Zoom, the video conferencing app, has had a huge surge in the number of users since the beginning of the lockdown because of the pandemic. Zoom, which only had its eyes on the North American market, has now decided to expand its international market capabilities to cater to the rise of video conferencing and webinars.
This exponential growth can be seen in the company's Q1 revenues for the quarter ended April 30, 2020, and saw growth by 169% at $328.2 million. As of April, Zoom had 300 million daily meeting participants.
But the app has also had its fair share of controversy. In April, it was found that due to a sudden surge in the number of users because of the pandemic, Zoom amped up its server capacity. It let some calls from North America visit Chinese servers as a backup to overcome congestion.
This was done without the user's knowledge that their data was being routed through China. The root of the problem lies in the lack of end-to-end encryption in these calls, and lead to allegations that sensitive data was being leaked to the government in China.
In India, (Indian Computer Emergency Response Team (CERT-In) had also issued a notification in April warning users that ZOOM was prone to hacking. The company claims that the issue has been since resolved, and Zoom is now working with CERT-in to remove the advisory issued against the video conferencing app, said Sameer Raje, Head of Zoom Video Communication in India in an interview to BOOM.
Raje also discussed Zoom's security features, the controversy over their data being routed to servers in China, and the fact that India is now the second biggest market for the video conferencing app, after the US.
Raje also highlighted the fact that though Zoom doesn't store any data about a video conferencing meeting, it does provide law enforcement agencies with requests of IP addresses of users where abuse or misdemeanour has been reported.
For the full video, log onto YouTube or click on the link here.
The full transcript of the interview can be read below.
Govind Ethiraj: Can you tell us what kind of penetration Zoom has in India? What is the kind of usage that you're seeing between types, or categories of people or even institution?
Sameer Raje: Well, if I have to talk about the number of users on Zoom platform, it's in millions and I'm speaking about only India based users. The situation was slightly different in the pre-COVID time. We could easily categorize customers or users or people or consumers into two different categories. First were the ones who could adopt technology fast. They were the ones who were on a collaboration platform. They were open to certain embracing any types of technologies etc. And there were other sets of users who are kind of bit traditional had a bit of a roadblock about using collaboration technologies.
They would think, "Will my employees be productive while working from home and so on so forth?
I mean these are questions that pop in general right?
However, during COVID-19 situation what happened is we have seen acceleration on both the fronts.
The first slot of our consumers are those who have embraced collaboration tools earlier as well, they have adapted even more.
So earlier probably it was restricted to a certain amount of usage, now, they're using it even more. It has a deeper and wider usage across customer meetings and internal meetings.
Whereas the second set of users who initially had some innovations, their entire mindset has transformed. There is a complete digital transformation which has got accelerated. So these folks suddenly have started realizing that there is no option but to adopt these technologies and having adopted this technology now they're seeing the benefit of it, be it productivity-wise or as a reduction in costs of travel or even in infrastructure costs.
So there's an increment in both the sides which we have seen.
Govindraj Ethiraj: Any numbers you can share at all on how Zoom has grown or penetrated?
Because I'm sure a lot of people are revenue paying customers in India, people are using your webinar feature, and so on.
Sameer Raje: Well, absolutely. I mean, it's not that India has been growing only in the 'freemium' users as we call the fee users. So anybody wanting to do meetings more than 40 minutes, you know, and for more than two participants need to subscribe to the premium account, and there has been tremendous growth.
We have seen around 4 to 5% increase in paying customers. Freemium users have grown significantly higher--we have friends families, everybody, using it so right. So obviously that growth is much higher that's more than 60-70 %. Those numbers are very high.
Govindraj Ethiraj: What about India as a percentage of global revenue?
Sameer Raje:At this point roughly, all I can say is that we've become the second-largest market probably after the US.
And that helps me build a case within my HQ, my job has become much more easier simpler. Earlier, to a great extent Zoom has always been a company which is focused on the US markets. This year onwards we brought in a focus on the international markets and India has become the second-largest market outside the US, not only in terms of revenue, but in all the terms.
Govindraj Ethiraj: So let's come to the some of the concerns around Zoom. Let me start with the April 16 advisory from the Government of India under the cyber Coordination Centre, which in turn comes in with the Ministry of Home Affairs. We said that this platform should not be used by government officials for official purposes. And it cited several security concerns. And part of it may be to do with maybe what the perception of the ownership of the company was. So that's not stated here, but fundamentally, that the security systems were weak. So where does Zoom stand on this today?
