The trade-offs between security and ease of use have long plagued technology. Dispense with passwords, and users are happy until they are hacked. Users prefer things to be easy and straightforward, but they are often the weakest link in any system. Many companies have been done in by an employee clicking on an email link to a voicemail message. This same challenge has affected communications and collaboration solutions. Complexity has been the bane of adoption in many organizations.
The challenge of a simple, easy to use collaboration solution was the core driver for a company named Zoom a few years ago. Fresh from the Cisco Webex experience, the Zoom team focused on simplicity and ease of use above all elements; the solution made it easy for the technically average to use Zoom effectively. The onboarding process was simple, both for a subscriber and their guests, the guests could even use a browser. The Zoom team took advantage of new web technologies like WebRTC and the emerging web real-time architectures to deliver a dramatically simpler experience. While Cisco was focused on a super-secure document storage system, Zoom made it easy to invite a customer to a video call.
As part of making that experience easier, Zoom calibrated the settings knobs to simplicity, often eschewing potential security considerations in the process. Consider screen sharing, a collaboration staple. When considering who can share a screen, the initial settings limitations reflect the security considerations. To reduce the security threat, many meetings apps limit screen sharing capabilities to the host or allow the host to have controls, but this limits a guest’s easy ability to share. As the initial market for Zoom wasn’t the Fortune 100 IT departments, but rather SMBs and individual users, the product was implemented with screen sharing enabled for all participants by default. While the security control was there to limit sharing, the restriction was optional. Users didn’t need to learn complex controls to have the customer share something; it just worked. In fact, that has been the biggest compliment to Zoom — it just works.
If Zoom’s use was limited to the business market, this approach would work well. In the initial use in SMBs and smaller meetings, meeting invites were limited attendance and not openly advertised on the internet. Larger organizations that used Zoom tended to be more sophisticated (think Deloitte), and the users were more technologically savvy and could be trained on the security considerations.
Not so fast. Following the change, I had a Zoom call with a company, which was set up by their PR firm. After a few pleasantries, it came time to share the presentation, where it became clear quickly that the host wasn’t in the meeting. In reality, they used the meeting product the way many smaller companies use it; a single admin sets up meetings as requested by the staff and controls the use of the meeting service. Since the admin sets up the meetings using the account they control, unless they identify an additional host for that meeting, they are the host for the meeting and controls screen sharing. Unfortunately, this meant that sharing became a major issue and an alternative was used. As the admin doesn’t generally go to the meetings, the change in Zoom for security became a business process issue for a company using the product. Again, Zoom enables the identification of an alternate host for the meeting, so that could have been done, but it makes the set-up user experience more complex.
The challenge of matching ease of use and security will increasingly become an issue in organizations. As vendors and companies roll out products to a larger and less sophisticated user base, driving adoption through simplicity is critical, but security may be paramount. As organizations and vendors develop security solutions and respond to attacks on meeting and collaboration solutions, the resulting security systems and education must be implemented in a way that doesn’t undermine core business values or valuable capabilities. This will require a clear understanding of the trade-offs between security and ease of use and how to manage them.
For example, should the base configuration of the share capabilities of a meeting be an enterprise defined characteristic? Or is it departmental or employee role-based? Or is it based on meeting attendees, with sharing limited when there are non-employees in a meeting? With just the one feature of screen sharing opening a range of security questions, the overall management of security options and restrictions will be a major future consideration in deployments. Understanding the vision and flexibility a vendor will provide in this optimization could be a major factor in vendor considerations.
Sourced from: NoJitter. View the original article.
—————————————————————–
Did you know that we have just updated all our comparison sections?
There’s no better way to make an educated decision than to compare offers first!
- Compare VoIP providers
- Compare Hosted PBX providers
- Compare Telephone systems
- Compare VoIP phones
- Compare Fibre offers
- Compare Wireless offers
Alternatively >>>Leave your detail<<< and have a few providers contact you!
**PS. If you are a Telecoms Reseller in South Africa be sure to check out Telecoms-Channel which is specifically designed to provide you with content, insight and analysis to establish yourself as an authority in the industry.**
—————————————————————–