An Update (1 October 2021): This acquisition did not go through even after the boards of directors of both companies had approved it. It was voted down by Five9 shareholders, citing growth and valuation concerns. This is an unusual example of an acquisition not going through because of unwillingness of one of the companies. In recent times, regulators have stopped some acquisitions. Incidentally, there were some concerns raised by the by Federal Communications Commission (FCC) as Zoom is based in US. but has product development operations in China.
The partnership arrangement between the two companies will continue including support for integrations between their respective Unified Communications as a Service (UCaaS) and Contact Centre as a Service (CCaaS) solutions and joint go-to-market initiatives.
Zoom has announced their intention to acquire cloud contact centre service provider Five9 in an all-stock deal for about USD 14.7 Billion. This is Zoom’s largest-ever acquisition as the communications platform continues to expand their services and launch new products. The deal is expected to be completed in the first half of 2022 and Five9 will be an operating unit of Zoom.
The last year has seen Zoom scaling up their product offerings, including cloud calling solution – Zoom Phone, conference hosting solution – Zoom Rooms, and applications and productivity tools – Zoom Apps and Zoom Marketplace. Zoom also acquired real-time translation startup Kites GmbH to offer multi-language translation capabilities, and Keybase – a secure messaging and file-sharing service to build end-to-end encryption for its video conferencing platform.
Ecosystm Analysts share their thoughts on Zoom’s strategy and roadmap, how Five9 will augment Zoom’s capabilities, and the impact the acquisition will have on Zoom’s competitors and the market.
Why Contact Centre?
Ecosystm Principal Advisor Tim Sheedy says, “Zoom is moving beyond its period of ‘organic hypergrowth’ brought on by the pandemic. While the paying customer base for their core video collaboration service will continue to grow, growth rates are likely to begin to track the market. To grow beyond market rates, Zoom needs to move into new markets – through product development or acquisition.”
Talking about the importance of voice services, Sheedy adds, “Voice services are an obvious adjacent market to help drive growth, and Zoom already has seen some success with their Zoom phone service and associated devices – in fact, they already have 1.5 million users. The Five9 acquisition gives the company a stronger and deeper capability in the voice sector; buying them a significant chunk of the voice services in business – the contact centre. In many businesses, the contact centre already accounts for over 50% of their voice minute usage, so winning this space will go a long way towards winning the overall voice and collaboration supplier in enterprises.”
Ecosystm Principal Advisor Audrey William predicts exciting times ahead for Zoom. “With Zoom already having a platform for video, then bringing voice into that equation and now a contact centre solution, makes them take on their competitors in an all-native cloud stack. There is a still a large installed base of on-prem UC customers and with Zoom seeing success with Zoom phones in the short time frame since its launch, this is where this will get exciting for Zoom. The telephony piece is still important in the race to simplify how we work, communicate, and collaborate today. It is that same voice/telephony discussion that can lead to a routing discussion, which then leads to a contact centre discussion.”
Ecosystm research shows that 54% of organisations are challenged in their customer experience delivery because of integration issues between multiple platforms. William sees this as an opportunity for Zoom. “The use cases to integrate workflows into the video environment is going to be important for Zoom. Video is now being used to solve customer service issues like letting the agents take over the screen to see how to help solve the customer problem immediately by using video and contact centre applications. The ability to bring this natively together will be very powerful. Zoom is investing heavily into apps and working to partner with ISVs who can develop workflows suitable for easy customer communication in specific industries such as Healthcare and Financial Services.”
Why Five9?
Five9 is considered a pioneer in cloud contact centre solutions and owns a comprehensive suite of applications for contact centre delivery and customer management operations across different channels. Five9 has made several acquisitions and enhancements to their CCaaS solution in recent years to make their stack more complete with richer AI offerings. They include Inference Solutions to offer their customers a Conversational AI solution and Whendu’s iPaaS platform which provides a no-code, visual application workflow tool.
William says, “More contact centres want to do away with monolithic IVR systems that confuse customers with too many long menus. The Agent Assist solutions are also gaining importance especially in the hybrid work model where agents face challenges working in isolation and not being on a floor with their colleagues and managers.”
Five9 has acquired a cloud workforce optimisation provider Virtual Observer. “So, we are not looking at just a basic level contact centre solution but an offering with important capabilities demanded by customers,” says William. “During the investor call this week, Zoom’s Eric Yuan and Rowan Trollope made it clear that they have been listening to customer feedback on how effective it would be to have a single platform that can accommodate UC and contact centres in the cloud. Zoom also sees Five9 as a good fit culturally; and their goal now will be to disrupt all legacy systems with cloud-native communications.”
What lies ahead?
William thinks that Zoom’s competitors will be watching this integration closely, especially those that lack an all-in-one native cloud UCaaS and CCaaS stack. “However, some of Zoom’s competitors have an established base of large enterprise customers and have done well to grow revenues and defend their base over the years. Working with in-country partners and ISVs will be critical for Zoom’s growth across regions.”
Sheedy thinks that the most important takeaway from this acquisition is not that Zoom is moving into the contact centre space. “It is that Zoom realises they have a “once in a generation” opportunity to grow beyond their core and cement their position as a supplier of collaboration and communication services – and that they are willing to flex their balance sheet and share price to create their future. The competition – from Microsoft in particular – will be strong. Google, AWS, Salesforce, and Facebook are also making a play for this market. Zoom has found themselves in their current position of strength due to good luck and good timing – and they appear to be telling the market that they aren’t going to give up their leadership without a significant battle.”
“Enterprises will be the true winners in this battle – with better, more integrated, lower cost and easier to implement communications and collaboration solutions for their employees and customers,” adds Sheedy.
