Posts by Category

Securing users and devices in Webex

Common security challenges with users and devices

Today there are too many security challenges to the applications used by organizations, and many different vectors need to be secure:

  • User identities
  • Content
  • Devices
  • Transport

Security challenges to the applications.

The way that we protect the applications is crucial. We need to protect the application access, but also the identity of the user.

It is the job of the IT manager to prevent rogue agents from hijacking user identity and have access to all the different resources that the user is entitled to.

Identity theft has been identified in the Verizon 2019 report as the most common data breach, and if we add phishing attacks and stolen password, we get more than 50% of them. (1)

Breaches. Top threat action varieties in breaches

Protecting user identity

IT departments already understand that passwords are no longer an efficient way of protecting user identity.

It is difficult to manage application access based on passwords, as there are too many challenges:

  • Strong password complexity makes them hard to remember
  • Passwords should be unique to each app, which make them hard to remember
  • Passwords should rotate often which makes them difficult to manage and remember
  • Password manager web utilities can also bring security breaches

When deploying Webex, Cisco always recommends that our customers deploy it with a stronger authentication solution; at the same time, we recommend that the devices where Webex applications run are secure.

Strong authentication solution

Many customers want to enable all their applications with stronger authentication. Organizations realize that identity theft is the biggest security concern, and the traditional mechanisms for authentication are no longer effective.

Our customers talk about multifactor authentication (MFA), which means that their users need to provide two different types of authentication. There are three types of authentication mechanisms:

Strong authentication solution

Many vendors deliver these kinds of solutions; normally, we see them associated with Identity Provider (IdP) solutions. Those authentication policy servers, enforce the right authentication policy based on the different factor (location, application type, device type, etc.)

Today there is another trend in the identity market, where authentication mechanisms are people-centric and follow the Zero Trust mode. This allows secure connections to all applications (whether on-premises or in the cloud) based on the trustworthiness of users and devices. The Zero Trust mode enables the customer’s IT to set and enforce risk-based, adaptive access policies, and get enhanced visibility into users’ devices and activities. This concept is also known as Adaptive Authentication.

Cisco Webex right architecture

Cisco Webex has the right architecture to support the Zero Trust mode and allow secure connections based on the trustworthiness of users and devices.

Device validation and health

Device Validation and Health

Device assessment is a must in today’s organizations, identifying risky devices, enforcing contextual access policies, and reporting on device health.

Today organizations are mandated to follow many compliance goals, and they can achieve most of those using device access policies.

Verifying device health before granting access, to preventing exposing your applications to potential security risks is one of the best practices in modern application deployment models.

There are multiple types of devices that an organization’s users utilize every day when they use collaboration tools. Some of the devices are managed by the IT department, which already delivers some security insurance – but it isn’t enough. Some are unmanaged and owned by the employees, which brings interesting challenges from a security perspective.

Corporate managed devices/applications

CorporateManagedDevices:Applications

Normally there is a mix of solutions that can be used for corporate or managed devices, depending on the device type.

Some organizations use MDM/MAM for mobile devices, which allows them to create policies for the corporate application, for example:

  • Forcing PIN-lock
  • Preventing copy and paste
  • Disable screen capture
  • Remote wipe
  • Preventing tampering with devices
  • Requiring a minimum version of OS
  • Support for ECM
  • Requiring a minimum version of the corporate application

But since IT departments don’t manage only mobile devices, we also need to find a solution for desktops, and there we need to make sure that the corporate – managed applications are also aware of the security policies, and those apps could be aware of features like:

  • Versions of Browsers
  • OS versions and type
  • Disk encryption
  • Status on OS, Browsers, and Plugins
  • Firewalls
  • Anti-Virus and Anti-Malware

The protection of the application can be done by using the validations when the user logs in to the applications or during the application usage. The right mechanism, method, and deployment model needs to be chosen by IT administrations when they are in the deployment stage of those applications. The application vendors need to support any policy defined by the IT departments of those customers.

Cisco with Webex Collaboration doesn’t mandate any security strategy to protect the application, but we can integrate with any policy defined by our customer.

It is important that any application that deals with all the IP (Intellectual Property) produced by a company can follow all the policies that exist for devices and applications.

Non-managed devices

non managed devices

Devices that are owned by the users should not be excluded from the usage of a collaboration application. Examples of that are home computers, personal tablets, and mobile devices. Those devices are especially relevant in scenarios of working from home.

That is why corporate applications need to do extra check to make sure that they follow the minimum-security requirements imposed by the company security policies, for example:

  • The device has the firewall turned on
  • The device has an endpoint security tool, to protect against malware and viruses
  • The device doesn’t have a tampered OS

Normally these kinds of policies, for devices that are unmanaged, need to be enforced at login time.

Device/application visibility

Device:Application Visibility

One of the fundamental principles of good security is to understand your environment. But as environments get more complex with increasing reliance on cloud applications, bring-your-own-device (BYOD) allowances, and mobile and remote work, it’s progressively more difficult to gain that understanding.

For IT administrators, it is important that they have visibility on what devices each application is running; they also need to have visibility on the major characteristics of those devices.

Endpoint visibility also helps you understand and track important user behaviors such as how quickly end-users update their operating systems, browsers, or plugins. It also builds an understanding of when and how frequently end users log into work applications from their personal devices. Tracking these behaviors not only helps you set informed access policies but also helps tailor a more empathetic approach to different groups of users.

When it comes to security, trust Webex

Whether it’s the security of the Webex application itself or securing the devices that connect to it, Cisco Webex has security and privacy built into its DNA. Cisco has invested heavily in building a culture of security with the right checks and balances in place. Webex chooses secure default settings out of the box, thereby enabling users to start collaborating freely without having to worry about configurations. At the same time, Webex delivers a great user experience – one that doesn’t compromise security. That’s collaboration without compromise. That’s the Cisco security difference.

To learn more about Security and Compliance settings, go to the Cisco Webex Control Hub web page.

Resources

(1) Verizon 2019 report

Learn More

Administrators’ 3-step guide to managing devices remotely

Collaboration Without Compromise: A Security-First Approach to Remote Working

The World Has Changed — Security Should Transform to Stay Ahead

Read more
video conferencing securely
Video conference with security you can trust

Why is security important for Cisco Webex video conferencing?

Here at Cisco Webex, we believe in making technology and software that helps people around the world collaborate better, faster, and smarter than ever before. All without sacrificing your confidence in our security. Especially because an unsecured video conferencing solution not only opens up the possibility to meetings being listened in on, it could also indicate vulnerability of a compromised network. Both of which are extremely risky, no matter your business size, industry, or sector. Today, the power of video conferencing is incredible. It transforms meeting experiences and allows people to meet more productively, but if not developed strategically and with security at the forefront, it can put you at risk to privacy issues.

How does Cisco prioritize security strategy?

Our strategy at Cisco Webex prioritizes security in our design, development, deployment, and in the maintenance of its networks, platforms, and applications. When you choose Cisco Webex as your video conferencing and collaboration tool, we want you to be confident in your choice for all your business needs. Security shouldn’t be a concern before a meeting, during a meeting, and especially after a meeting.

What type of security does Cisco Webex offer?

To all of our customers, we offer the highest level of security, including: • SOC-2 Type 2 • ISO 27001 • FedRAMP compliant • General Data Protection Regulation (GDPR) compliant • and end-to-end encryption But what does this actually all mean? It means that the second you share a document or send a message to someone else via Cisco Webex, your data becomes and remains encrypted from your device to your recipients’. Any data sent/received comes with a key and you own the key to all your encrypted data. You can put this key in your data center, and with it, you are guaranteed total security, control, and access to it at all times. Cisco Webex is the ONLY vendor that offers this end-to-end encryption. In addition, we have internal teams dedicated to managing, investigating, and publicly reporting on security vulnerability information related to Cisco products and networks. Examples include the Product Security Incident Response Team (PSIRT) and the Cisco Computer Security Incident Response Team (CSIRT).

Where can I find more information on Webex security?

Security will always be at the forefront as we continue to innovate on user experience and bring new solutions and features to market. We are excited about the future of Webex and hope you are too. To understand more about our focus on security, please read  our  white paper on meeting security. Try Webex Meetings for free: https://www.webex.com/pricing/free-trial.html.


Webex, the leader in video conferencing.

