Developers
June 5, 2020

COVID-19 and Tech Security: How the Pandemic Has Forever Changed Development

Once an afterthought, data security has come into strong focus as a result of the coronavirus pandemic.
Source: Unsplash

At the outset of 2020, few could have imagined how much the world would change as a result of COVID-19. In short order, people around the world were under quarantine or sheltering in place. Schools were closed and children transitioned to homeschooling, while businesses and shops shut their doors.

The tech industry was by no means immune. While many tech workers kept their jobs, the vast majority were transitioned to remote work. As a result, companies found themselves relying on cloud platforms, software and communication tools more than ever. Programs like Zoom, Slack, Microsoft Skype, Microsoft Teams, Apple FaceTime and Google Duo became critical infrastructure for companies’ operations.

Another factor that quickly came into focus was the importance of security. As companies suddenly became decentralized, with remote access to company servers and resources common practice, security measures needed to be improved.

Even companies who provided the services other companies rely on had to rethink their security measures. No company illustrates these issues as much as Zoom.

Zoom Rides the Wave

Few companies experienced as meteoric a rise as Zoom. As the pandemic took hold, Zoom quickly became the video conferencing platform of choice, even edging out old stalwarts like Skype.

In short order, the platform went from 10 million daily users to over 200 million, and as many as 300 meeting participants. It seemed as though nothing could stop the hottest company in tech.

The Wave Comes Crashing Down

Unfortunately for Zoom, poor choices in the realm of security quickly caught up with it.

First, the company had to deal with a phenomenon known as “Zoom-bombing,” where someone uninvited managed to gain access to a meeting and commandeer it.

The company also faced criticism for using an SDK that sent data to Facebook. No sooner did it remove the SDK than it came out that Zoom was not using end-to-end encryption as their marketing led people to believe.

The company also faced scrutiny for routing some of its call data through servers in China, calling into question whether it could be trusted.

What Went Wrong?

The big question is: What went wrong? After all, none of these issues were the result of sudden changes to how Zoom operated, or the features it did or did not include. Zoom was essentially unchanged from before the pandemic to the first few weeks after it started, yet it seemed as if the company couldn’t catch a break.

Much of this was because the company’s target audience had changed, as did the way Zoom was being used. Throughout its history, Zoom had always catered to the enterprise market. As a result, it was often used in corporate environments where IT and security personnel could, and did, establish policies that supplemented Zoom’s security.

Once Zoom became the communication platform of choice as a result of the pandemic, however, suddenly hundreds of millions of people were using it. Rather than using it in a corporate environment, complete with strictly enforced security protocols, individuals were using it in their homes, for schoolwork, to keep in touch with family and to visit with friends. Even when it was being used for work, it still wasn’t benefiting from the added layer of corporate networks and security. As a result, all of its security flaws suddenly came sharply into focus.

The Lesson: How COVID-19 Has Changed Data Security

The greatest lesson developers need to learn from Zoom is that security and privacy should never be an afterthought. Instead, those features must be built into a product from the ground up.

In addition, a product should never count on an external factor—such as a corporate network, firewall or security policy—to provide the security it should be providing on its.

Similarly, users should never be kept in the dark about what happens to their data, how it’s routed or the kind of encryption that protects it.

How can companies achieve this?

•      Incorporate security teams and measures in the earliest planning stages. Too often developers start working on an app, adding features and abilities, only later thinking about how to graft security measures on. Including security measures, and the developers who will implement them, from day one helps reduce the likely of a security hole as a result of overlooking something.

•      Implement security in layers. Different parts of a program or service have different security requirements. Try to protect them all with a single, blanket approach, and you will likely be left with vulnerabilities. Instead, each component must be designed with its own security in mind, ensuring that the various components work harmoniously to create a secure whole.

•      Make sure your app can stand on its own. As stated above, an app should never rely on another service or situation to provide security it should have built in.

•      Plan for edge-case scenarios. Many developers get tunnel vision about how their app will work. Zoom was guilty of this mistake. The company saw their platform as primarily an enterprise tool and never accounted for the challenges that could come from it being widely used outside an enterprise environment.

The Takeaway

One thing is certain: COVID-19 has changed far more than how people interact. It has shown a light on the importance of developing secure applications and services that can be used and trusted in a variety of situations.

By taking the lessons to heart, you can help make sure your app, service or website doesn’t experience the kind of security growing pains Zoom did.

TagsCOVID-19Tech SecurityDevelopment
Matt Milano
Technical Writer
Matt is a tech journalist and writer with a background in web and software development.

