‘We never felt so responsible’ – how Zoom went into orbit
When tens of millions of people were forced to stay at home to help stem the spread of COVID-19, it was Eric Yuan’s videoconferencing app that many businesses turned to stay in touch virtually in what became an overnight socially distanced, remote work culture.
Daily downloads of the freemium tool increased by 30x year-on-year. In March, when the pandemic was at its fiercest globally, daily users spiked to 200 million – up from 10 million in December 2019.
Zoom’s stock shot up, and continues to ride high today, as it became something of a ‘fifth emergency service’ amid the crisis. It became synonymous with work and social life in lockdown; its hoardings even a backdrop to Premier League football matches – a reminder of just how significant a role this simple solution had played in such strange circumstances.
Keen to understand Zoom’s perspective on these last 130-odd days, and how it navigated a dizzying surge in usage, intense and far-reaching scrutiny over security features, as well as what’s on the cards now, TechHQ spoke to the Magnus Falk, Zoom’s CIO Advisor – he joined us via Zoom, obviously.
Falk, as one would expect as a technical advisor to a firm of Zoom’s (even pre-pandemic) stature, has a rich résumé. It spans executive engineering roles at Accenture, a long tenure as EMEA CIO at Credit Suisse, plentiful advisory stints including at the Financial Conduct Authority. As well as what he described as a “little interlude” as a British Army Captain.
But even that raft of experience couldn’t prepare him for Zoom’s explosion into orbit, and the sudden weight of reliance on the tool to keep so many elements of both business and life running.
A weight of responsibility
“We never quite felt so responsible,” said Falk. “The whole organization was definitely in that space of ‘we must help here’.”
“It’s just a huge responsibility because it’s been clear that the platform was in the right place at the right time to actually make this whole nightmare, for everyone, just a little bit better, and help to save businesses, help to save people’s education, help to actually make it possible to, you know, tolerate the lockdowns that we’ve all had.”
Zoom was built as a videoconferencing app for business use, but lockdowns saw it become a destination for anything from violin lessons, religious services, government coronavirus press briefings, and even telehealth consultations. This surge and diversification of usage put “stresses and strains” on everyone in the company. Falk’s analogy of the situation betrays his military underpinnings.
“It was a bit like being on an aircraft carrier that has planes attacking it, you know, if no one’s manning the gun, even if your job is serving the coffee, manning the gun is now your job to do.
“Because there was so much happening that everyone just stepped up and stepped into things that were needed.”
Falk continued: “It’s been quite impactful for me to see the culture of the organization rise to the challenge, and it’s been quite humbling to see how needed the platform was – but it’s also very, very pleasing to watch a piece of technology that was built for the internet era with the promise of ultimate scalability actually be able to answer at this scale.”
Right place, right time… right tech
Zoom was the go-to videoconferencing option for large swathes of the global population. And while no one, least of all tech companies, were able to predict the pandemic and the seismic impact it would have on our ways of working and the technology we use, the platform never buckled under pressure.
Speaking to Falk, it’s evident that amid the disarray, the leadership of Yuan himself was key to holding operations together. But Zoom’s resilience also comes down to the CEO’s own technical pedigree.
Yuan worked at American multinational technology conglomerate Cisco as one of the founding engineers of videoconferencing and collaboration tool WebEx, where he cut his teeth on the intricacies of building market-leading communications software. However, Yuan left for various reasons, choosing to build an “internet-era”, video-first platform “from the ground up.”
“There is no code in Zoom that is older than a decade, and there are very few technologies can say that,” Falk said, and this has been the recipe for Zoom’s resilience and scalability.
As usage began to spike, Zoom was “unbounded” by hardware constraints. Meeting traffic goes through a set of co-located data centres (or ‘co-los’), connected by high bandwidth connections. Every time services were 50% utilized, they were scaled up in these co-los, but could also fail-over to other facilities that weren’t being hit so hard. Even if the whole data center network was being stressed, load could move to infrastructure-as-a-service providers such as AWS and most recently added, Oracle.
