Following the rapid cloud transformation over the past several years, data sovereignty awareness and business requirements are rising around the world, with Europe at the epicenter of this shift. A recent study by Deloitte found that 44% of European enterprises plan to invest in sovereign cloud in the next two years. Interest in these capabilities is further accelerated by the widespread excitement around generative AI capabilities and heightened interest in data use relating to AI models.
Over 100 countries currently have some form of data protection or sovereignty mandates (source). Europe is currently working on a unified cloud security certification, the European Cybersecurity Certification Scheme for Cloud Services (EUCS), which is expected to include data residency and sovereignty requirements at the highest assurance level and could already be agreed by the end of 2023. Customers are clearly articulating the demand for solutions even as some of the requirements to meet emerging regulations continue to evolve.
Rather than waiting, Webex is evolving our approach based on the rising sovereignty needs of our customers. Cisco is committed to remaining at the forefront of serving government organizations and regulated industries across the world. Our launch of Webex with Sovereign Controls is a further step in enabling customers to control their own data within their borders by providing cryptographic controls over their data. A key benefit to using partner-hosted sovereign encryptions is that customers benefit from cloud cost efficiencies, removing the need to host any parts of the service themselves, while still getting access to the latest cloud innovations.
Webex’s approach to Digital Sovereignty and Data Residency
To help meet these needs for customers, we are pleased to announce our plan to provide EU customers with a set of sovereign controls for the Webex collaboration platform. These include:
- Cryptographic controls: Cryptographic control over data, including customer-controlled encryption keys hosted by trusted European partners in their EU data centers. The keys are generated outside of the Cisco infrastructure in the partners’ on-premises key management system. These keys are used for encryption and decryption of Webex Meetings, Messaging, and Calling User-Generated Content. (New Feature available in the first half of 2024)
- Data residency: European Union data residency includes User Profiles, User-generated Content, Analytics and Troubleshooting, Billing, and Operational data for Webex Meetings, Messaging, and Calling. (Already available for EU customers)
- Local EU technical support: As an add-on option, customers will be able to purchase technical support services delivered by EU personnel from an EU location.
Cryptographic control over data with partner-hosted key management
A key aspect of data sovereignty is enabling customers to maintain control over their data. With cryptographic control, a local trusted partner hosts and operates the key management system in their data center in the region. This enables customers to protect their most sensitive and critical data by maintaining control of their own encryption securely stored in a data center outside the Webex cloud. Our initial launch partners are Deutsche Telekom and Eviden, an Atos Business, with plans to expand as our sovereign controls feature becomes generally available in the first half of 2024.
With this scenario, EU customers have greater control over the security of their user-generated persistent content, including meeting recordings and transcripts, messages, shared files, voicemails, and call recordings and transcripts. By isolating encryption controls in a partner-hosted environment, they can ensure encryption is kept within borders and managed by local trusted partners. This adds an enhanced layer of protection to Webex’s built-in privacy and security features and the EU data residency program, enabling customers to meet their needs through trusted EU partners.
European Data Residency
Webex has already implemented EU data residency for EU customers, to help meet customers meet data regionalization needs and requirements. Webex Data residency for the EU means that User Profiles, User-generated Content, Analytics and Troubleshooting, and Billing and Operational data for Webex Meetings, Messaging, and Calling are stored in Webex data centers in Frankfurt and Amsterdam. In addition, Webex is the first and currently only collaboration and conferencing solution to achieve the highest level of adherence with the EU Cloud Code of Conduct (EU Cloud CoC), a pan-European framework for cloud service providers to demonstrate compliance with the EU GDPR. Furthermore, the European Data Protection Supervisor (EDPS) has confirmed that the use of Webex by the Court of Justice of the European Union (CJEU), meets the rigorous rules for processing personal data by this EU institution. Webex is the first and currently the only videoconferencing platform to have attained such approval.
Webex not only supports EU data residency, but Cisco is also transparent about data residency of all Webex services. Customer or partner administrators can verify the location of their Webex Services by going to Account > Info > Data Locations in Control Hub. In addition, Webex provides customers with control to delete the host and usage information of users in Control Hub. These controls are available for a set of users, for an entire organization, or for a given timeframe in a self-service manner. Read more.
Local EU Support
Data sovereignty requirements extend into customer support services: some customers require transparency and control when raising a support case or while obtaining technical assistance. To meet this requirement, we will enable customers to optionally purchase local technical support, where most service requests are managed by EU personnel located in the EU. Customers can obtain technical support from trusted local partners providing managed services.
Future options to meet expanded sovereignty requirements.
Webex is committed to transparently verifying the independent operation of these new data sovereignty service controls. Webex is also continually evaluating the needs of our customers to meet their own regulatory and legal obligations, including in the realm of data protection, localization, and sovereignty.
More Resources: