Zoom expands E2EE, launches Trust Center in 2021 (Full Transcript)

[00:00:00] Speaker 1: Hello, everyone. We will be getting started in just one moment. I think everybody has a chance to join us this morning or this afternoon or this evening. All right, excellent. Thank you all for joining us today. I'm Janelle Rainey, head of product marketing, and I will be moderating today's event. Just a few housekeeping items before we get started. Please go ahead and add your security and privacy questions to the Q&A panel, and we'll try to get to as many as possible. For questions on how to use certain features, we highly recommend you visit our knowledge base at support.zoom.us, watch the how-to videos on YouTube, read our blog posts, or attend a daily training. We'll add links to these resources in the webinar chat. We are recording this webinar, and we will send out the link to registrants. This is our first monthly webinar of the new year, and we're once again excited to provide you an update on our most recent security progress and an opportunity to ask Eric and a few of our top team members questions. Today, we're going to have Eric, our founder and CEO. He'll provide an update on our progress since our last webinar on December 16th. Jason Lee, our chief security officer, will then recap recent security releases. Len Holland, our chief compliance and ethics officer and chief privacy officer, will subsequently share more on recent privacy, trust, and safety updates. And Andy Grant, our head of offensive security, will then describe our offensive security program. Lastly, we'll open it up for Q&A, and we'll have our chief technology officer, Brendan Idelson, also joining us for questions. With that, I'll turn it over to Eric. Welcome, Eric.

[00:01:53] Speaker 2: Thank you, Janelle. Thank you. Thank you so much. And time flies. It's already year 2021. So first, I'd like to wish all of you a happy new year. Thank you. So we are very pleased to help keep many of our users around the world connected during this unique holiday season as we removed the 14-minute limit for all meetings during several holidays. I hope this helped all of you celebrate with your family and friends. So again, year 2020 was a record-breaking year for us, Zoom, and not just in terms of customers to be served and meetings hosted and features introduced, but also what's more important is in the number of the employees who joined our global team since last March, the end of last year, we almost doubled our headcount, welcoming more than 2,000 new Zoomies from March through December 2020. And throughout this period of exponential growth, we have focused on maintaining our company culture and core value of care, because we truly believe that in order to continue delivering happiness to our customers, our employees should be happy at work. In that event, I'm extremely proud that our employees have named Zoom among the winners of Gloucester's Employees' Choice Awards honoring the best places to work in 2021. I'm also very excited to share that we reached a very important milestone in December. Less than two years after we launched the Zoom phone service, we have sold more than 1 million Zoom phone seats around the world. That's a big achievement. Also, this is a testament for the growing need for a rich cloud telephony solution that is responsive to our customers' needs, because customers, they want to have a consolidated video and voice solution together. And we are very grateful for the confidence and trust our customers have placed for us. That trust is truly paramount to us, and we continue to make great strides in enhancing our privacy and security, as well as providing transparency around our efforts in these priority areas. I just want to give you some examples. We share with you what we are doing at Zoom. First, earlier this month, we launched our new Trust Center website, which serves as a center repository for all things related to privacy, security, safety, and compliance. Leading the webinar, Lynn Holland will provide greater detail about the site and other recent privacy initiatives. Second, last July, we hired Andy Graham to serve as our head of offensive security. Andy has over 12 years of experience in the security industry and has been hard at work developing a number of very key initiatives to help us proactively identify potential security vulnerabilities on our platform. Andy will discuss this effort in greater detail later in our webinar. Before I hand the webinar over to our CISO Jason, I would like to extend my sincere gratitude to our very loyal users in 243 countries and territories around the world who fully trust Zoom for their video communication needs. We're very proud of the role we have played and we have been able to play in keeping the world connected with our business, reliable and secure technology. And as we continue to build our platform in 2021 and beyond, security and privacy will remain front and center in everything we do here at Zoom. Thank you. Jason, over to you. Thank you.

