By Florin R. Ferrs
Web conferencing has been ubiquitous in corporate offices since the late 1990s. We all have memories of that dreaded time of day when we had to jump through several hoops by entering long strings of numbers on unfamiliar conference phones as our bosses waited impatiently for us to get the teleconference started.
On top of that, historically, the sound and image quality of most videoconferencing apps was on par with Sputnik era TV broadcasts from Siberia. Still, we all plodded along because there was nothing better.
A Bit Of History (How Did We Get Here?)
By the 2000s, videoconferencing went Web 2.0, dropped some of its corporate image, and went for the B2C market with the likes of Skype and later Google hangouts and others.
As social media became more entrenched in digital marketing, things like live webinars also became ubiquitous, so services like GoToWebinar expanded on their remote meeting software to meet demand.
By early 2020, web-conferencing apps had solidified their place as the main tool to communicate between teams located in separate continents, cities, or buildings (virtual reality tried to muscle in but has so far not been widely adopted. Maybe in the near future it will get a chance).
Then came the Covid-19 pandemic and the rush to move all in-person meetings to some kind web conferring app.
That's when Zoom, a relatively new teleconferencing software making deep inroads in the North American teleconference market went from being the new kid on the block to the 800-pound gorilla in your home office.
As the coronavirus pandemic expanded and work from home orders extended, Zoom's customer base surged from 10 to 200 million users practically overnight.
Users liked Zoom because of its ease of use and the powers that be liked its price point. The only issue with this new kid on the block, now 800-pound gorilla, is that it comes with many safety and privacy issues, links to the Chinese government, and even a newly coined term: Zoombombing.
So Who Is Zoom?
Zoom is headquartered in the USA and listed on NASDAQ, but its app is developed by a trio of companies in China called Ruanshi Software.
Several IT Managers feel that despite its ease of use and popularity, Zoom is, in fact, a shill company for the Beijing government (as all PRC based companies are, to some extent or another).
Some IT Managers consulted for this piece say that they won't allow Zoom within a mile of their systems because it's well documented that the CPC is an extremely skilled intellectual theft machine.
Espionage & ZoomBombing
As if state-backed corporate espionage wasn't bad enough, Zoom's newly found popularity has also opened it to socially engineered hacks. From bored high school kids sharing their Zoom invites online to attract trolls and hecklers, to entire forums on Reddit dedicated to sharing Zoom passwords and invites. Even a simple Google search of the term 'Zoom.us' will lead to numerous conferences that anyone can join.
But Zoom's security issues go way deeper than kids pranking their teachers, or Conan Zoombombing a Silicon Valley teleconference. As it turns out, a certain percentage of Zoom's encryption security keys are generated from servers located in China.
Why is Zoom pulling their encryption keys from Chinese servers for meetings where all participants are in North America?
The consensus among IT Managers is that Zoom's service is "not suited for secrets" because they're legally obligated to disclose encryption keys to Chinese authorities.
But Zoom's security issues don't stop there. Many IT Managers have also noted that each Zoom meeting uses a single AES-128 key in ECB mode for encryption and decryption of all participants. Most IT Managers do not recommend ECB mode for encryption because it is not robust enough, allowing for patterns in the plaintext to remain recognizable after encryption. Most IT specialists recommend a key length of a minimum of AES-256 bits encryption for corporate use.
Zoom claims that its software is compliant with HIPAA, FedRAMP, and other regulatory agents. Still, a majority of Zoom's applications are proprietary and closed source and, therefore, cannot be verified by independent regulators.
Safety issues around Zoom are big enough that Elon Musk's SpaceX has banned Zoom over privacy concerns.
Many IT Managers are currently busy switching their operations from Zoom to other options like NOD Video Chat.
Despite these well-known security issues, the U.K. government has been using Zoom for remote Cabinet meetings.
This is not a good idea because Zoom's service is not end-to-end encrypted, so this gives the company access to all encryption keys, and all video and audio traversing its cloud. So, a meeting held by Mr. Johnson's Cabinet today could be in the hands of Chinese Intelligence tomorrow. It sounds like the plot of the next James Bond film, but alas, it's all very, very real.
Zoom has never released any information about how many government (ahem...China) requests for data it gets, and how many of those requests it complies with.
Some IT Managers are actually sad that Zoom couldn't get on top of all its security issues because they enjoyed its ease of use and image quality.
As more of their customers ban Zoom from their servers due to privacy and security concerns, IT Managers are currently busy updating their proxy servers to block Zoom traffic. As long as Zoom doesn't address these privacy issues, its prospects don't look good when it comes to complete domination of the corporate teleconferencing market. Will Zoom become the next Huawei?
Tips For Safe Webconferencing
Use passwords for all meetings.
Don't publish meeting info publicly.
Use the "waiting room" feature.
Know how to boot someone being disruptive.
Pro-tip: Train your team on how to use your teleconferencing software tool. You can use videos, screengrabs and knowledgebase articles to ensure self-training.
Skype, Skype For Business & Microsoft Teams
Originally a peer to peer telecommunication app developed in Estonia, Skype enabled users to place free video conferences within the app and to make calls to regular phone numbers for a fee. Its popularity and ease of use enabled it to get gobbled up by eBay and ultimately purchased by Microsoft.
Microsoft promptly eliminated Skype's peer-to-peer architecture and moved it to a centralized Azure cloud server, with more focus on instant messaging than teleconferencing. To make things more confusing, they rebranded their own in-house B2B videoconference software as Skype For Business.
Microsoft, being Microsoft, then announced that they would start phasing out Skype for Business in favor of their Microsoft Teams "collaboration system," which includes teleconferencing and other Office 365 compatibility.
Still, Skype remains close to many IT Managers hearts as it pioneered the first globally successful peer-to-peer video conferencing app.
Google Hangouts (Google Meet)
Google Hangouts was originally developed for that red-headed stepchild that Google+ turned out to be.
But even as Google+ was quietly phased out, IT Managers found that Google Hangouts was the best-kept secret in video conferencing, offering ease of use and great video and sound quality.
Google is now phasing out hangouts in favor of Google Meet (basically the same app with a new name) as part of their G suite offering.
GoToMeeting was developed out of the ashes of GoToMyPC and quickly became a favorite with IT managers for its ease of use and reliable connectivity. After launching GoToWebinar, GoToMeeting has carved a strong niche in the webinar market. Robust and well known, GoToMeeting and GoToWebinar are a good alternative to Zoom and other video conferencing apps.
NOD Video Chats
Nod Video Chats is considered by IT Managers to be more secure than Zoom, with fewer connectivity issues. It was originally developed for schools and healthcare, and the standard version is free.
What videoconferencing software are you using as an IT Manager?