Organisations across the globe, are facing disruption on a scale never seen before, and are urgently seeking ways of remaining viable. Predictably, cybersecurity is a secondary concern and is often handled reactively. To make matters worse, a chronic cybersecurity skills shortage is being made much more severe by the crisis.
Remote working has reached unprecedented levels as organisations try hard to keep going. This is massively expanding the attack surface for cyber criminals, weakening security and leading to a cybercrime pandemic. Hacking activity and phishing, inspired by the COVID-19 crisis, are growing rapidly. Containing and suppressing this cybercrime pandemic is proving to be almost impossible.
Remote working intensifies known threats posed by phishing and ransomware. More alarming are the distinctive cybersecurity vulnerabilities associated with home working including reliance on home Wi-Fi, increased use of unpatched VPNs and devices, and the exponential growth of network access points. These vulnerabilities increase the likelihood of a breach enormously.
Corporate IT is in a very challenging position. It needs to ensure that organisations can operate in a way that they have never operated before, while ensuring that their assets are secure – a very difficult, if not an impossible task for which there is no precedent.
Some important cybersecurity considerations, during and after the COVID-19 pandemic include:
Re-enforce Basic Cyber Hygiene
As massive numbers of people work from home, basic cyber hygiene becomes more critical than ever before. Organisations must maintain awareness of security threats among employees, ensure security policies are being followed and be certain that corporate software is being updated and patched on time. With a dispersed workforce, these basic practices are more challenging, and training becomes more critical. Phishing attacks are often the primary attack vector for malicious actors, so employees must be able to identify these attacks. They increasingly exploit shortages of goods such as protective equipment and sometimes claim to offer official information relating to COVID-19.
Remote employees often access sensitive business data through home Wi-Fi networks that will not have the same security controls – such as firewalls – that are used in offices. There is more connectivity from remote locations, which requires greater focus on data privacy, and hunting for intrusions from a much larger number of entry points.
Place More Focus on Endpoint Security
The unprecedented switch to remote working is radically increasing the number of vulnerable endpoints. Given that endpoints are located at a distance from corporate premises, it is frequently difficult for IT departments to configure endpoint systems and install necessary security software.
It is vital to assess the security posture of all endpoints connecting to the corporate network. This practice enables an organisation to determine whether or not an endpoint requesting to access internal resources meets security policy requirements. It requires the ability to monitor and enforce policy across all devices, while making onboarding and offboarding seamless.
It is essential that endpoint solutions can be rapidly deployed for remote workers, as needed on both personal and corporate devices. Devices used for remote work need much more than the basic antivirus and antispyware protection. Multi-factor authentication (MFA) and on-board endpoint detection and response (EDR) capabilities are crucial.
Be More Selective About How and When Video Conferencing and Collaboration Platforms are Used
Since lockdowns spread around the world, the use of video conferencing and collaboration tools has grown beyond the wildest expectations of suppliers of these tools. The extraordinary growth of Zoom has made it a target for attackers. Many security vulnerabilities have been discovered with Zoom such as, a vulnerability to UNC path injection in the client chat feature, which allows hackers to steal Windows credentials, keeping decryption keys in the cloud which can potentially be accessed by hackers and gives the ability for trolls to ‘Zoombomb’ open and unprotected meetings. Zoom has so far managed to augment its security features in part by its recent acquisition of Keybase, a secure messaging service.
Switching to an alternative video conferencing platform will not necessarily offer greater levels of security as privacy is typically not a strength of any collaboration platform. Collaboration platforms tend to tread a fine line between a great experience and security. Too much security can cause performance and usability to be impacted negatively. Too little security, as we have seen, allows hackers to find vulnerabilities. If data privacy is critical for a meeting, then perhaps collaboration platforms should not be used, or organisations should not share critical information on them.
Protect all Cloud Workloads
In today’s remote working paradigm, cloud computing is being used more than ever. This frequently exposes organisations to risks that are not adequately mitigated.
Organisations typically need to manage a mix of on-premises technology together with multiple clouds, which are often poorly integrated. These complexities are compounded by the increasing risk from cyberattacks associated with cloud migration and hybrid cloud implementations. In cloud environments, the leading cybersecurity risks include insecure interfaces and APIs, data breaches and data loss, unauthorised access, DDoS attacks, and a lack of a unified view of assets.
Protection requirements for securing hybrid multicloud environments are evolving rapidly. In addition to tightening up endpoint security, organisations must also place greater emphasis on cloud workload protection. Cloud security solutions need to offer a unified and consistent view across all physical machines, virtual machines, serverless workloads and containers, used by an organisation.
Amend Incident Response Plans
It is the containment of breaches that often determines the success of security policies and procedures. Basic cyber hygiene as well as changes to IT architecture, such as micro segmentation, play an essential role in breach containment. But incident response plans also need to be made relevant to the current pandemic scenario.
Employees and IT teams are now working in a completely different environment than envisaged by most incident response plans. Existing plans may now be obsolete. At the very least, they will need to be modified. Usually, incident response plans are designed to respond to threats when most employees are operating in a corporate environment. This clearly needs to change. Employees need to be trained in the updated plan and know how to reach support if they believe that a security breach has occurred in their remote location.
Critically, new alert and warning systems need to be established, which can be used by employees to warn of threats as well as to receive information on threats and best practices.
Organisations are struggling to keep the lights on. In this battle to remain operational, cybersecurity has been taking a back seat. This cannot last for long as the deluge of new vulnerabilities is creating easy pickings for attackers. Cyber hygiene, endpoint security, cloud security, security policies and incident response plans must be continually reviewed.
Click here to download the full report ?