Read more
team collaboration
May update of team collaboration tool, Webex Teams

From industry leading data centers, all the way down to protocol handlers, the Webex Teams product team have been busy again during May…

Context for your Contacts

Starting this month, you’ll have the opportunity to get more context for your contacts when you visit a Contact Card in our team collaboration tool. With additional fields on the contact card you’ll now see manager name, department name, and role title, along with email address and contact number. So, you’ll no longer have trouble figuring out if it’s John Smith from Marketing or John Smith from Finance reaching out to you!

Bring People Together

In the past if you wanted to add more than one person to an existing space, you had to add new contacts one at a time. This was slow and tedious, so we fixed it! Now you can add up to 50 people to a space at any one time, so no excuses for getting people together to get your job done. Just search for your contacts, select each contact to stage them and add them to the space. Pretty simple right?!

Launch Webex Teams from anywhere

There’s a really nice new feature in our May release which delivers support for Webex Teams protocol handlers. This will allow you to embed a link or picture into a webpage (Think of your company directory) or as a signature on your email which when clicked will cross launch Webex Teams and bring you to a 1:1 or Team Space. We’re also delivering support to initiate a Webex Teams meeting through an additional protocol handler. Both great ways to allow you to collaborate quicker with your team.

Check out all details.

Create the next infinite masterpiece

With Infinite Whiteboard, we’re bringing the ability into the Webex Teams app so that as you whiteboard and move toward the edge of the screen you’ll get even more canvas to work with. Hey, why not use our Infinite Whiteboard to create the next masterpiece!

With Whiteboards, we’re also adding the option to share a new whiteboard into a meeting with your colleagues allowing you to get collaboration started faster and we’ve moved your annotations into the same location as whiteboards.

New data centers

As an industry first, we at Webex Teams are delighted to announce the launch of new data centers in Europe to host customers’ identity information and encryption keys which addresses data locality needs without compromising the global collaboration needs of our customers. These data centers augment the existing data centers in North America, which currently host and serve all our Webex Teams customers.

Users can continue to collaborate (message, meet, call) with anyone across the globe using a single, global identity so your experience is unaffected by the location of individuals’ data storage.

Check out more details on Data Locality here : https://blog.webex.com/2019/05/collaborate-across-the-globe-with-cisco-webex-teams/.

Lots happening as usual at Webex Team but there’s even more happening, check out the full list at What’s New page https://help.webex.com/en-us/8dmbcr/What-s-New-in-Cisco-Webex-Teams.


Try Webex Teams for free.

See all of the Webex Teams Releases here

Read more
secure video conferencing solution
Tips for choosing the most secure video conferencing solution

Security has been a key concern about video conferencing services since their inception. It was even a hot topic in pieces of popular culture, such as the groundbreaking film “2001: A Space Odyssey” and the animated series “The Jetsons,” that were released before video calling technology was commercially available.

For example, in “The Jetsons,” which is about a family living in the futuristic space age, the characters make extensive use of on-demand video conference software, but are sometimes conscious of how its presence in their homes and workplaces raises the stakes for security and privacy. They use masks and decoys in some episodes to hide their real appearance from the viewers on the other side of the screen.

Today, in the real world, the stakes for video conferencing security are even higher. An unsecured video conferencing solution not only opens up the possibility of meetings being listened in on, it also likely indicates a compromised network, vulnerable to any number of cyberattacks.

As video conferencing services become more popular, security must remain a priority. We’ve compiled a few things you should focus on when shopping for a high-quality solution.

Reliable encryption

Encrypted video conferencing is the best way to ensure any sensitive discussions and materials don’t fall into the wrong hands. As such, it’s a key requirement in many audits for highly regulated industries including finance, law, and healthcare.

With Webex, organizations in these sectors and others can meet high bars for security while supporting seamless collaboration between their increasingly mobile and remote teams. All communications between Webex clients such as phones or desktops and the cloud are encrypted using strong ciphers and current industry-standard protocols.

Your security team may control and manage Webex encryption keys if needed, configure end-to-end encryption, and safely store some meetings and user data locally. In the latter situation, Webex Meetings will encrypt all passwords with SHA-2 hashing and salting and also Network Based Recordings at both the file and volume level.

