During this unprecedented time, remote working collaboration tools (including video conferencing) have become a lifeline for businesses and their people to stay connected and productive. In the blink of an eye, a “new normal” has been established for legions of workers who were once accustomed to meeting in conference rooms.
As remote working becomes increasingly mainstream – across federal governments, universities to grades schools, life-saving healthcare operations, and the businesses big and small – leaders are taking a closer look at the tools they are relying upon, and realizing security and privacy must be at the forefront.
As part of Cisco, one of the world’s leading enterprise security providers, Webex is trusted by 95% of the Fortune 500. Our guiding principle has always been Collaboration Without Compromise.
With this in mind, we are committed to helping customers address their remote workplace productivity, connectivity, privacy and security in three distinct ways:
Many app developers want to offer users the convenience and simplicity of single sign-on (SSO). When implemented correctly, SSO can also be secure. For example, multi-factor authentication protects identity provider credentials, without asking a user to create yet another password. Vendors with broad consumer adoption, including Facebook, Google, and Microsoft, all offer many ways to easily leverage their excellent SSO capabilities. For example, the Facebook Software Developer Kit (SDK) offers a simple way to integrate SSO in to sign up and login flows. Facebook also makes it clear what data this SDK collects – and offers the option to disable data collection if a developer chooses.
When our application designers were integrating SSO with services from Facebook, Google and Microsoft, we faced two choices. One choice was taking the fast and easy way by simply embedding these SDKs. In the best interest of our customers, we chose the other path by following the standard and secure method of OAuth (an open standard for access delegation). Cisco Webex does not trade off security or privacy measures for the sake of speed. This is a distinctly different approach that we are incredibly proud of and upon which we have built a trusted brand.
Software developers can make many choices when building solutions. An enterprise-class software development organization implements a secure software development lifecycle (SDLC) that ensures the right checks and balances to deliver secure, quality solutions. Quality is measured not just by whether a product works, but how it works. Cisco’s SDLC is focused on making sure we develop products with security built-in as a key foundational element. Importantly, it is against Cisco’s long-established security practices to make it an unsuspecting customers’ responsibility to opt-out of sharing data by default. Having spent nearly two decades in security, I have yet to meet a single customer that is OK trading off security or privacy that is hidden in the fine print – given the overall negative business implications of users unknowingly sharing information.
The other critical factor of product security is transparency. Whenever vulnerabilities do arise, it’s critical they are immediately remediated as well as proactively disclosed. Cisco’s practice of disclosing all security vulnerabilities – including those we find in our own penetration testing, is baked into our approach. This level of transparency is achieved by having an independent Security and Trust organization that exists separate from a product engineering organization. These checks and balances require corporate-wide investment and commitment to security. Cisco is committed to being transparent about security and privacy in our products and services.
Make no mistake: during this unprecedented time of need, the world needs as much help as possible – and there is a place for each and every vendor to serve the people and communities during this incredibly troubling time. The world needs all of us right now.
For more information about how Cisco is helping customers meet their business continuity requirements, including practical advice and guidance, visit this page.
When it comes to your critical data – whether running a business (large or small), hospital, university or a country—security and privacy must not be compromised.
For secure collaboration, you can continue to count on Cisco.