A private matter

Zoom is under scrutiny this week as people all over the world flock to their service for virtual meetings.  Quite a few people have been caught out by the way meeting minutes are captured – all private chats are recorded into the meeting minutes.  Potentially embarrassing or job threatening of course.  But the issues don’t stop there.

A group called Citizen Lab have investigated several attack vectors and discovered all content could be viewable by 3^rd parties – hugely concerning for companies and governments who are using Zoom.

https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/

What’s your corporate security plan?

We think this focus on Zoom’s security will result in a stronger and more secure service.  Right now, the advice from the best and brightest security professionals is to avoid using Zoom for sensitive conversations.

These Zoom vulnerabilities have been a timely reminder for our development team as we have been implementing our application security over the last couple of weeks.  We think you worry about, or ought to be worried about, giving us your sensitive data.  We also think it’s vital we get the security right from day 1.  Finding and fixing security vulnerabilities is generally good for a service in the long term.  But isn’t it better to design in the security from the beginning!?

Secure the point of entry.

Most attacks happen through lost or easy to guess credentials.  We’re integrating with a leading authentication service so that your sign up and log in is as secure as possible.

Control access to your data.

Attackers are often after your data.  We’re encouraging our clients to use their own cloud storage to hold the data with OAuth consent for us to access the data.  This is the same secure consent you use to grant access to your personal data.  Importantly, access can be withdrawn.

Security by design

A small slipup in your security can come back to haunt you.  We’ve designed the best security into our service from the beginning and its part of how we think about everything we do.  To give you but a small example, a password in the code in one commit can be found and used against you.  A good friend, and world leader in security, gave me some invaluable advice to help us get the basics right from day one.

I hope this Byte Sized Insight has sparked your imagination.  Get it touch and let’s talk data!

Now is a good time to think about your Personal Security Plan.