[00:06:41] Speaker 3: Thank you, Eric. Let me walk you through some of the recent security features we rolled out. When our end-to-end encryption first launched in October, it was initially able to support meetings up to 200 participants. I'm excited to share that our end-to-end encryption feature can now be extended to a thousand meeting attendees. This is an industry leading feat in terms of encryption capabilities. Second, we've enhanced the in-meeting shielding icon, which appears in the top left corner of meetings. It's intended to give users a clearer sense of their meeting security in a similar manner as web browsers provide an indication in the navigation bar, such as the lock icon. A little bit of background context on it, Zoom supports many different endpoints for our customers to connect into a meeting. When all users' data is running exclusively on Zoom clients, but the Zoom mobile app or desktop version, we can ensure it is securely tunneled the whole way through. When this is the case, the green shield appears. However, some of those endpoints, such as phones that dial into meetings, do not satisfy Zoom's requirements for a fully enhanced security classification. To indicate this to a user, we changed the color of the security shield to be orange and list the type of device a participant has joined from. This is typically seen when a user dials into a meeting or when the meeting is bridged from one system to another. Like all video conferencing companies, we must rely on other security protocols when meeting participants are dialing in or using gateways. That said, even in instances where the orange shield is active, the data transmitted during the meeting will still be encrypted in transit using industry-leading AES-256 GCM encryption the entire time it is traversing our clients and our servers. With that, I'll now hand it over to Lynn Holland, our Chief Compliance and Ethics Officer and Chief Privacy Officer.

[00:08:52] Speaker 4: Thank you, Jason. As I mentioned during last month's webinar, privacy, safety, and security are ongoing priorities for us, and Eric has said it again here today. This is why we continue to make further enhancements to our platform to help hosts and participants protect meetings and report disruptions. Our mission is to make the Zoom platform a safe place for all of our users and to build and retain the trust that Zoom has so carefully cultivated with users around the world. As we continue to grow our resources, we want to ensure everything users need to safely use our platform is in one easy-to-navigate location, which is why I'm pleased to share with you all that we've recently launched our new Trust Center. Our new Trust Center is a one-stop shop, as you can see here on this slide, for assets about Zoom's privacy, security, safety, and compliance. It's divided into a few subject areas to help users easily discover information that they need. Security resources. On the security resources page, we have created a repository of resources on key security information, including white papers, tips, and best practices, as is listed here, blog posts, and links to all of the previous Ask Eric webinars that we've held. Next, we have legal and compliance. The legal and compliance page serves as a central resource for users who have any questions regarding our terms, our policies, and our compliance. Following that, trust and safety. Within this trust and safety section, we have outlined what we are doing to keep Zoom a safe space for our users, including a list of FAQs and our community standards. We designed the Trust Center to empower users with the tools they need to safely and effectively use our platform, and we will evolve the Trust Center to be as helpful as possible, growing its content and resources over time. Data Privacy Day, as many of you may know, is coming up January 28. We are also commemorating this and two upcoming International Awareness Days by raising the visibility of our commitment to privacy and security, as well as related efforts. First, in the spirit of tomorrow's Data Privacy Day, which aims to highlight the importance of privacy, as well as easy ways to protect one's personal information, we are planning to publish a blog post sharing our perspective on privacy for 2021, how we protect user privacy and highlight some of our recent achievements. The second event, as many of you may know, is coming up on February 9, Safer Internet Day. This year's theme is Together for a Better Internet, which will advocate for people to join together in order to make the internet a safer place, especially for kids and young people. We are in the midst of creating resources for teachers and parents regarding online classroom safety, including a security checklist for educators. We are continually evolving our safety, security, and privacy efforts, and we're committed to making the Zoom experience seamless, safe, and secure for every user. Thank you so much. With that, I'll hand it over to Andy Grant, our Head of Offensive Security.