Sameer Raje: So, if we go into that particular advisory itself, the Cyber Coordination Centre (CyCord) advisory, there are two facts to it. The first fact is that the Cyber Coordination Centre (CyCord) advisory is based on the CERT-in (Computer Emergency Response Team) advisory and CERT-in is the actual governing body or certifying body which states or you know, that is the normal industry standard for CERT-in to release certain advisories about which are the best practices or which is regarding, you know, safety or advisories to the larger general public.
Now, if you look at the CyCord advisory that itself is based on CERT-in advisories which are true in particular, which are mentioned in that cycle.
However, if you look at those CERT-in advisories, nowhere have they mentioned that, you know, Zoom is unsafe to be used as a platform.
At best, they are just simple advisories, advising caution in terms of what bugs were found, or there were some issues on the platform and they have been fixed with versions of zoom 4.8 and 4.9 etc. Now, whatever the misunderstanding or miscommunication is there, or wherever it stems from, we have been in communication with CyCord as well. And you know, they have been very helpful, very receptive and open to conversation. They agree that yes, there was certain misinformation which was there in the market due to which they had to release that advisory, but today, we are confident that they will release, you know, or work towards revising the advising.
Govindraj Ethiraj: So some of that misinformation, as you mentioned, is to do with the ownership of the company. Now, we know that the company is headquartered in the US and headquartered in Delaware. But the owner or the founder of the company is of Chinese extraction, which perhaps leads particularly in these times to, you know, for people to feel a little concerned. Perhaps, this is also exacerbated by the fact that at one point, there was concern that data was being routed to China. And it was not evident to everyone, that data was being outed, was being routed to China.
So two parts of the questions one is can you tell us about the ownership and the status on that?
And secondly, where is the data sitting today? And how is zoom managing its data as well as its data overload?
Sameer Raje: Absolutely. I think your question is spot on, and we do not shy away from what the facts are.
And we put the facts out there in the open. First and foremost, let's talk about Eric, who is our founder.Eric Yuan's story is the true story of an individual, an immigrant going to the US and establishing himself and starting off an organisation of his own.
His struggle in his early life is very similar to probably any individual going to the US for, you know, work-related matters on a worker visa. People don't know that the US rejected Eric's visa, probably eight times. He struggled, he went there.
And then, you know, he continued to work with WebEx. And that's where I met Eric because I'm also an old Webex. We used to all work under the great gentleman, Mr. Subrah S Iyer, who is still our advisor on Zoom.
So we started off from there and continued to work when WebEx got acquired with Cisco. I started as Senior Vice President of Engineering.
And then he had the idea of starting his own firm.
And this actually was conceptualised in his mind when he used to travel back in China to meet his girlfriend 20 years back. This was more than 20 to 30 years back, whatever the time was, and that that's when he had conceptualised that he wanted to start a firm of his own. And that's the whole idea.
I think I would invite everybody to read Eric's blog, Eric's story, which is a real, you know, struggle, how he came up during his life. And we take pride in that there's no hiding that.
Eric has been an American citizen since 2007, so that's, that's the fact. The second aspect is, you know, getting listed on NASDAQ is not just something that anybody can do.
When you are listed on NASDAQ, when you're operating in Europe, you need to follow certain rules which are GDPR compliance related to Sarbanes Oxley and so on.
There are lots of rules we need to follow.
It's not just that we can share data with anybody and everybody. Yes, it is right to say that there was an occasion where, you know, our data going to was found going to China.
Now and again, everybody makes a mistake. And again, we don't shy away from that we are probably one of the companies which is honest enough in coming forward and saying that, you know, yes, we made mistakes.
One of the mistakes was when we were trying to scale up our servers because nobody had anticipated this kind of growth, we had to grow fast we had to increase our capacity fast.
Human errors happen, and this was one of the errors which happened, we have around close to about 19 data centres across the world, of which one of them is in China.
We have two data centres in India too. One is in Mumbai one is in Hyderabad.
At the China data centre unfortunately while scaling up we missed out on geofencing. The China data centre typically is for the people are the customers who are based in China, right? Like if you're an American company and operating out of China, your data needs to go to the China server.
What we did is when this was flagged off, we incorporated an industry-first feature where you could actually route to the place of your choice. You're controlling of the data, you could be select certain data centres that you don't want. And not only that, but when you're connected to the Zoom network, if you click on the information icon on the left top screen, you will get information on which data centres you are connected on.
