可缩放性
After quietly building a strong customer base with little fanfare, Zoom became a household name as users flocked to its freemium videoconferencing service to stay connected during the worldwide pandemic. Zoom’s number of daily active meeting participants grew from 10 million in December 2019 to over 300 million by the end of April 2020. That increase in just five months eclipsed deep-pocketed competitors like Microsoft (an increase from 20 million to 75 million daily active users on its Teams service in about the same timeframe) and Google (100 million daily active users on Meet).
在悄无声息地建立起强大的客户群之后,Zoom成为家喻户晓的名字,因为用户涌向免费增值视频会议服务以在全球大流行期间保持联系。 Zoom的每日活跃与会者的人数增长了 1000万,到2019年十二月至超过300万,月到2020年年底这一增长在短短的五个月黯然失色财大气粗的竞争对手,如微软(同比增长从2000万到7500万日活跃用户(在大约相同的时间范围内)在其Teams服务上)和Google(Meet上每天有1亿活跃用户)。
Following a series of announcements from researchers pointing to various security and privacy weaknesses in Zoom’s meeting services, CEO Eric Yuan apologized for the company’s falling “short of the community’s…privacy and security expectations” and announced several steps that Zoom would take to strengthen its platform.
在研究人员发表了一系列声明指出Zoom的会议服务中存在各种安全和隐私弱点之后,首席执行官Eric Yuan为公司未能达到“社区的…隐私和安全期望”而道歉 ,并宣布了Zoom将会采取的几个步骤来加强其平台。
Cybersecurity experts widely praised Yuan’s initial response as a “refreshing” acknowledgment of weakness accompanied by “concrete steps” to fix the problems. That the company continues to build upon the early rare example of corporate transparency with weekly progress reports deserves recognition.
网络安全专家广泛赞扬袁的最初React是对脆弱性的“刷新”承认,并伴随着“具体步骤”来解决问题。 该公司继续建立在公司罕见的早期透明案例上,并提供每周进度报告,这一点值得认可。
Zoom’s response may represent one of the finest modern examples of effective crisis management in the technology industry, but business factors illustrate why the company must prioritize regaining the trust of its pre-existing customer base over new conversions to retain its strong position in the videoconferencing market.
Zoom的回应可能代表了技术行业中有效危机管理的最好的现代例子之一,但是商业因素说明了为什么该公司必须优先于重新获得其原有客户群的信任,而不是进行新的转换,以保持其在视频会议市场中的强大地位。 。
赢得安全论点 (Winning the security argument)
Zoom’s commitment to focus all of its resources on conducting a 90-day cybersecurity sprint at the expense of adding new features may be risky. Major competitors, including Google and Microsoft, reacted quickly to the competitive shift by commoditizing popular features and strengthening customer attachment to their own ecosystems, threatening Zoom’s ability to convert new users into paying customers. Also, competitors with a history of questionable privacy practices, namely Facebook and Google, and many companies in other market spaces, continue to succeed and grow their businesses despite known deficiencies. Indeed, with very few examples of security and privacy weaknesses causing measurable business damage, there is little evidence that Zoom’s transparency is necessary from a pure business perspective.
Zoom承诺将其所有资源集中到进行90天的网络安全冲刺上,而以增加新功能为代价的承诺可能会带来风险。 包括Google和Microsoft在内的主要竞争对手通过对流行功能进行商品化并增强了客户对自己生态系统的依附性 ,对竞争转变做出了快速React,从而威胁到Zoom转换新用户为付费客户的能力。 此外,尽管存在已知的缺陷,但具有可疑的隐私惯例历史的竞争对手,例如Facebook和Google,以及其他市场领域的许多公司,仍继续取得成功并发展其业务。 确实,几乎没有造成可衡量的业务损害的安全和隐私弱点的例子,从纯业务角度来看,没有证据表明Zoom的透明性是必要的。
Those potential risks make Yuan’s response all the more extraordinary. True to his stated intention, Yuan wasted no time to show Zoom customers that his company would take its responsibility to protect their communications seriously.