[00:12:30] Speaker 5: Thanks, Lynn. As Eric mentioned, I joined Zoom in July of last year to build our first team dedicated to offensive security. I've been interested in offensive security for over 20 years. I first got started when I was 13. I was playing video games, then I was cheating at video games, and then I was making my own cheats by modifying the games. Once I started doing that, I figured that out, that I could do the same to other things on my computer and kept going from there. Prior to Zoom, I worked for NCC Group for 12 years. NCC Group is one of the premier security consultancies in the world, and in my time there, I got an inside look at the security programs of dozens of companies of all sizes and maturity. I'm excited to have the opportunity to build on those ideas and approaches I saw working within those companies. Quite a few people know me as Andy Grant, the computer security expert. Some of you may even know me as Andy Grant, swimmer and former American record holder, but most people generally know me as the husband of Dana Vollmer, a five-time Olympic gold medalist. All right, so what do I mean when I say offensive security? Offensive security is the effort to improve the security of a system by identifying the gaps in its current protections. This is done by assessing the system and identifying technical vulnerabilities or abuses in its software and networks. Offensive security can even go beyond a single system and look at the supporting processes and infrastructure. The results of offensive security provide tangible examples of technical risks and allow people and businesses to make threat-informed decisions and take appropriate actions. Or more simply, we're professional hackers who break into systems so the bad guys can't. Here at Zoom, the offensive security team's goal isn't to break our product, but to improve our product's security by testing that security and challenging assumptions. Through security assessments of our products, our infrastructure, our networks, and our processes, my team identifies areas for improvement. We hunt for the cracks in our platform, demonstrate how they can be exploited, and collaborate throughout the company to ensure we not only patch the identified issue, but strengthen the foundation to prevent new cracks from forming. As a consultant, I regularly worked with companies that had under-resourced security programs. They had few, if any, specialized teams. Zoom's strong commitment to building a leading security team was one of the top reasons why I was interested in an opportunity here. Before I had even officially started, I'd already improved headcount greater than any dedicated offensive team at similar-sized companies I'd encountered, and we're still growing. This allows me to have a team of diverse talents and a capacity to perform security assessments of a depth and quality that I can be proud of. To ensure that Zoom is worthy of the trust you place in us, my team was formed to do everything we can to find vulnerabilities and hack into our systems so that it can be made better, so that the bad guys can't do the same, so that our friends and families and everyone using Zoom can do so with confidence. We do this through a number of activities, including security assessments, adversary simulations, and vulnerability research. The bulk of our work is in performing security assessments. These include security reviews of our source code, vulnerability assessments, and penetration tests of our platform products and features. It isn't feasible to understand the implications of everything within a system. This means you need specialized teams like mine to bring a singular focus to an area of expertise. My team's expertise is in expressing a nuanced form of doubt. We make no assumptions about any part of the system, of how any part of the system works, and we question everything. Our assessments focus on systematic examination of Zoom's platform and features to determine if the security measures in place are sufficient. We attempt to circumvent the controls or identify if there are any areas vulnerable to abuse. Every time we find something and engineering fixes it, the attack surface available for bad guys to exploit gets a little smaller. For example, when testing a payment feature, I check to see what would happen if I entered a negative dollar amount. Did the developers consider this when building the system? Will I receive money instead of sending it? Or when the Zoom client asks me to enter in a meeting number, I enter everything but a valid number. What's my meeting number? It's hashtag dollar sign drop table. If something unexpected happens, we dig deeper to understand why and what the impact if exploited could be. While security assessments focus on technical protections, adversary simulations are designed to challenge the effectiveness of the strategies and operations in place to protect an organization. This will inevitably test the technical protections and identify the places where they can be improved. But the main focus is actually on people and processes. This is where we truly get to act like the bad guys and even oftentimes select specific threat groups to emulate. We'll use various intelligence sources to learn what tools, tactics and procedures the group is known to use and then use them ourselves. This allows us to evaluate and measure how our defenses would detect similar activity and most importantly, how we would respond during and after if such an event occurred, identifying areas for improvement and strengthening our defenses along the way. This is much more like the hacking that is portrayed in movies and TV shows, where there's a sense of urgency as one group has to adapt to the actions of the other in real time, sort of like a fast paced cat and mouse game. The groups that perform this work are referred to as red teams. They're the counterpart to our defensive security teams or blue teams. At Zoom, we're actually practicing something called purple teaming, where our red and blue teams work closely together to align on priorities and goals when planning out operations. And then after an operation, evaluating the results and lessons learned together. Another area of focus for my team is vulnerability research, which includes examining vulnerabilities found by others. For example, when our bug bounty program verifies a vulnerability reported by an external researcher, my team may be brought in to investigate the root cause of the issue and research if that or similar issues may exist elsewhere in our code or systems. By doing this type of research, we are able to identify the root cause of the issue and we're able to identify systemic issues and work towards eliminating entire classifications of security vulnerabilities. We also work to identify new ways someone might try to compromise a unified communication platform such as Zoom. We keep up to date on the security research others are doing, evaluate if the tools, techniques or vulnerabilities in that research could affect Zoom or the Zoom platform. We even innovate on that research. We know there are nefarious groups and people out there and so we work to make sure that Zoom is doing what it can to stay ahead of them. Zoom's offensive security team is dedicated to protecting Zoom and our users by finding the gaps in our protections and collaborating with others to close those gaps, reduce risk and build a safer platform where everyone can connect. Thank you and now back to Janelle.