So that's the actual fact that. We do not share data, we have a specific article, not only article, but detailed terms and conditions of when, or how we share or how we respond to government risk requests. We have specific terms to understand under what circumstances, under which legal circumstances that we operating in any country where government comes up and says that, hey, this is a legal requirement, and you need to tell us what's happening in this meeting, we don't share that.
However, when there are certain issues like let's say there is abuse, there is some misappropriate behaviour which happens in the meeting, and it does happen, and it gets reported, in those cases, we are forced to share certain details and those are also governed by the global rules and regulations.
It is very clearly articulated on our website. And it is for the privacy and the production of the regulators.
Govindraj Ethiraj: Has this happened in India where you've had requests and like many other social platforms get requests and they share data?
Sameer Raje: Oh, yeah, absolutely. As we operate in India, we have to work very closely with law enforcement agencies. And if there is any user reported on our platform, we have to, you know, give the details such as location IP address that has been logged in by that particular user or the miscreant. This we have to share with the law enforcement agencies. But that's all we have. We don't retain your data. We don't store your data. So we don't have anything but except for the call details.
Govindraj Ethiraj: You have shared information and data with Indian law enforcement as in when they asked for it?
Sameer Raje: Not the data, but we have shared user credentials.
For example, the IP address, which will help them trace back the location of the person.
it's very similar to the telecom roles. If you get a threat on your telephone, and somebody threatening you or the telecom service provider has to give the calling details etc to the government. So it's exactly the same thing in the IT world as as well
Govindraj Ethiraj: So you're also saying that nothing is resident unless I'm specifically recording something. And all the conversation, maybe like the one we're having right now will die? The moment the conversation gets over nothing will retain, except for our log individual login data?
Sameer Raje: Absolutely. Right. So what the data we have is, is your login credentials. That is if you have created your billing details, if you have created whereas to where your bills are being supplied to your email address, your telephone number, if you have shared and your name and second name, that's all we have.
None of the meeting data ever gets recorded, unless explicitly you have put in a request, and you also have the right to disable it.
And if you choose to record it, you have two options. First is if you choose to record it on your computer, it resides on your computer itself. It doesn't stay on our cloud anywhere. So if this meeting is over tomorrow, anybody wants to come and say that what happened in this meeting? Well, we don't have access to it. We don't have any.
Govindraj Ethiraj: Is there any other software running, for instance, like facial recognition and so on, which is maybe helping you understand and build the product out in a more friendly way?
Sameer Raje: No, absolutely not. So we don't have that kind of artificial intelligence capabilities built into the platform to identify what's happening. And anyway, the data from your PC from your client, if you're joining in from a zoom client to my client is all encrypted.
Govindraj Ethiraj: And finally, can you tell us what is the technical definition of the encryption level that is in play when there are conversations like for this one, for example, this one?
Sameer Raje: Well, if you're using a ZOOM client, on your pc or your laptop or your phone, right, so that is where the meetings are encrypted completely.
However, what needs to be understood is that Zoom is a collaboration platform, right? So we need to bring in other formats of collaboration as like be PSTN audio conferencing or high definition video conferencing platform from some other service providers.
That's where the data or the meeting content from our cloud to that particular end device may or may not, or the format of encryption might change.
So that's, that's what happens if you are recording it, there is an again, there is an additional plugin which comes in where the encryption might change.
But we are again, launching an end to end encryption into this where there will be a certain reduction in other features and functionalities. But that end to end encryption would mean that everything will be completely, entirely encrypted and you won't even able to bring another format of communication into our platform.
That's the kind of stuff that we are doing right now.
But let me put it on record that led the level of encryption available right now on our platform. Is yet only wants to provide 256-bit GCM encryption and no other platform provides you with that.
Govindraj Ethiraj:So you said you've been a WebEx-ian and so has your founder. So tell us between zoom and another platform, why zoom?
Sameer Raje: Oh, well, absolutely. First and foremost, it's, it's, it's the organisation, right?
So our first concept is to care for the customers. that's point number one, right and it reflects in every individual that deals are engaged with engages with any customer not only from selling perspective but even from product, feature, functionalities perspective, the whole product is based on that.
So if you click on zoom, link, you will be absolutely sure that you will have a meeting without disruption. Now your bandwidth may suffer, you will still have a video meeting which is seamless. That is why Zoom.
Or let me put it this way. Zoom makes your meetings even better than in-person meetings. Right? So That's that's the beauty of it.
And in India, the strength is that we zoom is able to function and deliver even at a very high packet loss up to 40-45%. And that's the power.