Since the pandemic disrupted workplaces around the world, the use of collaboration tools has increased by 74 percent. These platforms have become more important to office culture than watercoolers. But with so many employees working in a remote or hybrid capacity, these applications present new threats to data security and compliance.
In a study by Futurum, over 1,000 business and technology executives ranked security as the most important UC feature for enterprise collaboration platforms — over HD video, webinar and mobile capabilities. With data security at the forefront of IT considerations, you need to be sure your collaboration platform is secure. Let’s talk about Webex, and how it can provide the security, compliance and control you’re looking for.
Unparalleled Security with Webex
Most cloud-based services present a Catch-22: you can either have end-to-end encryption or you can have advanced functionality. In order to provide additional features like third-party integrations and message search, providers require full access to your calls, messages and meeting content. Not ideal. The good news is that you don’t have to choose one or the other.
With Webex, you get a cloud collaboration platform with value-adding integrations and end-to-end encryption. By using an open architecture to distribute encryption keys, Webex empowers enterprises to take control of their encryption key management and data confidentiality. In other words, your content is encrypted on your Webex app and remains encrypted until it reaches the recipient. No third party or intermediary can access decryption keys for content unless you’ve explicitly granted them access.
The Cisco Security Advantage
Security is in Cisco’s DNA. They’ve got a number of departments looking out for your security, including Cisco Information Security (InfoSec) Cloud Team, Cisco Product Security Incident Response Team (PSIRT) and Cisco Talos Threat Intelligence Group.
And given their size, Cisco is uniquely positioned to provide security at scale. They monitor over 1 billion files everyday and help stop over 7.2 trillion attacks annually. They’re like the Avengers of the data security world.
With Webex, security is the foundation of collaboration. While other vendors provide security measures through piecemeal solutions — one for encryption during data transit, another for data storage — Webex’s base level security is the strongest in the market. There’s no other offering out there with the same level of end-to-end encryption.
When you choose Webex, you get security that’s built-in, not bolted on. Forget about adding other security apps; you get powerful protection, built right in at no extra charge. We’re talking about TLS 1.2 protocol and high-strength ciphers, media transmission via UDP, encryption with AES 256 and HMAC for authentication.
All user-generated data (like messages, files, space names, meeting subject, whiteboard content, and so on) is encrypted to ensure that your content remains confidential at all times. Data is encrypted before it leaves your device, while it’s in transit, when it’s being processed and when it’s stored. Cisco’s Key Management Service (KMS) is responsible for the creation, maintenance and authorization of encryption keys. These keys are then used by the Webex application to encrypt and decrypt your content.
All digital Webex transactions occur through HTTPS (and there’s no support for HTTP). Thus, any content in or out of the cloud is encrypted. All media (voice, video, screen sharing, files and whiteboarding) is transmitted using Secure Real-Time Transport Protocol (SRTP). Webex also decrypts real-time media for distribution, PSTN trunking and demarcation purposes.
Encrypted Content Search
Search indexes are created for all user-generated content. Think of these search indexes as one-way labels. When you search for a word in Webex, that word is encrypted before leaving the app. Since everything has been appropriately labeled (or “hashed”), matches are retrieved, decrypted and then displayed to you.
Webex Security Controls
Before deploying an application to its users, an enterprise’s IT team will want basic security controls. Let’s cover some of the most important security controls within the Webex application.
End User Access
With the Great Resignation still wreaking havoc on HR departments, it’s no surprise that user access is a primary concern for IT administrators. Let’s say Betty put in her two weeks notice and is going to work for a competitor. Now that she’s working with your competition, you don’t want her having access to your confidential content or conversations. With Webex, you can revoke Betty’s access, which will not only refresh her tokens, but also remotely wipe all cached content on her mobile devices. This can also come in handy if an employee has been let go for bad behavior or loses a mobile device.
Device and Browser Protection
Speaking of mobile devices, you’re going to want to make sure those are protected as well. With optional PIN lock enforcement, you can require end users to secure their devices with either a PIN lock or passcode. This way, if an employee’s device is stolen, misplaced or lost, your content won’t get into the wrong hands.
And just in case someone gets the bright idea to log into Webex on a public browser and forgets to logout, there’s an idle session timeout capability to save the day. In short, no one will be granted access without authorization.
Flexible Content Storage
Depending on your preferences (or company policy) you can store Webex content indefinitely or until a user deletes it. You can also use an API to poll for certain events that will trigger application content to be archived. Admins can also search for and extract content and information like timestamps, space names and participant IDs.
Certifications and Compliance
Webex has accumulated an impressive number of certifications and is in compliance with many international regulations (which explains why over 2,200 government agencies choose Webex and 95 percent of Fortune 500 companies use Webex security).
Check out the list:
- ISO/IEC 27001, 27017
- ISO 27018
- SOC 2 Type 1 and Type 2
- Cloud Computing Compliance Controls Catalogue (C5)
- HIPAA compliant for use by healthcare customers through a HIPAA Self-Assessment
- FedRamp for Meetings
- EU-US Privacy Shield
- Swiss-US Privacy Shield
- APEC Cross Border Privacy Rules
- Binding corporate rules
- EU Model Clauses
- EU GDPR
Collaborate Without Compromise
It’s simple: Companies trust Webex. The collaboration platform empowers admins to secure users, devices and content — all while providing the best experience for end users. If you’re ready to improve your organization’s collaboration and strengthen your data security, contact us to learn more about TelNet UC with Webex.