April 1 was a great day for Eric Yuan, CEO of the videoconferencing app everyone is talking about, Zoom. That day, Yuan published a post in the company’s blog announcing that the application had reached 200 million daily users in March. Such a mark was impressive, as it represented a 20x growth from its previous record of 10 million users in 2019’s end.
Back then, a lot of articles, columnists, and experts were welcoming people to the Zoom era. That name served as a summary for what many were expecting for the short and mid-term – a society holed up in their homes, with businesses running remotely, and with the videoconference platform at the center of it all. It was an easy way to sum it up, for sure, but Zoom’s explosion in popularity seemed to grant it.
And then, April came. Though the so-called Zoombombing and privacy and security issues were already known in late March, they became highly public in April. The security concerns began to mount, and everyone from education institutions to the New York Attorney General’s office was asking Zoom to answer them. To top it all off, big names like Google and Microsoft started to make their moves to capitalize on the newfound video conferencing needs.
You could think that such a combination of bad press, highly visible security issues, and a wide variety of alternatives would mean Zoom’s demise. Yet, the app is still being used for all kinds of purposes, from business meetings to yoga classes. True, people will think twice before saying we’re living in the Zoom era but once all of this is over, it’ll be very interesting to look back and see what Zoom’s rise amidst the pandemic meant in a business sense. Here are some of the crucial elements for that analysis.
Security As A Software Cornerstone
Let’s address the vulnerable elephant in the room – the most important thing we can learn from Zoom is security-related. As anyone that had been using the application pre-pandemic can tell you, Zoom already had security issues way before its rise in popularity. Like New York Times’ Brian X. Chen says the application had so many privacy issues that “come up so frequently that they became a game of Whac-a-Mole.”
In other words, it was clear that Zoom’s strategy towards security was more reactive than proactive. Instead of, say, hiring an offshore software testing company or adopting a new architecture, the application went with whatever fit their goals. Obviously, the company always wanted more users, so the focus was on ease of use and features, both of which explain Zoom’s popularity and widespread adoption during the pandemic.
However, and as Chen properly points out, that approach means weaker security by design. For instance, joining a Zoom session is easy because the application isn’t limited by sandboxed environments from Apple and Microsoft operating systems, which allows for deeper access to the app. That justifies why Zoom circumvented the app’s distribution through Apple and Windows’ app stores – because the company knew the app would be vetted because of this level of access required to function.
That’s not the only problem with Zoom’s security design or with the company’s decisions around it. Yuan himself admits that best practices like session passwords and waiting rooms were already available as built-in features before the Zoombombing craze. The problem was that they weren’t set as default. As Yuan puts it, “we assumed they would understand our platform like our business customers understand our platform and customize these features themselves.”
And then, as if all those problems weren’t enough, Zoom went as far as to shoot themselves in the foot by claiming that its sessions were protected with end-to-end encryption. The thing was that they weren’t, at least not in the common definition of end-to-end.
The combination of poor security foundations, bad strategic decisions, and deceitful marketing should have put all the nails in Zoom’s coffin. However, millions of people still use it. Part of the reason why is that the company swiftly launched itself in a crusade to patch up vulnerabilities, step up its security and privacy game, and shoot down all criticism with different marketing strategies. Out of it was born a 90-day security plan that seeks to drown out all critical voices.
Whether that will work for Zoom remains to be seen, especially in the long term. However, we can learn a lesson from all the security-related aspects of Zoom’s rise in that security isn’t something a company can sacrifice. Modern users are more aware of security and privacy concerns and problems regarding them are likely to be pointed out – especially if you become an overnight sensation.
Thus, all digital tools have to start out with their security considerations in their design phases and keep them rigorous from then on. Even when sacrificing certain security aspects could benefit you, limiting an app’s security (or worse, trying to blatantly monetize on security and privacy matters) is a big no-no that never stays under the rug – especially in this day and age.
The Importance of Contingency Plans
It’s not that Zoom did everything wrong – its popularity surely shows otherwise. But apart from being in the right place at the (unfortunate) right time, the company did some good things to boost that adoption. Its controversial architecture surely makes the app very easy to use which is something all users look for in an application. The existence of different features accommodated all kinds of needs coming from very different places, from people connecting for business meetings (Zoom’s core audience) to groups of friends on a cybergame night.
However, if there was something where Zoom truly stood out during this rise is how quickly it scaled up to meet the demands. If you’ve been using the app, you’ve surely suffered from lags or a drop in video or audio quality, so you might feel tempted to argue with that reasoning. But can you, really? Considering how Zoom skyrocketed to stardom in practically no time (making the jump from business audiences to the general public along the way), the technical difficulties it met were practically minimal.
That wasn’t an accident or a lucky break. The company had already prepared for potential spikes in its uses before it went public. In fact, Zoom’s 17 data centers were designed in such a way that they could manage traffic surges of up to 100x, the company has engineering teams around the world monitoring the systems, and the staff is already trained to respond during natural disasters. All of those things came in handy when the Coronavirus pandemic hit.
Basically, all of that meant that Zoom had a contingency plan in place to face exceptional circumstances that would require accommodating an unusual amount of traffic. Little did the company know that they’d be able to test that plan in a worldwide crisis. Yet, it’s commendable that the company prepared for something like it, as it shows a level of preparedness that a lot of companies could learn from.
What Zoom wasn’t prepared for, though, was that widespread adoption that exceeded the business world the app was targeting. Still, you can’t blame Zoom for not being ready to serve customers that were way outside its public. Once schools started to rush to develop impromptu distant learning programs, Zoom tried to help through blog posts, videos, and training guides. However, the company also assumed the educators’ teach savviness level would allow them to safely conduct online classes, which wasn’t the case.
It’s fairly obvious that Zoom wasn’t made for them in the first place. In fact, Yuan said that “If I have a choice, for sure I will go back to the B2B business,” a strong statement in and by itself. On one hand, it comes to show that while Zoom will go out of their way to help their userbase (as varied as it may be), that might come only from a set of exceptional circumstances. On the other hand, it feels like Yuan is admitting that the company won’t be pursuing a broader market once the pandemic is over, which is kind of odd since it could truly be a lucrative move for the brand.
Be that as it may, the lesson we can take from here is that it’s highly important to have contingency plans, especially regarding traffic and functions in the current cloud-based world. Having them might mean a true competitive edge in special circumstances that are more or less likely to happen. Additionally, it also means that you can’t be prepared for everything that life throws at you, though you can always use those lemons to make some lemonade.
Lessons for the Post-Pandemic World
There are plenty of things we can take from Zoom’s rise amidst the pandemic. Its security flaws, the decisions around privacy, the philosophy around it all, the contingency plans, how to act when stumbling into opportunities, and the importance of transparency are just a few. It’s only natural that we’ll see more Zoom-related lessons once the dust settles and we arrive in the post-pandemic world.
Using them, we can create stronger businesses that are informed by the examples we got out during these trying times. By doing so, we don’t just have higher chances for success but we also have the possibility to provide people with better tools for their daily lives, exceptional circumstances notwithstanding.