[00:20:22] Speaker 1: Excellent. Thank you, Andy. Amazing work with you and your team. We appreciate all that you're doing. And with that, we are gonna jump into our Q&A. Lots of great questions coming in. Just a reminder, you can add your privacy or security questions into the Q&A panel. The first question is for Lynn. With the Trust Center, what languages is it available in?

[00:20:48] Speaker 4: That's a great question and I'll have to take that back to the team. I'm sorry to say, I don't know off the top of my head. Maybe someone else here does.

[00:20:57] Speaker 1: I do believe it's right now it's in English only, but it will be localized very soon to our other languages that are available on our website. Brendan, from a security and privacy perspective, how does Zoom balance being an enterprise and a consumer product? Can you talk to that?

[00:21:17] Speaker 6: It's a great question. And I think our approach to that is, security is important for all of the users of our products. So we're really focusing on not just the consumers, not just the enterprise space, but how can we build solutions that address that entire population? And some of those user communities user communities might have certain requirements. And so we look at building in those capabilities into our platform, but we really look holistically at how we can deliver security across our entire user base and against their different needs and different use cases.

[00:22:03] Speaker 1: Great, Jason or Eric, anything you'd want to add to that?

[00:22:06] Speaker 3: Yeah, I was just to build off of what Brendan said. If an enterprise has a higher security bar and security requirements, this is something that we want everybody to be able to take advantage of. And so we treat the whole platform as one. And so all those kind of additional investments that would be enterprise grade security, we apply them to our consumer. It's the same platform, so it's applied to everybody. So this is where the saying goes, when the water rises in one space, it raises the whole ocean. And so this is a great example of those controls going across to everybody on the platform.

[00:22:48] Speaker 1: Absolutely, I think it's all boats rise, right? We're all getting the benefits of that. Excellent. Brendan, Lori's put in a question of, is there a way to send out a unique Zoom link to every member on the invitation list in Zoom Pro?

[00:23:05] Speaker 6: Definitely. One of the ways that we recommend doing that is using our meeting registration feature. And with that, when you leverage that feature, when folks are registered for the meeting, each individual gets an email from Zoom with a unique link that is specific to them. And the power of that is when folks register for that session, you can actually approve on an individual basis if they are allowed to attend, which will make sure that basically that link will work or not work so that you have greater control over your session.

[00:23:48] Speaker 1: Great. Eric, here's a really interesting question. Now that the COVID vaccine is rolling out, which we're all thrilled about, how is Zoom thinking about its future when people will be able to go back to the office?

[00:24:01] Speaker 2: Yeah, hopefully, I think this pandemic crisis can end very soon, right? So vaccine for sure can help us. Let's say, very soon after we all go back to office, I do not think we all will go back to office as we did before. Everyone has to go back to office and physically there, right? Having said that, the hybrid will be the mainstream, but that's multiple variants of a hybrid, right? So, and it's still full of uncertainty, right? Do you want to let an employee make a decision or want an employer make a decision? How many days at home, how many days in the office? With that aside, I think the technology like Zoom for sure can help, because that's still the remote working in the world, right? So we are going to continue innovating, double down on privacy and security, think about what's the future workplace look like, how to make sure your conference room experience in a very consistent compared to when you work from home and any device and how to integrate it with your new services, right? You deployed during the pandemic crisis. I think a lot of opportunities, but again, I think we will still use Zoom for sure, so.

[00:25:12] Speaker 1: Absolutely, and I love the way the team is innovating and some of the things we showed at Zoomtopia, right? With even the virtual receptionist, the temperature checks, all the innovation with the smart gallery in the Zoom rooms. And I think really just thinking about how you're going to democratize that experience for people who are remote and who are at home. Yeah, great work. Andy, we're getting a lot of questions and a lot of intrigue around your role here. What teams within Zoom does the offensive security team collaborate with?

