I’d like to start by saying hello! I joined the Cisco collaboration team recently, having spent my entire career working on a variety of SaaS products. This is my first blog for Cisco, and as my colleague Lorrissa writes, we are working hard to make Webex the solution of choice for every company in the world. As we make that goal a reality, I am very excited to drive our next wave of innovation for the Webex platform.
I appreciate that security is a top of mind topic for every customer. Not just any security, but the security of your data and users as they do their day-to-day work. The universal access that SaaS collaboration services provides has made cloud-connected work the preferred way to get things done.
But, selecting the right services can be daunting, as users’ data is now stored in the cloud, and potentially transiting across the globe. And we have all heard about data breaches of retailers and online services such as Target, Equifax, and even recently Reddit – no one wants that to happen to them.
I’ll use the rest of this blog talk through a couple of top of mind topics regarding security.
Cisco and Security
Cisco Webex works hard to keep you safe. Cisco is recognized as an industry leader in security thanks to our Cisco Umbrella and Cloudlock products. With our recently announced acquisition of Duo, we continue to grow our offerings in this space. We take pride in ensuring that each of our offerings keeps users and their secrets secure. Webex Teams is no different.
Cisco Webex Teams E2E Security and Compliance
One of the primary ways that Webex Teams keeps your data safe is with our unique End-to-End Encryption (E2E Encryption) technology. We are the first to deliver this type of security solution for an enterprise-ready collaboration service, and continue to ensure that it provides the level of security our customers demand.
Here is why it is so powerful:
Webex Teams E2E encryption secures an interaction all the way through, using a single set of customer-specific encryption keys. Many other providers state that content in their services and apps is encrypted in transit from a client’s machine to the service and at rest. But, in many cases, the data is actually encrypted and decrypted up to three times from source to target app:
- from source app to service
- within the service
- and from service to the target client app
Bring-your-own-key solutions are often used to complement this in-transit story, offering customers the ability to provide keys to encrypt their data when stored at rest in a services’ datacenter.
However, Webex Teams takes encryption one step further. Any given piece of content or user interaction is encrypted using a single, customer-owned key from the moment that the user hits “send” in the app until the second the data is accessed by the target recipient. In other words, our solution keeps data encrypted in-use, as well as at-rest and in-transit. At no point does the encryption of your data rely on SSL certificates stored on front-end web servers. With Webex Teams, each of your interactions is encrypted using keys that are unique to your organization.
Why is this important for security? Using a unique key ensures that a third party won’t be able to decrypt your information if a security breach does occur. With other solutions, the use of shared encryption keys and front-end SSL certificates creates a point of vulnerability. Third parties are more likely to be able to access those keys, and then it is easier to decrypt stolen data and access sensitive information.
E2E encryption gives you the option to fully control the keys used. Our on-premises Key Management Server (KMS) option gives security-conscious customers even more control over where and how their keys are stored. With KMS, you manage the server which stores and manages your encryption keys in an environment that you control. You can ensure that only authorized processes and actors have access to the key server. If necessary, you can cut off all access to keys, thereby protecting your assets and secrets (this, of course, cuts off access to your regular users as well. But you get the point).
Our focus on security is not just about end to end encryption, but also about features such as the ability to force a PIN lock on mobile devices, and the ability to wipe any Webex Teams data if a device is reported lost or stolen. Our Cisco Webex Teams Security white paper covers this technology in detail.
Compliance. Even though your data is encrypted, it still needs to comply with your Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) policies. With Webex Teams, these capabilities are still available on encrypted data. This is a unique feature that helps ensure that your employees don’t share confidential information outside your company. And if they do, it can be detected and remediated.
While not security in the strictest sense, here are some of the important Webex Teams certifications for best practices, data privacy, and cross border controls:
- SOC 2 Type 1 and 2, and SOC 3, and ISO 27001, 27017
- Cloud Computing Compliance Controls Catalogue (C5)
- EU-US and Swiss-US privacy shields, as well as APEC cross-border privacy rules
These certifications provide guarantees about the way we operate and store your data. All critical to helping you rest easy, knowing that your data is being handled in a way that is consistent with your highest standards.
Explore an infographic about Cisco Webex Teams security.
The Webex Platform
Moving forward, you’ll be hearing more from my team and myself on how Cisco Webex helps your organization be more effective and secure. You’ll see more along five workstreams:
- Get going with Webex: Webex Control Hub and other experiences help customers get set up with Webex across Meetings, Teams, Calling, and devices.
- Keep users safe, secure and compliant: The Webex platform gives administrators the policies needed to manage users – from Single Sign-On, to control over which organizations can communicate with your users, to tools that help with compliance tasks such as eDiscovery and DLP (via the Events API).
- Know and control what’s going on: Analytics and diagnostics information in the Control Hub helps you identify issues and drill into what needs to be done to keep things green.
- An open platform: The Webex platform is an open platform, embracing integration with other services such as Office 365 and Google. We’ll continue to develop these scenarios so that you can continue to use the tools that you know and love.
- An extensible platform: Our developer experiences, APIs and SDKs, enable customers and partners to build solutions to meet specific business needs. We’ll continue to ship improvements and more capabilities to help you be increasingly effective with the Webex family of products.