Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.
(Reuters) — Video conferencing company Zoom has been responsive to concerns over its software, the U.S. Department of Homeland Security (DHS) said in a memo recently distributed to top government cybersecurity officials and seen by Reuters.
The memo — drafted by DHS’ Cybersecurity and Infrastructure Security Agency and the Federal Risk and Authorization Management Program, which screens software used by government bodies — sounded a positive note about the teleworking solution, which has been beset by security worries since the coronavirus outbreak drew in a flood of new stay-at-home users. DHS and FedRAMP said Zoom was responding to the criticisms and understood how serious they were — a contrast with the formal advice against using the product issued on Tuesday by Taiwan’s Cabinet.
Former White House Chief Information Officer Theresa Payton noted that while the message applied to the version of Zoom marketed to U.S. officials — Zoom for Government — it was still “good news” for the San Jose, California-based company. “I see it as a pragmatic memo,” said Payton, who is CEO of cybersecurity firm Fortalice Solutions. She said the General Services Administration, which helps run FedRAMP, “had to say something,” given the mounting disquiet over Zoom’s issues.
That is in part because the company’s new popularity as a main way to connect to colleagues, classes, friends, and family while stuck at home has meant newfound scrutiny. Most recently, University of Toronto-based internet watchdog Citizen Lab said it found “significant weaknesses” in the encryption protecting the confidentiality of Zoom meetings, as well as evidence that encryption keys — key bits of code whose possession could enable a hostile power to eavesdrop on conversations — were sometimes being sent to servers in China, even when the meeting’s participants were in North America. Some schools and businesses have stopped using the service, among them Elon Musk’s rocket company SpaceX, which Reuters reported last week had banned its employees from Zoom.
Intelligent Security Summit
Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.
Zoom did not comment on the memo, instead pointing to previous comments made by the company’s CEO, Eric Yuan, who has publicly pledged to do better. “We’ll double down and triple down on privacy and security,” Yuan recently told CNN.
DHS and FedRAMP said in a joint statement that the memo was a best practice guide for government users, who it said were advised to use Zoom for Government over the company’s free or commercial offerings.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.