Related Articles

Back
DevelopersJune 5, 2020
COVID-19 and Tech Security: How the Pandemic Has Forever Changed Development
Once an afterthought, data security has come into strong focus as a result of the coronavirus pandemic.

At the outset of 2020, few could have imagined how much the world would change as a result of COVID-19. In short order, people around the world were under quarantine or sheltering in place. Schools were closed and children transitioned to homeschooling, while businesses and shops shut their doors.

The tech industry was by no means immune. While many tech workers kept their jobs, the vast majority were transitioned to remote work. As a result, companies found themselves relying on cloud platforms, software and communication tools more than ever. Programs like Zoom, Slack, Microsoft Skype, Microsoft Teams, Apple FaceTime and Google Duo became critical infrastructure for companies’ operations.

Another factor that quickly came into focus was the importance of security. As companies suddenly became decentralized, with remote access to company servers and resources common practice, security measures needed to be improved.

Even companies who provided the services other companies rely on had to rethink their security measures. No company illustrates these issues as much as Zoom.

Zoom Rides the Wave

Few companies experienced as meteoric a rise as Zoom. As the pandemic took hold, Zoom quickly became the video conferencing platform of choice, even edging out old stalwarts like Skype.

In short order, the platform went from 10 million daily users to over 200 million, and as many as 300 meeting participants. It seemed as though nothing could stop the hottest company in tech.

The Wave Comes Crashing Down

Unfortunately for Zoom, poor choices in the realm of security quickly caught up with it.

First, the company had to deal with a phenomenon known as “Zoom-bombing,” where someone uninvited managed to gain access to a meeting and commandeer it.

The company also faced criticism for using an SDK that sent data to Facebook. No sooner did it remove the SDK than it came out that Zoom was not using end-to-end encryption as their marketing led people to believe.

The company also faced scrutiny for routing some of its call data through servers in China, calling into question whether it could be trusted.

What Went Wrong?

The big question is: What went wrong? After all, none of these issues were the result of sudden changes to how Zoom operated, or the features it did or did not include. Zoom was essentially unchanged from before the pandemic to the first few weeks after it started, yet it seemed as if the company couldn’t catch a break.

Much of this was because the company’s target audience had changed, as did the way Zoom was being used. Throughout its history, Zoom had always catered to the enterprise market. As a result, it was often used in corporate environments where IT and security personnel could, and did, establish policies that supplemented Zoom’s security.

Once Zoom became the communication platform of choice as a result of the pandemic, however, suddenly hundreds of millions of people were using it. Rather than using it in a corporate environment, complete with strictly enforced security protocols, individuals were using it in their homes, for schoolwork, to keep in touch with family and to visit with friends. Even when it was being used for work, it still wasn’t benefiting from the added layer of corporate networks and security. As a result, all of its security flaws suddenly came sharply into focus.

The Lesson: How COVID-19 Has Changed Data Security

The greatest lesson developers need to learn from Zoom is that security and privacy should never be an afterthought. Instead, those features must be built into a product from the ground up.

In addition, a product should never count on an external factor—such as a corporate network, firewall or security policy—to provide the security it should be providing on its.

Similarly, users should never be kept in the dark about what happens to their data, how it’s routed or the kind of encryption that protects it.

How can companies achieve this?

•      Incorporate security teams and measures in the earliest planning stages. Too often developers start working on an app, adding features and abilities, only later thinking about how to graft security measures on. Including security measures, and the developers who will implement them, from day one helps reduce the likely of a security hole as a result of overlooking something.

•      Implement security in layers. Different parts of a program or service have different security requirements. Try to protect them all with a single, blanket approach, and you will likely be left with vulnerabilities. Instead, each component must be designed with its own security in mind, ensuring that the various components work harmoniously to create a secure whole.

•      Make sure your app can stand on its own. As stated above, an app should never rely on another service or situation to provide security it should have built in.

•      Plan for edge-case scenarios. Many developers get tunnel vision about how their app will work. Zoom was guilty of this mistake. The company saw their platform as primarily an enterprise tool and never accounted for the challenges that could come from it being widely used outside an enterprise environment.

The Takeaway

One thing is certain: COVID-19 has changed far more than how people interact. It has shown a light on the importance of developing secure applications and services that can be used and trusted in a variety of situations.

By taking the lessons to heart, you can help make sure your app, service or website doesn’t experience the kind of security growing pains Zoom did.

COVID-19
Tech Security
Development
About the author
Matt Milano -Technical Writer
Matt is a tech journalist and writer with a background in web and software development.

Related Articles