[00:25:49] Speaker 5: Yeah, great question. We actually have to collaborate with just about every team within Zoom. The ones we work most closely with are obviously going to be engineering and our cyber defense teams, engineering mediating issues that we're identifying. And the cyber defense team is that blue team that I was talking about that makes the purple team with my red team, their team works together. But we interact with marketing and legal and compliance and trust and safety and engage at all levels. One of the things I love about offensive security is I get my fingers in just about every area in the company.

[00:26:23] Speaker 1: And we have a fan here who says, offensive security sounds like a really fun career path. How do I get into it?

[00:26:33] Speaker 5: Yeah, that question gets asked a lot. And offensive security is really about critical thinking and not just taking for granted what's presented. And so pick an area of technology that you're interested in, whether it's web applications or networks or mobile applications or what's running on your computer. And just learn more about how an application there works and then the systems that support it. And then start figuring out what assumptions get made by people who run or develop those systems and what assumptions might not be valid or hold true.

[00:27:07] Speaker 1: And then inquiring minds, do you wanna know who is faster, you or your wife, Dana?

[00:27:13] Speaker 5: Yeah, I was an accomplished swimmer myself, not to the level of my wife, not to the level of my wife was. So in most things I would get to say that I'm faster than her, but she was actually the first woman ever to break 56 seconds in that 100 meter butterfly and my best time was 57 seconds. So she is faster than me in her primary event.

[00:27:36] Speaker 1: Excellent, I can only imagine the competitive fits around the dinner table there. Thank you. Let's see, Neil has asked, I believe this is for Jason. Can encrypted documents be sent from one person on Zoom to another? And if so, does it have to be a certain Zoom platform or can it be done in Zoom chat?

[00:27:58] Speaker 3: It can be done in Zoom chat, we don't block, we allow any kind of encrypted files to transfer. It's just our normal file transfer process. So nothing needs to change. It's completely easy to use and you can send an encrypted Word doc or whatever across.

[00:28:17] Speaker 1: Great, and then Dionne, I believe I'm pronouncing your name right, forgive me if I'm not, would like to understand why paid subscribers are allowed to have the option to turn off waiting rooms. Could this be a default setting, but removed if desired by the customer?

[00:28:34] Speaker 3: Yeah, this is one that we actually discussed a lot. And now for free users, we do have the default on. When you think about the paid side, it's really on the enterprise side and there's this notion of having optionality and being able to make the choice. And so a large amount of feedback that we had from the paid group was to give the option on what controls to turn on. And so right now that is really the driving focus is really listening to what our customers are asking for and making sure that they're giving them that optionality. So that's where we're at right now. It doesn't mean that down the future we can look at making it default. And so we definitely appreciate your feedback and thank you for it. And we'll definitely consider it.

[00:29:23] Speaker 1: Great, and then Eric, Patina has what I believe might just be a feature request. She'd love to customize the waiting room for each meeting, but maybe making the picture larger. And I know we've had some discussions around making waiting rooms and being able to know who's in that. Do you want to talk to that a little bit?

[00:29:40] Speaker 2: Yes, for sure. We did discuss this before, right? Waiting room feature is very important, right? For all those attendees to join before the host. I think we do have a plan, make sure the waiting room UI is a fully customizable, right? Meaning, give an enterprise or business customers, you want to have your own layout, your own picture, all those kinds of things, that's indeed our plan. So unfortunately, I do not have a timetable when we are going to announce that feature yet.

[00:30:08] Speaker 1: Thank you. And then Patina is asking, when is end-to-end encryption used in Zoom? Who provides the encryption? Is it Zoom or is it the user? And can calls be encrypted?

[00:30:22] Speaker 3: So when end-to-end encryption is used, so that is a very specific feature we have where you can go to the settings and turn it on for your meeting, to set up a meeting that'll be end-to-end encrypted. It's literally a flip of the switch. There are various ways for such a complicated control. It's literally just a flip of the switch, which is why it's one of my favorites. The other part of that is, is who provides the encryption, Zoom or the user? I will infer if the question is the end-to-end of where the key is coming from. So is it coming from a server that's on Zoom or is it coming from like your machine? And in end-to-end encryption, it's actually one of the key differentiators that we have between our feature is that it is created on your machine. It's created by your clients as opposed to coming from a Zoom server. So there's no opportunity for a Zoom or anybody to have access to it through our infrastructure, which is one of my favorite features around our end-to-end encryption story.

