscriptions — including Office 365 E1 for businesses and Office 365 A1 for educational institutions, both of which include Microsoft Teams. Google Cloud is also offering Meet for free until Sept. 30, but only to existing customers, which makes it slightly more restrictive than Microsoft’s offer. Finally, Zoom has also removed the 40-minute time limit on its free basic subscription tier for K-12 schools in numerous countries, including the U.S., where the company boasts roughly 60,000 customers as of mid-March. Within the “freemium” tiers that are available, Zoom customers can have up to 100 participants in a virtual meeting, whereas Teams and Meet can support up to 250 people in a meeting. Given that each of these vendors has reduced cost-related barriers to adoption, customers can select the vendor that best fits their broader IT environment.
The global shift to a virtual work-from-home and learn-from-home environment has drastically increased demand for SaaS solutions that support collaboration and remote workflows, particularly videoconferencing as companies and educational institutions try to maintain as much face-to-face communication as possible. Among the numerous SaaS offerings available, some of the most popular are Zoom, Microsoft Teams and Google Meet. Zoom quickly rose in popularity and became a household name, growing from 10 million users in December 2019 to 200 million users in March 2020. While Zoom’s (Nasdaq: ZM) number includes individual nonpaying consumers, the vendor has also signed paying business and organizational customers including IAC Group, Rubrik and Texas A&M. Microsoft Teams and Google Meet experienced growth spikes as well. The number of users on Teams more than doubled, from 20 million daily active users in November 2019 to 44 million in March 2020, including enterprises such as EY, SAP (NYSE: SAP), Continental AG and Accenture (NYSE: ACN). Google Meet grew by more than 25 times from January to the end of March and is adding 2 million new users per day, with customers such as Korean Air, Shopify (NYSE: SHOP) and TELUS (NYSE: TU). While Zoom’s total user growth is strong and its offerings are widely used, TBR expects Microsoft and Google Cloud will start to poach Zoom customers due to their value-add hardware and SaaS offerings Office 365 (200-plus million users) and G Suite (6-plus million users).
The COVID-19 pandemic has unleashed an array of cyberattacks that threaten the health of our virtual systems, including but not exclusive to those in healthcare, banking and government agencies. Cyber criminals are capitalizing on widespread weaknesses with attack vectors in the form of spam, phishing scams, ransomware and malicious URLs. As the number of infected persons soars, so does the number of cyberattacks, but despite the short-term effects of combating threat actors, in the long term, the world will emerge more secure and better prepared, armed with lessons learned from strategies implemented and tested during the pandemic.
Malicious actors target victims through various tactics and ploys
Hot zones of cyber vulnerability have typically been localized or within a specific organization. While such attacks have disastrous ramifications in their own right, never before has the number of threat vectors been so far-reaching. As the COVID-19 pandemic forces the majority of the global workforce to stay home, employees have had to create makeshift ways of working while longer-term solutions are devised. The surge in the number of individuals working remotely and the strain that places on existing infrastructures is an underlying cause for a large majority of these attacks.
Many corporations and individuals are turning to user-friendly and feature-forward solutions. In particular, Zoom has seen a rampant surge in daily users, from 10 million in December to 200 million in March, as what was once meant for use by businesses is now also being used for daily work life and personal communication. Unfortunately, the company did not have the adequate levels of security infrastructure to support this surge, resulting in self-proclaimed “Zoombombers” infiltrating private corporate meetings, Alcoholics Anonymous meetings, online learning environments and more. The company was quick to issue a statement and plan to address these issues, with Zoom CEO Eric Yuan stating in a blog post, “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home.” Yuan added that over the next 90 days the company will “[enact] a feature freeze … shifting all of our engineering resources to focus on our bigger trust, safety and privacy issues” and release a transparency report, similar to reports shared by tech giants such as Facebook, Google and Twitter.
In addition to hacking into and taking command of private meetings, threat actors are masquerading as legitimate organizations with the intention of collecting highly personal information, such as a COVID-19 safety portal allegedly from the World Health Organization and a fake disease prevention waitlist portal. Additionally, a Venmo-like interface was recently discovered in the form of an emergency fund to generate relief dollars for those in need, and the Better Business Bureau has received numerous reports of individuals acting as U.S. Department of Health and Human Services and other government department employees, instructing text message recipients to click on a link for a so-called mandatory online COVID-19 test.