In June 2021, we announced that we would be offering EU (European Union) data residency to all existing and new European Webex customers, from both the public and private sectors.
I am pleased to share that since finalizing the set-up of our data center in Frankfurt, Germany, in June, we have fully completed the core of the migration, bringing data closer to our customers.
Since October 2021, all user-generated content for Webex Meetings, Messaging and Calling, profiles, and analytics data for all new EU customers, are stored within the EU.
On December 18, 2021, we completed the migration of our existing European Webex Meetings customers from the UK to the new data center in Frankfurt, so that all user generated content and user profiles are stored in the European Union.
We continue our work to steadfastly migrate any remaining analytics and billing data for our new and existing customers to the EU before the end of 2022, ahead of our initial roadmap estimation.
In November 2021, we also launched our new EU Webex Contact Center hosted in Frankfurt. This new cloud contact center offering gives customers certainty that their service is secured in full accordance with all EU personal data processing requirements, privacy principles, laws, and regulations.
Cisco is committed to providing a consistent, high-level of data protection when handling our customers’ data, no matter where they are in the world. For all data flows, we have implemented strong safeguards through state-of-the-art encryption upon transit and encrypt data at rest globally.
We have put in place end-to-end (E2E) encryption for meetings since 2008 and have continuously enhanced it. In addition to our E2E identity verification for modern E2E encrypted meetings, we enable customers to bring their own encryption keys that can easily be refreshed. Each session has its own unique encryption key and a separate encryption key for each space or channel. This goes beyond and above what other video conferencing tools currently offer.
Privacy is a fundamental human right. That’s why we integrate security and privacy from the earliest stages of development, making sure they are built in by design, not bolted on after the fact.
We know that customers expect providers to keep their data protected and secure, they want to be informed about how their data is collected and managed, and ultimately customers want control of their data.
Since July 2021, our EU Webex customers who have moved to the Frankfurt data center now have access to Webex Control Hub that enables them to see where their Webex data is located, along with the details of their migration plan.
We have heard highly positive feedback from our customers who are already benefiting from this control tool and are working on making this functionality available to more customers.
We are also integrating more automation into Control Hub’s processes so that customers can fully control and move their data, providing ever greater choice and transparency.
I am also pleased to add that, since Cisco announced its adherence to the EU Code of Conduct for Cloud Providers (EU Cloud CoC) at its launch in May 2021, Webex by Cisco has passed the rigorous set of checks across more than 80 controls. Webex was declared adherent to the EU Cloud CoC by SCOPE Europe, an independent monitoring body, on October 22nd, 2021.
Webex is the first collaboration platform to hold adherence to the EU Cloud CoC, reaffirming Cisco’s strong commitment to privacy, transparency, and accountability.
The main purpose of the EU Cloud CoC is to solidify the legal requirements of Article 28 of the GDPR for its practical implementation. Article 28 looks at the contractual relationship between cloud users and cloud providers, detailing the specifics that contracts should contain when processing personal data.
The privacy and security control from the EU Cloud CoC range from contractual commitments in our data protection agreements (technical measures such as high-encryption standards), to organizational measures that outline how contractual commitments get implemented through concrete enterprise-wide operating models.
Trust isn’t just about one thing, like encryption, certification, data localization or supply chain oversight. It’s about the combination of a multitude of factors. In September this year, we released our New Trust Standard, an objective benchmark for assessing trustworthiness in the digital world.
We have gathered input from thousands of customers around the world to develop this framework for expectations and accountability—where businesses and their customers can agree to new rules for trusted digital relationships.
Zero Trust architectures, verified supply chains, transparent data governance, thorough privacy programs, greater transparency, and certification and compliance are all necessary milestones on the journey to securing explicit trust.