“We were absolutely internet-era, cloud native, built for taking advantage of IaaS – and as a consequence, it was understood we were able to theoretically scale to be able to use every piece of IaaS on the planet,” said Falk. “Although, quite frankly, there’s enough infrastructure available for everyone in the world to be videoconferencing all at the same time.”
What’s less talked about, the CIO advisor said, is that a lot of the “real heavy-lifting” is done on the endpoint owed to the requirements of call encryption for all users.
“Things aren’t decoded and reassembled in the infrastructure – all that is done on your end device, because Zoom doesn’t have the key to the meeting. The meeting is with each of the users […] so actually scaling is less of a challenge for Zoom’s video-first software than it is for other products.”
A security turnaround
Freemium or paid-for – and regardless of reliability – internet services are held to higher standards of data privacy and security than ever. That’s especially true for those at the top of the pile and, suddenly elevated to the top of the coronavirus survival kit, Zoom faced a rigorous wake-up call.
Yuan issued a heartfelt apology as ‘Zoom bombings’ became a worryingly familiar headline phrase of the period. Revelations that “uninvited guests” (the phrase Falk prefers) could easily join a meeting by finding a link or guessing a meeting ID came as a shock to new, uninitiated users who assumed their business meetings, conversations with therapists, or otherwise, were safe and secure.
“I was frightfully impressed by how my peers and the team at Zoom looked at what was going on and said, ‘how have we allowed this to happen?’” said Falk.
“During the pandemic, new users were picking it up and innovating in ways that surprised us. And actually, our duty was to learn what it was that was they were doing and make it safe and secure for their new use cases – which meant that we had to think hard about the defaults.”
Highlighted by Zoom’s sudden scale, the concerns led Yuan to issue a 90-day security pledge, comprising a freeze on all updates except security. The result of this labor was Zoom 5.0, a rapidly-deployed and rigorous evolution that would address all security bug issues and strengthen the app’s end-to-end encryption algorithm – “I think that was a really important moment to make pledges,” Falk reflected.
The firm also enlisted a CISO council made up of 36 security heads from firms including HSBC, Sentinel One, Arizona State University, and other high-profile organizations – as well as seeking the advice of ex-Facebook CSO Alex Stamos. “It’s been really, really Impressive, because these are these are CSOs from organizations who depend on our service, so helping us to improve is a mutually beneficial thing,” said Falk.
“There’s nothing like a hard-bitten CISO telling you what you should do.”
Aside from a seemingly very genuine desire to quell the concerns of users in a time of real anxiety, a temporary reassignment of all engineering resources to security was strategically important to fend off heel-snapping of security-focused, enterprise videoconferencing rivals like Google Meet and BlueJeans Network. Zoom’s continued market leadership in what had become an incredibly competitive sector required a rapid security overhaul.
Many businesses are now weighing up a return to the workplace, a wholesale shift to remote working, or something in between. Either way it goes, it’s likely Zoom’s unexpected popularity won’t keep its altitude forever. But as the contrails begin to fade, the firm is preparing for a transition to a world of ‘hybrid working’.
“We’ve always believed since founding zoom that the future of work lies in video communications,” said Falk. “And we feel that, actually, what’s happened in this era is that the art of the possible has been demonstrated […] we’ve had a massive worldwide experiment in videoconferencing.
“Business employees and leaders now know what’s possible […]”
We are entering the era of ‘hybrid work’, said the Zoom employee, where businesses begin to leverage the benefits of technology to the point where – whether at home or in the office – “it doesn’t really matter where they are,” employee experiences will remain the same.
Ultimately, Zoom believes videoconferencing is not just for the pandemic. Conviction behind this outlay manifests in an extension to Zoom’s hardware-as-a-service. Offered as an end-to-end communication platform, users can rent choice VOIP hardware for use on the Zoom network for a few dollars a month for each handset. Zoom Rooms extends this service to conference room-type hardware.
“There’s a lot of experimentation going on and people finding their sweet spots and innovating – and I think that’s only just started,” said Falk.