Video conferencing firm Zoom is now one of the most recognisable brands across the world, but recent days have seen a barrage of criticism directed towards its security and privacy credentials.

Answering the disapproval, Zoom CEO Eric Yuan has penned a blog post to explain how the company got into the uncomfortable position and what it is doing to take the platform forward.

“We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived,” Yuan said.

This should be taken as a reasonable explanation. Like everyone else in the world, COVID-19 took Yuan and Zoom by surprise. Even the most optimistic CEO could not have envisioned the rapid uptake of services Zoom has experienced over the last few months. As a point of reference, Zoom share price has almost doubled in the last three months, and the latest price (April 1) is after a 14% decline over the last week.

Since this rapid rise to fame, Zoom has been sued in US Federal Court for illegally disclosing personal data to third parties including Facebook, New York State Attorney General, Letitia James launched a privacy probe, the UK Ministry of Defence banned its use, Bleeping Computer discovered that Zoom could allow hackers to easily obtain the user’s Windows password and Zoombombing became a dark web pastime.

The issue which Zoom is facing is this is not a product which has been designed for widespread usage. There are currently more than 200 million Daily Active Users (DAUs) though this is an application originally built for large corporations. These customers would have in-house IT teams who could make security assurances; the vast majority of today’s users are not in this advantageous position.

While users are perhaps being forced to compromise with the current state-of-affairs, if Zoom’s success is to be sustained for the long-term, these issues will have to addressed.

“Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively,” said Yuan. “We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust.”

Engineers will no-longer focus on new features, but all will be directed towards enhancing security. Reviews of all different customers will take place to ensure all needs and nuances are accounted for. Transparency reports will be prepared. A bug bounty programme will be introduced. More rigorous security testing procedures will be created.

These new activities add to changes which have already been made to the business. The privacy policies have been rewritten. SDKs which enable the collection of unnecessary data have been removed. Features which violated privacy have been removed.

Should all of these elements be fruitful, there is no reason Zoom should not continue to be a successful business. No application is 100% secure, hence the bug bounty programme, but it is fair to say Zoom was caught by surprise by success.