What’s New with Webex Security: October 2022
With the growth of hybrid work around the globe, security has become a paramount concern for organizations and their staff. Employees need the ability to effortlessly access data and communicate beyond the periphery of the corporate network. But challenges arise when workers collaborate across company boundaries with their personal devices, making security, privacy, and compliance much more difficult to sustain. Webex Security has adapted to help address these difficulties.
At Webex by Cisco, our guiding principle has always been “collaboration without compromise”. We take a holistic, 360-degree approach to securing users, content, applications, and devices. This includes an analysis of attack surfaces and threat vectors, and building controls to ensure your data is safe and secure, regardless of where your people are working or who they are working with.
Here are some of the new features that we announced at WebexOne 2022.
Identity & Access
Duo Multi-Factor Authentication (MFA) added to Extended Security Pack (ESP)
The Extended Security Pack (ESP) now includes Duo MFA. With this, customers can utilize single sign-on (SSO), multi-factor authentication (MFA), and passwordless authentication. These allow Webex to verify user trust quickly and securely for every access attempt to keep the data secure. Duo provides the broadest range of MFA options such as Duo Push, security keys, universal 2nd factor (U2F), one-time password (OTP), phone callback, SMS and HW tokens. With Duo, the MFA can provide ease of use and flexibility with configuration options for the entire organization or a specific group of Webex users.
This addition improves end user productivity and experiences. It also strengthens enterprise security and risk posture, while ensuring regulatory compliance.
While Webex provides a best-of-breed bundle of pre-integrated Cisco security products via ESP, it also fosters an open ecosystem through its developer platform. This enables partners to integrate and offer security, compliance, and DLP solutions to their customers. Webex also has one of the largest ecosystems of security and compliance partners ranging from startups to enterprise leaders.
Bring Your Own Key (BYOK)
Since 2015, we have allowed customers to manage encryption keys on-premises in their own data center to protect their Webex data in the cloud. Now, we have introduced the same on-premises capability into the cloud with BYOK.
With BYOK, customers can import their own key within CloudHSM using Control Hub, and then use it to protect all their user generated content like meeting recordings, transcripts, messages, files, and voicemail. It also allows security administrators to manage the lifecycle of their key such as activation, rotation, revocation, and recovery.
Data Loss Prevention (DLP)
With audio watermarking technology, Webex can embed an inaudible unique identifier for each participant in a meeting. This identifier allows an organization’s compliance officer to use Control Hub to upload a recording and easily trace the original source. For example, this capability could help to investigate a situation where a confidential meeting was recorded without authorization and uploaded to social media by a meeting participant using mobile phone. Audio watermarking can help identify where the audio recording of the meeting came from, helping to prevent future incidents.
Security Health Insight
To help IT administrators get a clear picture of their organization’s security posture, Control Hub now provides security health insights. This easy-to-use dashboard and workflow lets administrators stay on top of their organization’s security. It also audits the security configurations against the recommended baseline, provides insights into security levels, and coaches administrators to improve their organization’s security posture with recommended tasks.
Security controls for meetings
Webex now also provides a set of security controls for lobbies and meeting joins to prevent unwanted attendees, snoopers, and deepfakes. These controls will further ensure that you can have safe and secure meetings without interruption.
Auto admit allows invitees signed into Webex to join a scheduled meeting directly without having to wait in the lobby by default. Invitees that aren’t signed into Webex, or those without an invite, can wait in the lobby until a host or a cohost admits them.
Trusted domains for personal room meetings allow only external verified users from a list of trusted email domains to join personal room meetings. This can be configured at the user, group, and organization level.
Separate lobby controls for personal room meetings can help set permissions for unverified and verified external users to determine whether they can join the meeting, must wait in the lobby until the host admits them, or can’t join the meeting.
What it means for hybrid work
We pay close attention to our customers’ concerns around hybrid work, whether it’s related to data access, data confidentiality, the leak of sensitive or intellectual properties, or regulatory and legal compliance. At the same time, we continuously monitor emerging security threats and work hard to rapidly deliver new security controls to provide peace of mind to our customers.
“Webex has been a win, win, win. It keeps us in touch with our team members and credit union members. The platform is reliable, secure, and always available with less operational overhead.”
—Janaki Rao, SVP and CTO, Premier America Credit Union. (Case Study)
“Webex has the most security and privacy controls and is the only major UC&CaaS vendor that provides Ultra Secure Communications.”
— Sorell Slaymaker, Principal Consulting Analyst, TechVision Research (Research)
For more information, contact Webex Sales Cisco Webex | Contact Sale
- Evaluating Cisco Webex, Microsoft and Zoom on UCaaS Security, By Sorell Slaymaker, Principal Consulting Analyst, TechVision Research
- Webex Security, Privacy, and Compliance
Mar 16, 2023 — Tanuj Goyal
Mar 12, 2023 — Christina Torok