MoD stockpiles 550 Zoom accounts despite security concerns

The Ministry of Defence (MoD) has purchased hundreds of Zoom video conferencing licenses despite ongoing security concerns raised by security agencies in both the UK and the US.

The 550 Zoom licenses purchased by the MoD represent a staggering 75% of the video conferencing accounts purchased across six major government departments, according to FOI data obtained by the Parliament Street think tank.

The figures reveal investments have been made since January 2020, which include Zoom accounts, Microsoft 365 subscriptions, and a number of hardware purchases. They show preparations for coping with coronavirus have varied wildly between a host of the most important government departments.

The department's purchase of 550 Zoom accounts is in addition to 150 accounts bought by the Cabinet Office, 15 by the Foreign Office, eight by the Home Office, five by the Treasury, and three by the Ministry of Justice.

The investment in paid Zoom subscriptions has coincided with confused messaging around whether Zoom is a secure enough platform to conduct government business over.

The MoD itself, for example, was reported by Sky News as having prohibited staff from using the service while security implications were investigated toward the end of March. This revelation emerged after Boris Johnson was photographed hosting a cabinet meeting using the platform.

The NCSC, meanwhile, has previously suggested Zoom is safe to use for meetings below a certain classification, including government cabinet meetings.

“Zoom is being used for unclassified communications in government under unprecedented circumstances,” a government spokesperson told IT Pro.

“Other services are in place for more sensitive communications, and the availability of these services is being increased to meet the demand of more staff having to work remotely."

The response chimes with the actions of other governments, with New Zealand’s security services, for example, prohibiting Zoom from being used when dealing with information classified above “restricted”.

RELATED RESOURCE

12 steps to deep and worry-free SaaS savings, smart vendor and contract management

COVID-19 and economic turmoil: Save 30% by discovering and ditching unneeded SaaS

FREE DOWNLOAD

Since Zoom's rise to prominence during the worldwide lockdown, several security-related issues have emerged, including the phenomenon known as ‘Zoom-bombing’ and the discovery that the platform lacked end-to-end encryption. The company has, however, pledged to iron out these privacy and security issues as part of a 90-day plan, and has since added tougher encryption to its platform.

Beyond purchasing Zoom licenses, the MoD also invested in 9,476 Microsoft 365 licenses, alongside 70 accounts by HM Treasury and three by the cabinet office.

The department’s hardware investments were also significant, purchasing 18,963 laptops, tablets and smartphones since the start of the year. This is, for reference, against the Home Office’s 9,085 purchases.

The difference can be explained by the fact that the MoD is more likely to require the purchase of fresh hardware for remote working to securely handle sensitive material, as well as the fact it employes between 50,000 and 60,000 members of staff, according to Institue of Government figures.

The Ministry of Justice, which employs the most civil servants of all departments in the country, approximately 70,000, invested in 12,136 pieces of hardware.

“The tidal wave of new device purchases, including tens of thousands of laptops, tablets and mobiles is essential for ensuring that government departments can operate effectively during the Coronavirus lockdown," said VP of Absolute Software, Andy Harcup. "However, the rush to implement new remote working models must be accompanied by a rigorous and robust approach to cyber security.

"Key to this is ensuring complete visibility into the device estate, so that IT chiefs can ensure every single user has that latest security updates, including checking that apps like Zoom are up to date and secure. It’s also critical to be able to wipe, track and freeze laptops which contain confidential data, in the event of theft or loss.”

IT Pro approached the MoD to enquire about its sizeable investments in Zoom licenses among Microsoft 365 subscriptions and hardware investments, compared against the purchasing habits of departments.

The department says it uses Zoom for non-sensitive matters, in line with other government departments, for example, for negotiating with PPE suppliers, training, and chaplaincy services.

The relatively high demand for IT has arisen because of the nature of the MoD and its sprawling estate and staff count, with 550 licenses spread between 250,000 personnel on the payroll. Keeping the licenses purchased to 550, in addition to 800 'basic' Zoom accounts, the department claims, has taken a considerable effort.

Keumars Afifi-Sabet
Contributor

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.