Webex: Setting the Standard for Security and Compliance with New Tools to Keep Your Meetings and Content Safe and Secure
Security and Compliance with New Tools
There’s no question that COVID-19 accelerated the digital transformation timeline — shrinking the adoption of technologies from years to weeks or months. According to a recent survey conducted by McKinsey, the time required to deploy remote working and collaboration technology accelerated by a factor of 43, taking 10.5 days versus the expected 454. Plus, 93% of organizations experienced rapid remote work and collaboration adoption, and 54% “believe that change will stick.”(1) We have quickly passed the tipping point and, collectively, are looking at managing a hybrid work model well into the future.
This new world has heightened the need for a mindset that holds security as a foundational thread throughout the collaboration ecosystem. In my previous role in Cisco IT, I managed the team responsible for collaboration infrastructure across the company’s 140,000-plus employees and partners. That experience continually raised my awareness of how critical security, data privacy, and compliance really are. As leaders in managing this broad landscape, having reactive AND proactive solutions is crucial to succeeding in keeping our data secure and our collaboration private, and ensuring we’re supporting users in how they work.
Today, my team and I in Webex Platform & Infrastructure Engineering drive the foundational layers that support the amazing innovation of devices and applications at Webex. Our mantra is to make security ubiquitous across the entire portfolio while also providing tools for users and administrators to manage security needs proactively. We’ve made it a practice to arm organizations with mechanisms that prevent problems before they can happen wherever possible. The Security, Privacy, Management, and Insights of the all-new Webex will help you manage this complexity and keep your company safe from unnecessary risks.
There are multiple ways Webex is working to keep your data secure, ensure privacy, and helping you to meet your compliance challenges.
As confidential meetings over Webex increase, we’re augmenting our End-to-End Encryption built on a standards-based cryptography model where data in transit, in use, and at rest is encrypted. This “zero-trust” security model means that customers will continue to have control of encryption keys — so that even Cisco won’t be able to access their data. Webex room systems will be end-to-end encrypted, and we’re paving the way for third-party devices’ end-to-end encryption, all based on a single industry-standard cryptographic protocol. And transcriptions and recordings will eventually be encrypted. Cisco is leading this effort together with Google, Cloudflare, Facebook, Wickr, and Wire. Plus, users will know when meetings are end-to-end encrypted with a visible icon in the interface.
Webex is adding E2E Secure identity, which adds an authentication layer to block those who would try to impersonate meeting participants. This “spoof-proof” identity is similar to how e-commerce and secure content are served up via web browsers.
In Webex Teams, all content is already end-to-end encrypted by default, and our servers see only encrypted data. To read more about the Webex future of E2E encryption, you can read the white paper.
Protecting Our Organizations… From Ourselves
Security breaches are often the result of our actions as users. Not only does Webex keep your meetings confidential, but we’ve also put solutions in place to keep users out of trouble. Whether it be accidentally sharing files that shouldn’t be shared, messaging to people we shouldn’t, or saying things we shouldn’t in spaces where we shouldn’t. These are common mistakes that Webex can help you proactively resolve.
Ethical walls allow Webex administrators to prohibit Webex Teams interactions for up to five different groups. They’re based on the customer’s Active Directory framework and help prevent select, restricted groups from collaborating. With it, these restricted groups cannot invite each other to spaces or initiate conversations. However, they can continue to work with users in the rest of their organization.
How can this be used? Here’s an example. At a large bank, investment bankers and company research analysts shouldn’t communicate to avoid a conflict of interest. With Webex, the end user doesn’t have to worry about whom they should communicate with because Webex will automatically block them before it happens based on simple rules defined in the Webex Control Hub.
Real-Time Data Loss Prevention
With Real-time Data Loss Prevention (DLP), IT administrators can prevent sensitive data from being accessible by any user, internal or external. These capabilities are powered by Cisco Cloudlock (with the capabilities extended to our partner ecosystem): They flag content in a Data Loss Prevention (DLP) system, whether it’s spoken, shared, or shown.
This capability allows administrators to prevent sensitive data from being transmitted in spaces in real-time. For example, administrators can block certain groups from having access to files at all, like contractors. Or, maybe you don’t want to allow employees to share files outside the company. Or, limit sharing based on access, like narrowing sharing, so it’s possible only via a corporate VPN connection. With Webex, you have the power to set these guardrails for users before any issues crop up.
When activated, the system can analyze and react to breaches and violations. When invoked by a violation, the system creates an incident report viewable in Webex Control Hub and sends the offending speaker and compliance officer an email record. This helps users understand what they’ve done wrong to be better in the future and pose less of a risk to their company. Additionally, we are planning to have inline DLP capabilities that prevent sensitive data from being transmitted to users in spaces in real-time by any user (internal or external) in any space — regardless of who owns that space.
So, stay tuned — as you continue to trust Webex to share information that needs to be kept private, Webex will continue to evolve our security and compliance capabilities to keep your meetings and content safe and secure.
Jun 23, 2022 — Tracy Toth