[00:31:34] Speaker 1: Great, and then the third question on that was about recorded calls. Can recordings be encrypted as well?

[00:31:42] Speaker 3: I don't think that's a feature that we have right now is on the recording. I know that is Max, who came over from Keybase and his team is something that they're working on right now is to enable recording. I do believe, and Brendan can confirm, can we do it for saving it to your own machine? I believe is allowed.

[00:32:06] Speaker 6: Yes, I believe local recording is allowed, but cloud recording, again, since that would be a cloud resource in our infrastructure that right now would not get the key.

[00:32:20] Speaker 1: Lynn, maybe you can answer this one. If a customer employee has questions about Zoom security, is there something I can send them?

[00:32:29] Speaker 4: Yes, of course. I mean, the first thing I would mention again is our Trust Center that we all have talked about today. Really the idea behind the Trust Center is to be the one-stop shop. So we have a number of resources and assets, support articles, resources there, which discuss security, privacy, safety, and compliance as I went through before. And those specific pages, security resources, legal and compliance, and of course, trust and safety. So that would be a great place to start.

[00:32:57] Speaker 3: And then to build on that, there's specific email addresses that you can use. I would determine, look to determine if it is a trust and safety issue or a different security issue. And then you can reach out and it'll be Lynn and I's team that'll be happy to respond.

[00:33:15] Speaker 1: Absolutely. Excellent, thank you. Brenda, maybe you could start with this, but I know a lot of you are working on this. With on Zoom, maybe one, let's describe what on Zoom is for everyone. But what security features or what are you putting in place to make sure it's a secure experience?

[00:33:36] Speaker 6: A great question. So starting off, on Zoom is our new marketplace for online experiences that launched at Zoomtopia. And it's an exciting place where you can find a range of events covering a wide variety of topics where folks can sign up and attend those sessions in this public marketplace listing. Now, the power of this platform is it is built upon the Zoom technology that we use in our normal meetings. So you get all that security that is built into the platform. And then we also look at it in the specific use case to add additional security features. So items such as when a participant joins not having their video on by default, for example, and making sure that we have a strong infrastructure for the issuing of tickets to these live events, all are part of the on Zoom platform.

[00:34:50] Speaker 1: Great, Len or Jason, anything else you wanna add to that for on Zoom?

[00:34:55] Speaker 3: I mean, of course, there's the security features with the product itself is we also, of course, you just heard from Andy is on Zoom is in scope from his offensive security team, as well as our security development lifecycle where we do static analysis and other design and security reviews as part of that process as well. So there's a ton of rigor that we put into before it even gets live and get put in production. So there's definitely a lot of behind the scenes work on the security context that we do as well.

[00:35:34] Speaker 1: Great, well, there's some great events there too. So thank you for keeping them all safe. Let's see, Andy, how often does offensive security help stop meeting discussions?

[00:35:47] Speaker 5: Yeah, it's one of the things that I like to emphasize whenever I get to talk about offensive security is we're not just looking for technical security flaws within the platform, but we also think very critically about the features and functionality that our platform has, which includes abuses like meeting disruptions. How could this new feature or this functionality be abused in that way or circumvented? And so we investigate that and make sure those are taken into consideration during our security assessments.

[00:36:21] Speaker 1: And Jason, how often do I need to change my password?

[00:36:25] Speaker 3: I recommend every 90 days. That's kind of an industry standard is to do it every 90 days.

[00:36:33] Speaker 1: Okay, and then do you recommend using both passcodes in waiting rooms or is just one sufficient?

[00:36:38] Speaker 3: So you're asking the security person if you want to turn on all the security controls, I say use both. Like that's always put on the turn on all the security controls.

[00:36:50] Speaker 5: We call it defense in depth.

[00:36:54] Speaker 1: Let's see, question for Eric and the panel. What are you most excited about for 2021?