这些潜在的风险使袁的应对变得异常出色。 按照他的既定意图,Yuan毫不犹豫地向Zoom客户展示了他的公司将认真负责保护其通信的责任。
Yuan’s first step at reestablishing customer trust was to quickly form a security advisory board starting with respected cybersecurity executive Alex Stamos. Having previously led the security programs at Facebook and Yahoo! through some of those companies most challenging security and privacy breaches, Stamos, currently, an Adjunct Professor at Stanford’s Freeman-Spogli Institute and a visiting scholar at the Hoover Institution, retains a strong reputation for integrity within the security community because of his transparent approach and openness to challenge business leaders.
Yuan重建客户信任的第一步是从受人尊敬的网络安全主管Alex Stamos开始Swift成立安全顾问委员会。 此前曾领导过Facebook和Yahoo!的安全计划。 通过一些最具挑战性的安全和隐私违规问题的公司, Stamos目前是斯坦福大学Freeman-Spogli研究所的兼职教授和胡佛研究所的访问学者,由于其透明的方法和公开挑战业务领导者。
After forming the security advisory board, Yuan rebooted Zoom’s support for allowing unaffiliated security researchers to conduct independent security tests against Zoom to identify vulnerabilities. Under such a bug bounty program, Zoom agrees to pay researchers some amount of money based on the damage potential of vulnerabilities that they discover. For that effort, Zoom brought in Katie Moussouris of Luta Security, another cybersecurity community leader known for developing bug bounty programs at Microsoft and the Pentagon, among many others.
组成安全顾问委员会后,Yuan重新启动了Zoom的支持,以允许独立的安全研究人员针对Zoom进行独立的安全测试,以识别漏洞。 根据此类漏洞赏金计划,Zoom同意根据研究人员发现的漏洞的潜在危害向研究人员支付一定的费用。 为此,Zoom 引入了Luta Security的Katie Moussouris , 后者是另一位网络安全社区的负责人,以在Microsoft和五角大楼开发漏洞赏金计划而闻名。
Then, Yuan addressed one of Zoom’s most prominent platform deficiencies, the lack of reputable end-to-end encryption to prevent hackers from stealing confidential information during an active meeting, by announcing a new strategic acquisition of the company Keybase. The move was largely viewed positively though the company has not discussed details for deploying the new capability other than stating that it would only be available for paying customers.
然后,袁先生宣布了一项新的战略性收购公司Keybase的计划,以解决Zoom最为突出的平台缺陷之一,即缺乏信誉良好的端到端加密来防止黑客在积极的会议期间窃取机密信息。 尽管该公司没有讨论部署新功能的细节,只是声明只对付费用户可用,但该公司并未对此细节进行讨论。
While Yuan deserves credit for acting quickly to demonstrate Zoom’s renewed commitment to protecting customers, such high-profile moves could be easily interpreted as more security theater than sustainable change. Zoom needs more than a group of high profile executive consultants to maintain momentum. Rather, the company needs an executive security leader with the mandate, resources, and leadership team support to be effective. Since before the crisis response, Zoom’s leadership team has included Richard Farley as the relevant executive with the appropriate experience and knowledge, but his name is conspicuously absent in recent announcements. To win back customer trust, Yuan should address the more mundane issues such as what failures Zoom’s security program has overcome that contributed to past issues, the plan for sustaining the security and privacy enhancements made during the sprint, and how the company will support its Chief Information Security Officer to ensure past failures are not repeated.
尽管袁应Swift采取行动来证明Zoom致力于保护客户的承诺值得赞扬,但这种引人注目的举动很容易被解释为比可持续变革更多的安全领域。 为了保持发展势头,Zoom需要超过一组知名的行政顾问。 而是,公司需要执行安全领导者的职责,资源和领导团队的支持才能有效。 自危机爆发以来,Zoom的领导团队已任命Richard Farley为具有相关经验和知识的相关高管,但在最近的公告中明显没有他的名字。 为了赢得客户的信任,Yuan应该解决一些更普通的问题,例如Zoom的安全程序克服了哪些失败导致了过去的问题,在sprint期间维持安全性和隐私增强的计划以及公司将如何支持其首席代表。信息安全官确保过去的失败不再发生。
建立更强大的生态系统附件对于保留客户至关重要 (Building a stronger ecosystem attachment is critical for customer retention)
Much of Zoom’s revenue growth comes from a small segment of high-value customers. The company’s SEC filing in advance of its IPO presents a business strategy to “retain and upsell additional products to existing customers.” Key to that growth is the ability to build what Zoom calls “viral enthusiasm” to establish an anchor host at a company, expand host licenses to increase the customer footprint, and strengthen customer attachment through add-on products that enhance revenue potential. Noting in its IPO filing that “greater than 50% of the Fortune 500 had at least one paid Zoom host, compared to only 4% that contributed more than $100,000 of revenue,” Zoom focused on existing customers for revenue growth.
