SaaSOps Stories With Lester Chan, Head of Enterprise Security at Zoom
October 22, 2020
4 minute read
Lester Chan is the Head of Enterprise Security at Zoom, which has arguably been the most ubiquitous SaaS application on the market this year. On Day 4 of Altitude 2020, our chief customer officer Rachel Orston chatted with Chan about Zoom’s explosive growth, as well as how IT leaders (including those at Zoom) are driving outcomes across their businesses.
Editor’s Note: You can still register for Altitude 2020 by visiting the registration page, where you’ll also have on-demand access to every session, including Orston’s chat with Lester Chan. Below you’ll find a lightly edited transcript of their conversation.
Obviously, Zoom is a household name now. With that in mind, how are you managing that exponential growth?
That’s a great question. To better answer it, it’s helpful to understand how we got here. Back in February 2020, we had about 20 million daily participants, which is how we measure our traffic and how many people are using Zoom.
Fast forward to April 2020 after COVID-19 hit and we hit over 300 million daily participants. Zoom was meant to be an enterprise-to-enterprise communications tool, but we saw a tremendous amount of use cases, including distance learning, telemedicine, and even social gatherings.
There’s also a tremendous amount of activity happening behind the scenes here at Zoom. [We’ve prioritized] addressing the privacy and security issues that came to light, especially things such as the Zoom bombing incidents. The company decided to pause all engineering activities and focus on privacy and security for 90 days; we’ve released a tremendous amount of privacy and security features over the last six months.
The security team itself has scaled from less than 10 people back in February to well over 70 people today. We hope to double that number by the end of the year. The company itself is also scaling to a tremendous amount. We were at about 3,500 employees back in March and we hope to be over 5,000 by the end of the year.
David mentioned in his keynote that IT is behind every interaction today—and a lot of that is because of Zoom. How has your team been managing the added stress that comes along with that? And as a leader, how have you kept them energized and motivated?
Much like everyone else, our company has its challenges in this new work from home model. That includes things like work-life balance. Those lines have blurred. It also includes productivity. We’re also having challenges related to interacting with each other; it’s hard to stay productive when you don’t have your colleagues in the same room or office.
But it helps that we have support from our CEO and the rest of our executive staff to say, “We are Zoom and we want to present an example of how to be effective in this new work from home model.” That’s not just for our customers, but also our stakeholders.
I think about this all the time because we’re moving fast at BetterCloud, but we’re innovating with Zoom. [It’s] our way to innovate and collaborate and create new ideas. When you think about the idea of Zoom enabling innovation, how do you approach innovation, specifically in terms of IT and your team’s role?
We think of innovation in several ways. Zoom has always been imagined to be a video-first communication platform. That sets us apart from some of our competitors, as well as other video communications tools. Sure, we have our phone, we also have our chat features, but we’re known for our video communications. The entire streaming experience, which is agnostic across all platforms, should be the same.
On the IT and the security side, we’ve done a tremendous amount over the last six months. A lot of that includes privacy and security features, including adding a security icon with a host of features so that somebody can lock down a meeting, they can secure screen-sharing, enable password protection, and also report a user.
We also started a new trust and safety center and program. In the event there’s an issue with a meeting, someone can report a user to our trust and safety team to follow up. There has been a tremendous amount of effort over the last six months to get to where we need to be. The key takeaway there is that we need to enable trust across our Zoom platform so that hosts and participants can continue to meet effectively without the fear of some of these issues that have been plaguing Zoom over the past six to eight months.
I love that you’re focusing on the experience as an innovative and competitive differentiation. The theme of Altitude, as you know, is thriving in a new era of IT. What does thriving look like for you and your team a year from now?
That’s a great question. Hopefully a year from now, we will have looked back and be proud of the strides and the progress that Zoom has made, both from a product security perspective, as well as an enterprise security perspective. On the product security side, we will look back and say we were part of enabling businesses, as well as everyone who wanted to connect securely and safely post COVID-19.
Then from an enterprise perspective, we’ll look back to and be proud that we were much more proactive in terms of the security efforts that we had going on. [Those efforts] enabled people, processes, and technology to secure Zoom.
With so many leaders at all stages of their careers watching this, what advice would you offer to the folks that are just starting their SaaSOps journey and are still trying to figure it out? I’m sure they would love to hear some tips and lessons learned, especially given your journey and where you are today.
I’ll share three brief key takeaways for anyone just starting on their SaasOps journey. One is to understand what your processes are, not from a high level, but really to understand what problem you’re trying to solve. It’s also important to define your success criteria before you start your SaasOps journey. That way, when you meet with different partners and solutions, you’re well-prepared to address the issues that plague you today.
The second key takeaway is to build security from the ground up or from the beginning. I’ve personally seen the level of effort and the amount of remediation it takes to remediate security issues down the road when you don’t build security in from the start.
Number three is to manage your data. Data continues to be pervasive. It’s in different cloud environments. It’s shared with different people, it’s on different endpoints, so you need the right tooling to secure and manage your data. That way, you can enable the efficiencies that come along with managing your cloud data moving forward.