Compliance support

Security breaches are costly. One estimate from the Ponemon Institute pegged the average cost per incident between $2.1 million and $5.7 million, depending on the number of records affected. Data loss prevention (DLP) tools have long been the first line of defense against the actions that often precipitate breaches, such as the unusual movement of sensitive files.

But traditional approaches to DLP are now struggling with cloud services that make it relatively straightforward to send data beyond the corporate firewall and to bypass company-owned endpoints altogether. In 2016, Gartner predicted that by 2020 one-third of cyberattacks against enterprises would involve unauthorized shadow IT devices. That would only further confirm the limitations of conventional measures, which are often cumbersome and difficult to scale.

Effective DLP, and by extension overall security compliance, now requires tight integration with modern tools, including video conferencing and cloud-based team collaboration software. Webex empowers compliance managers to integrate their existing DLP policies, in order to secure content sharing with people outside the organization. Integrations are available with Cisco Cloudlock and third-party services, too.

Security options for administrators

There’s no such thing as a one-size-fits-all for video conferencing. Even in the “The Jetsons,” different occasions merited the use of different setups for video calling, such as the specialized Visaphone booth that was utilized instead of a smaller monitor in several episodes. For security purposes, it’s likewise good to have a variety of options at your fingertips, such as configurable security settings.

In Webex, administrators can take actions such as:

  • Applying strong password rules to Webex Access Anywhere.
  • Requiring authentication for all hosts and attendees wanting to access the site.
  • Allowing hosts to customize meeting access security within predefined parameters.
  • Letting any meeting be unlisted from calendars.
  • Making meetings automatically end after a certain time or if only one attended remains.
  • Mandating attendees have a Webex account on the site to join.
  • Permitting users to store their email addresses and names to easily join in the future.
  • Enforcing various lock controls for Webex Personal Rooms.

The flexibility of Webex means that you can make sure each meeting is done the right way, with appropriate security settings for safe and productive collaboration.

The road to more secure collaboration

Secure collaboration is a balancing act, between meeting end-user expectations for a convenient experience that makes it easy to connect with colleagues, partners, and clients while also satisfying high-stakes requirements for security and compliance.

Webex provides a fully secure collaboration platform that does not compromise on essential features such as content sharing and search. Try Cisco Webex for free today!

 

Read more
Four Key Security features of web conferencing
Four key security features of Cisco web conferencing

Secure web conferencing is the gold standard for modern collaboration. It backs the unique experience of lifelike video and HD audio with essential measures that protect communications from prying eyes.

The stakes are high for ensuring safe web conferences because sensitive data is routinely exchanged in these virtual meetings. A Forrester Research report estimated one-fifth of web conferences involved trade secrets and that even more of them featured financial information disclosures and details of marketing plans.

What does a truly secure web conferencing platform look like? It combines multi-layered physical, application, and platform security into a solution that’s still easy to use, allowing you to focus your limited time and energy on meetings instead of containing risks.

There are many Cisco Webex security features that make your life easier. In this post, we’ll focus on four that deliver a safer web conferencing experience.

Read more
The importance of encrypting your everyday company communications

In 2015, a WIRED contributor made the bold case that the most secure consumer device was an Apple iPod Touch. He highlighted its combination of a highly vetted software ecosystem and a lack of cellular network connectivity, but made a lot of caveats along the way. For starters, it needed to be physically secured, kept up to date, and used in tandem only with encrypted communication apps.

While the author’s overall recommendation to keep using an iPod is impractical for many professionals, the argument’s basic points about encryption are worth noting:

Data encryption technology is essential for shielding sensitive interactions from unwanted surveillance and interception.

At the same time, it must be combined with acceptable security practices, such as proper handling of keys, scalable update or patch management, and access controls.

Read more
Protecting Your WebEx Meeting Information

Earlier this week Brian Krebs uploaded a blog post titled Who’s Watching Your WebEx, focusing on WebEx meeting configuration. We have two reasons to thank Brian. He has drawn attention to important meeting best practices, but he also allowed us to share advice with our customers first.

For those who administer Cisco WebEx sites, you should already have seen an update that included our best practice guide. If you need any related assistance, our support people stand ready to help.

Read more