How Zoom survived the pandemic's security incident response

Security Incident Response is also spreading around the world as COVID-19 spreads, and engineers at famed video conferencing company Zoom face a tough task: improving incident response while adapting to exponential growth.

In December 2019, Zoom's free paid service had approximately 10 million daily meeting participants. According to a blog post by CEO Eric Yuan, COVID-19 has forced 200 million people in the United States or other countries to implement work-from-home or remote work. From December 2019 to April 2020, the number of daily meeting participants was 30 times, which also increased the load on Endpoint Security .

The company's services expanded to include external business workflow service integrations such as Zoom Apps, DocuSign's e-signature tool, Asana workflow management and Dropbox online storage. Zoom's hybrid cloud infrastructure, including a virtual private cloud ( Virtual Private Cloud ). Its security monitoring and observability data volumes have grown accordingly, Zoom engineers spoke at this week's AWS re:Inforce conference. The volume of security data logs generated by the company's applications in AWS, data center colocation facilities, SaaS services, and data centers has grown from gigabytes per day to hundreds of terabytes.

Data torrent security reviewed

Zoom's security practices were questioned by customers after the initial COVID-19 surge in late March 2020. At the time, there were reports of a vulnerability in the endpoints of Zoom's Windows users affecting endpoint protection that exposed user credentials. This concern about Zoom explosions and encryption has prompted Zoom engineers to promise improved security. Over the next 90 days, Zoom installed a new president of product and engineering, chief information security officer and chief operating officer, and froze all software functions unrelated to privacy, trust and security in response to information security threats.

At the same time, it was mentioned in the presentation that Zoom had a security program contract with AWS before COVID-19. Security Epics consists of professional and technical services, including AWS Organizations for account access control, AWS Security Hub for cloud security posture management, and Amazon GuardDuty for threat detection . A number of operations and safety personnel provide skills training.

The above is a successful example of Zoom's surviving security incident response to the epidemic. Organizations should also prepare for security incidents early to deal with cyberattacks. For more information on network security solutions, please contact CITIC Telecom International . It is the representative of digital technology solutions. In order to promote the digital transformation of enterprises, and focus on the core business issues and future development blueprints, it is committed to providing fast, accurate, efficient and cost-effective IT solutions. With market experience around the world, applications between industries, combined with customer understanding and solid strength experience, plus cross-regional coverage, CPC has become the most reliable ICT partner.