Zoom的收入增长大部分来自一小部分高价值客户。 该公司在首次公开募股之前向SEC提交的文件提出了一项业务战略,即“保留并向现有客户追加销售其他产品”。 增长的关键在于能够建立Zoom所谓的“病毒热情”,以在公司中建立锚定主机,扩展主机许可证以增加客户覆盖范围,并通过可增加营收潜力的附加产品来增强客户依附性。 在其首次公开募股文件中指出:“超过50%的《财富》 500强企业中至少有一位付费的Zoom主机,而只有4%的企业提供了超过100,000美元的收入,” Zoom着眼于现有客户的收入增长。
That expansion strategy seems to have worked well over the past two years. According to the first earnings report following the company’s April 2019 IPO through the period ending April 30, 2020, the number of Zoom customers that contributed more than $100,000 in trailing 12-month revenue, a measure of potential sustained revenue, outperformed overall customer growth over the period spanning mid-2018 through April 2020 by increasing from about 184 to around 769 (>300% growth). Digging a little deeper, the filings suggest that while this customer segment is less than .3% of the total number of Zoom customers, it represents at least 10% of Zoom’s total annual revenue. According to its 2019 Annual Report and the most recent filing, Zoom reported that its expansion rate across customers with more than 10 employees has been greater than 130% over eight consecutive quarters, meaning that the revenue it pulled from existing customers has increased substantially over that period.
在过去两年中,该扩展策略似乎运作良好。 根据该公司在2019年4月IPO到2020年4月30日为止的第一份收益报告 ,在过去12个月的收入中,为客户贡献了100,000美元以上的Zoom客户数量(衡量潜在的持续收入)超过了从2018年中期到2020年4月,这一时期从大约184个增加到大约769个(增长了300%以上)。 进一步研究发现,该客户群虽然不到Zoom客户总数的0.3%,但至少占Zoom年总收入的10%。 根据其2019年年度报告和最新文件,Zoom报告称其在拥有10名以上员工的客户中的扩展率已连续八个季度超过130%,这意味着从现有客户那里获得的收入已大大超过了该水平。期。
Growing its revenue footprint within existing customers is vitally important to Zoom, but it means little strategically unless the company can increase customer retention potential and lock down the revenue streams. If competitors succeed at commoditizing videoconferencing services already available to customers through subscriptions to Google G Suite and Microsoft 365, they transform Zoom into a premium luxury that many organizations could feasibly cut amidst an economic downturn. Zoom’s recent response to its security and privacy deficiencies demonstrates that it clearly recognizes the inherent risk, stating in its annual report that “any decrease in user satisfaction with our products or support would harm our brand, word-of-mouth referrals, and ability to grow.”
增加现有客户中的收入足迹对Zoom至关重要,但这对战略意义不大,除非公司可以提高客户保留潜力并锁定收入来源。 如果竞争对手通过订阅Google G Suite和Microsoft 365成功地将已经为客户提供的视频会议服务商品化,他们会将Zoom转变为一种高级奢侈品,许多组织可以在经济不景气的情况下削减开支。 Zoom最近针对其安全和隐私缺陷的回应表明,它清楚地意识到了固有的风险,并在其年度报告中指出:“用户对我们产品或支持的满意度的任何下降都会损害我们的品牌,口碑推介以及增长。”
To improve its ability to retain paying customers, Zoom needs to upsell them to ecosystem products that make attrition more costly. For example, its Zoom Rooms product encourages customers to integrate Zoom videoconferencing into the audio and video systems that power existing physical conference rooms. Retailing at $49 per room per month, Zoom Rooms increases per customer revenue potential by around 10% (assuming 20 hosts per conference room).
