Zoom security advisor Alex Stamos explains how the acquisition of Keybase will help the red-hot videoconferencing app address its 'unique' challenges in adding end-to-end encryption

By Paayal Zaveri

Zoom on Thursday announced its first acquisition, bringing on Keybase, a secure messaging and file sharing service. The company says that it's all a part of the 90-day plan it announced in April to shore up the security and privacy of its app after its meteoric rise to mainstream success came with its share of controversy.

A big part of that plan is building end-to-end encryption into the Zoom videoconferencing app itself — a security feature that Zoom had long billed itself as already having, before it came out in April that its marketing had been misleading. 

Alex Stamos, a security advisor to Zoom CEO Eric Yuan who's best known as the former chief security officer of Facebook, said that this acquisition was the right move as a next step in that 90-day plan. Keybase brings Zoom the right talent and technology to tackle the considerable challenge of adding end-to-end encryption at the scale required.

Apple's FaceTime, just as an example, has end-to-end encryption — but each call can only hold 32 people at a time. A Zoom meeting, however, can hold up to 1,000 people in a single meeting, and up to 50,000 in a webinar. That's coupled with the fact that you don't need a Zoom account to join a Zoom call. Stamos said that this makes encryption a unique challenge for Zoom.

Stamos said that Zoom executives realized the quickest way to build it was to find an existing team who had the right team and technologies, but also a focus on building user-friendly products. 

"That was clear with Keybase, they built a very secure product that's also shockingly usable," Stamos told Business Insider. "There's lots of smart cryptographers in academia, but they've never had to actually ship something that people have to use, so finding a team that has, it was, you know, allowed us to really accelerate the process."

To that point, Stamos says that Zoom not only has to improve the security of its platform, but also has to make sure it does it in a way that doesn't confuse users or make the app harder to use. That's why Keybase and its user-friendly design team was so desirable.

How the Keybase acquisition fits into Zoom's 90-day plan

Even once the 90-day plan is in the rear-view mirror, Stamos said, Keybase gives Zoom a leg up with addressing future security problems. 

The work itself is "never over," Stamos said. "But the goal is by the end of the 90 days to have a team that is staffed up and organized in a way that makes sense for the importance of the company now."

Stamos anticipates that the pandemic will last for a while longer, and so too will Zoom's newfound popularity with consumers. With that in mind, Zoom has to think beyond its original purpose of serving business customers, and consider all the new security and privacy issues that can pop up. That's why some of Keybase will form the core of a new security engineering team at Zoom.

Zoom is also expanding its trust and safety team to include engineers and product managers, the same way that consumer technology companies like Stamos' former employers at Facebook have done. It's also doubling down on initiatives like searching for stolen Zoom credentials on the dark web to inform users — again, something consumer tech companies do. 

It's a proactive step, Stamos says: The threats that Zoom faces are relatively small compared to those seen by larger companies. But as usage of Zoom continues to surge, the problems will only get worse.

It's doing this reorganization by hiring rapidly, Stamos said, and now aided by acquiring Keybase's engineers as well. Stamos didn't comment on if Zoom would look to do more acquisitions to get key technology and talent as it seeks to improve its privacy and security.

Analysts say the Keybase deal could open the door to more acquisitions

Analysts who follow Zoom said it would make sense for the company to acquire more startups like Keybase to add the necessary technology and talent it needs as part of this process.

"I wouldn't be surprised if Zoom made more of these tuck-in acquisitions, especially as it pertains to security and privacy," Rishi Jaluria, an analyst at D.A. Davidson, told Business Insider. "I would expect this would lean towards smaller companies where Zoom is buying the company for the technology and the talent, not for revenue or actual products."

Dan Newman, an analyst at Futurum Research, agreed, and said that given the fact that the current economic climate has driven prices down on a lot of companies, this is an opportune time to be looking for new technology.

"I think it would be intelligent to be out shopping for some key technologies that might enhance the company's security, increase its support, improve the customer and user experience," Newman told Business Insider.

He adds that the Keybase acquisition if it integrates the technology well, could be a huge benefit to Zoom going forward and give it much more credibility with its business users.

Got a tip? Contact this reporter via email at pzaveri@businessinsider.com or Signal at 925-364-4258. (PR pitches by email only, please.) You can also contact Business Insider securely via SecureDrop.