Letter from Richard Sparrow, Penn State Acting Chief Information Security Officer
Colleagues,
Zoom has received a lot of press recently, both positive and negative. The positive news has been that Zoom has performed well with minimum disruptions. The negative is that some security and privacy issues have come forward. The latter has caused some concerns across the University community, with some questioning its continued use. I want to reaffirm that Zoom remains a suitable videoconferencing platform for Penn State. I use Zoom daily and find it to be a reliable tool for most situations.
That is not to say that Zoom has not had challenges. Zoom's default settings, combined with many inexperienced, new Zoom users, definitely drove an increase of Zoombombing across the globe. The good news is that Zoom has changed its default settings to start from a more secure configuration. The other positive is that those new Zoom users have become savvier in setting up their meetings. Penn State has pulled together some tips to help those Zoom users make sure they do not have unwanted guests. Please consider sharing this link with those you support. http://itld.psu.edu/training/zoom-prevent-and-manage-meeting-disruptions-aka-zoom-bombing
Zoom has also had issues with zero-day vulnerabilities, gaps in its encryption, and oversharing data with Facebook. Some are not as severe as the news stories have indicated. Still, OIS will be tracking Zoom's progress. Both zero-days have already been fixed, and Zoom has committed to fixing its other problems in the next 90 days. We are in congruence with the other Big10 schools, and I have spoken to colleagues and they all still plan to use Zoom.
Penn State needs Zoom to be a trustworthy partner and will look to hold them to a high standard. I am happy to speak with anyone that has concerns about Zoom or anything else. Please do not hesitate to reach out with questions or comments.
Thank you and stay safe,
Rich
Richard Sparrow
Acting Chief Information Security Officer
Office of Information Security
The Pennsylvania State University