为了提高其留住付费客户的能力,Zoom需要将他们推销到生态系统产品上,这会使损耗成本更高。 例如,其Zoom Rooms产品鼓励客户将Zoom视频会议集成到为现有物理会议室提供动力的音频和视频系统中。 Zoom Rooms的零售价为每间客房每月49美元,每个客户的潜在收入增加了约10%(假设每间会议室20位主持人)。
Since the pandemic crisis may dilute the perceived value of Zoom Rooms if sustained social distancing protocols result in long-term remote workforce conditions, the Zoom Phone product may be even more important for locking customers to Zoom’s ecosystem. Introduced in 2019, Zoom Phone virtualizes traditional business telephone systems to provide employees access to their corporate phones either at their desk or remotely. At $10 per user per month, Zoom Phone promises to increase per-customer revenue potential by around 50%, making it a key target for strategic growth.
如果持续的社会疏远协议导致长期的远程劳动力状况,大流行危机可能会削弱Zoom Room的感知价值,因此Zoom Phone产品对于将客户锁定到Zoom的生态系统可能更为重要。 Zoom Phone于2019年推出,可虚拟化传统商务电话系统,以使员工可以在办公桌或远程访问公司电话。 以每月每用户10美元的价格,Zoom Phone承诺将每位客户的收入潜力提高约50%,使其成为战略增长的关键目标。
改善未经证实的客户群 (Appeasing an unproven customer base)
Zoom is operating at a significant disadvantage to its much larger competition. Sudden popularity is less of a benefit than a distraction and may even be so costly that Yuan would rather low-value users move to its competitors than continue to freely usurp customer capacity. Lacking alternative revenue streams for support, Zoom’s business strategy centers on maintaining the integrity of its core video conferencing services and retaining its existing customers.
缩放由于其更大的竞争而处于明显的劣势。 突然的普及并没有吸引人的注意,而是分心的事情 ,它甚至可能代价不菲 ,以至于Yuan宁愿低价用户转向其竞争对手而不是继续自由地篡夺客户容量。 缺乏替代性收入来源的支持,Zoom的业务战略集中在维护其核心视频会议服务的完整性和保留其现有客户方面。
Though usage metrics may elevate Zoom into a dominant market position, the company only acquired most of its paying customers in the past two years. Based on the financial filings noted above, Zoom increased its number of customers with more than 10 employees from approximately 31,500 in mid-2018 to around 81,900 (160% growth) before the pandemic crisis. That number then exploded to 265,400, growing its customer base by over 225% in just one quarter. The staggering recent growth suggests that nearly 70% of customers are brand new to the Zoom platform with nearly 90% joining within the past two years. Without a strong attachment history, many of those customers could consider alternatives if Zoom’s competitors successfully diminish its value proposition.
尽管使用量指标可能会提升Zoom的市场主导地位,但该公司在过去两年中仅获得了大部分付费客户。 根据上述财务报告,Zoom将拥有10名以上员工的客户数量从2018年中期的约31,500名增加到大流行危机之前的约81,900名(增长160%)。 然后,该数字猛增至265,400,仅四分之一的客户群就增长了225%以上。 最近的惊人增长表明,近70%的客户是Zoom平台的全新客户,在过去两年中有近90%的客户加入。 如果没有强大的依恋历史,如果Zoom的竞争对手成功地降低了其价值主张,那么许多客户可能会考虑其他选择。
Every company makes boilerplate claims that customer security and privacy are very important, but few need to prove it because inertia and attachment help them maintain long-term customer relationships. Zoom’s history of security challenges forced it to acknowledge in its annual report the risk that new discoveries represent, stating, “if our security measures are compromised in the future, this could damage our reputation, impair our sales, and harm our business.” Because Zoom’s popularity led to the discovery of critical service deficiencies and its customer base is so young, Yuan was forced to react with humility, quickly work to regain customer trust and prevent mass attrition.
每家公司都宣称客户安全和隐私非常重要,但是很少有人需要证明这一点,因为惯性和执着可以帮助他们维持长期的客户关系。 Zoom的安全挑战历史迫使它在年度报告中承认新发现所带来的风险,并指出:“如果将来我们的安全措施受到威胁,则可能损害我们的声誉,损害我们的销售并损害我们的业务。” 由于Zoom的受欢迎程度导致发现严重的服务缺陷,并且其客户群还很年轻,因此Yuan被迫以谦卑的态度做出React,Swift开展工作以重新获得客户的信任并防止大规模减员。
翻译自: https://medium.com/swlh/zoom-sprints-to-improve-security-and-privacy-b10f3d1e6a1d
可缩放性