[00:37:00] Speaker 2: Wow, I think there's so many things we feel excited. First of all, I also, maybe take a step back and look at 2020, right? 2020, it sets up a greater foundation for us to innovate quickly and to be able to do more. To innovate quickly and really have a greater, greater story and process practice on the price and the security as well. Because look at today's panelists. I think Lynn joined us in January last year, right? And Jason probably June or July. Andy also June or July. Not to mention Andy joined our offensive security team. He played a game when he was 13, right? He's very, very excited, right? So think about it beyond, right? So we are much better security privacy story. And also that also will help us innovate quickly and faster, right? I think from that perspective, I think I'm very excited. Not to mention, we also announced some of the platform features at Zoom probably last year. Because we would like to transform our business from a killer app company to be a platform company. Like Zoom apps, on Zoom platform, UC platform and very exciting. And yeah.

[00:38:17] Speaker 1: Excellent. It's gonna be an amazing year for that. Anything else anybody wants to add?

[00:38:27] Speaker 3: I'm just excited to be part of such an incredible company and so excited for 2021 and working with everybody here. All, everybody, I'm just, we have such a phenomenal team. We have so many customers that I love caring for and increasing security. Like it's just, it's just incredible. I'm just so happy to be here.

[00:38:51] Speaker 1: Yeah.

[00:38:52] Speaker 5: Sort of building off of that, a theme that we've been hearing, Eric said this so much, how much we grew in 2020, not just within the security org, but across all of Zoom. And I'm very excited to see what that new added person power can drive in 2021 and see where we go.

[00:39:12] Speaker 6: And along those lines, I think I'm excited about the innovation that we'll be continuing, but also the innovation and the use cases of all of our customers. Every day we hear heartwarming stories about new ways that folks are using the product to help connect one another, new use cases, new aspects to it. And that's just such an amazing gift every day to hear and drives us internally. So I'm looking forward to that in 2021.

[00:39:46] Speaker 2: Brandon is going to write a quote.

[00:39:51] Speaker 1: There's a lot of good things coming for sure. Let's see, Brandon, maybe we have a few more minutes here. We'll try to squeeze in a couple more questions. Let's see, my organization has public events and trainings that use breakout rooms. What is the best way to avoid meeting disruptions while still using this feature?

[00:40:11] Speaker 6: So for those sorts of events, we highly recommend using some of the features such as waiting rooms and passcodes and being very mindful of how you advertise those events and authorize the individuals that are attending. If you're using a meeting format, it is a round table that everyone is at that table. So think about who you are extending that invite to and who you are extending that chair to at that table when using those features.

[00:40:55] Speaker 1: Steve's asking, and this could be Jason, Eric, Brendan, any of you, can Zoom be more aggressive about prompting users to upgrade their client? We have difficulties with attendees who don't do so.

[00:41:08] Speaker 3: That's something that we're discussing. I really appreciate the feedback. It's great to hear that. I, of course, want always everybody to be running on the latest and greatest, so they're getting all of our features and everything. But I understand that Zoom is a great way to get users and everything. But I understand people take time to do those updates. So we're looking at it better to improve our strategy and iterate and making sure that we're putting it in the context of we do have the enterprise and consumers and make sure that we have a solution for both. So appreciate the feedback. It's definitely something that is top of mind that we're looking at.

[00:41:43] Speaker 6: And one feature that we do have in that area is customers within their account can define minimum versions for either users within their account or participants to their meetings. So if that is something where you would like to have participants to your meetings have a certain version, you can turn that on on the account level and define those minimum versions to ensure that if a participant does try to connect and is on an older version, they will get a prompt encouraging them to update to have that latest version and the latest features for your session.

[00:42:24] Speaker 1: Great. And we're almost at time. And I just want to acknowledge there's been so many just heartfelt thanks in these chats as well. But it's just been wonderful to read those. Just one, I'd like to share a huge thanks to Zoom. We're a small nonprofit in Canada helping people suffering from addictions. We're supporting more people recovering. We have more than 50% participation in our workshops in 2020 compared to 2019. You are helping. So hopefully we will help more in 2021 and going forward. I appreciate everyone who joined and all your questions and comments. Eric, any parting words?

[00:43:01] Speaker 2: Yeah, thank you. Thank you all those great, great users who talked to us. And we are going to double down on privacy security with a much better service. And thank you so much for your great trust and support. Have a wonderful 2021. Thank you.

[00:43:17] Speaker 1: Thank you all.