Webex Security: Mitigate Risk & Maintain Compliance
by Aware
First Published Jul. 2023. Updated Jun. 2024.
Efficient communication and collaboration are vital aspects of running a successful business. Cisco Webex offers a range of features to facilitate virtual meetings, webinars, and collaborations. However, it is important to evaluate whether Cisco Webex is a secure option for businesses. In this blog post, we will explore the features and benefits of Cisco Webex, along with potential security concerns and measures to safeguard sensitive data.
Contents
- What is Webex by Cisco?
- How do businesses use Cisco Webex?
- Is Webex secure?
- What are Webex’s security features?
- 5 benefits of using Webex
- 5 security concerns of using Cisco Webex
- How does Webex secure sensitive data?
- How does Webex protect user privacy?
- Best practices to safeguard Webex data
- How does Aware support privacy and security in Cisco Webex?
What is Webex by Cisco?
The world of work is no longer confined to a 9-5 office. Hybrid, remote, and distributed groups can work around the clock from anywhere in the world. This new style of working needs new tools to facilitate asynchronous communication across teams. Cisco Webex is a leading suite of such tools, designed to enable remote work and enhance productivity.
Using features such as video conferencing, instant messaging, and virtual whiteboarding, Webex connects users around the globe, making it an ideal choice for many business applications.
How do businesses use Cisco Webex?
Cisco Webex helps businesses streamline their operations and improve team collaboration. Webex enables companies to host virtual meetings, webinars, training sessions and more with employees, clients, and partners all over the world. This enhances knowledge sharing and professional development in a fraction of the time and cost of international travel. Furthermore, businesses can leverage the team messaging and file-sharing features to facilitate faster, more efficient collaboration across departments and projects.
Is Webex Secure?
Webex has implemented robust security measures to protect user data for secure business collaboration.
Cisco Webex is certified for ISO 9001, ISO 27001, ISO 27018, SOC 2 Type II, SOC 3, FedRAMP, and GDPR compliance. Companies seeking eDiscovery, data loss prevention, and data retention capabilities may find Webex a viable solution.
Webex follows the Cisco Secure Development Lifecycle, where security features are built in from the design stage through the deployment of the product. With dedicated Cisco security teams like Talos and PSIRT, they can also help clients with threat intelligence and incident response.
Cisco also performs regular cybersecurity assessments, patching, and monitoring on the Webex infrastructure to protect user data and privacy.
What are Webex’s security features?
Security features designed to protect user data and identities and secure collaboration for business are a big part of Webex’s platform. They fall under distinct categories to protect identities, devices, data, and information.
Identity and Device Management
- Single sign-on (SSO) and multi-factor authentication (MFA).
- Role-based access controls (RBAC) for granular permissions management.
- Active Directory synchronization for automated user provisioning and lifecycle management.
Mobile Device Management
- Remote device wipe, PIN lock, and file share controls for mobile devices.
- Enforcing security policies like restriction copy/paste, screen capture on mobile apps, etc.
Protecting Data
- End-to-end encryption (AES 256-bit) for media streams, files, messages, recordings, transcriptions, and whiteboards.
- Zero-Trust end-to-end encryption for meetings using Messaging Layer Security (MLS).
- On-premises hybrid data security and bring-your-own-key encryption options.
Information Governance
- Certified for ISO, SOC, FedRAMP, GDPR, HIPAA, and other compliance standards.
- Data loss prevention (DLP) capabilities and integration with third-party DLP solutions.
- Flexible data retention policies, eDiscovery features, and audit logging.
- Secure development lifecycle with regular security assessments and monitoring
Find out what risks lurk in your collaboration data with a free, customized report on the risk exposure you face
5 benefits of using Webex:
- Increased productivity: Cisco Webex eliminates barriers, enabling teams to collaborate effectively regardless of their location. This boosts productivity by facilitating faster decision-making, reducing delays in communication, and enabling real-time collaboration on projects.
- Cost-effectiveness: With Webex, businesses can significantly reduce travel expenses associated with in-person meetings. It eliminates the need for flights, accommodation, and other related costs, making it an affordable solution for organizations with global or remote teams.
- Enhanced flexibility: Webex offers flexible scheduling and meeting options, allowing participants to join meetings from their preferred devices, such as laptops, smartphones, or tablets. This flexibility enables employees to work from anywhere, promoting a healthy work-life balance and accommodating diverse work arrangements.
- Improved collaboration: The range of features provided by Webex, such as screen sharing, file sharing, and interactive whiteboarding, fosters collaboration and creativity among team members. It promotes brainstorming, idea sharing, and problem-solving in a virtual environment.
- Scalability: Cisco Webex is designed to support organizations of all sizes, from small businesses to large enterprises. It offers scalable solutions that can accommodate the needs of growing businesses, ensuring that the platform can adapt as the organization expands.
5 security concerns of using Cisco Webex:
- Data breaches: Data breaches are a major concern for businesses using any cloud-based collaboration platform. Webex has competitive security measures in place, to secure data and ensure user privacy, but no platform is 100% secure.
- Phishing attacks: Cybercriminals send phishing emails or messages disguised as legitimate communications to trick end users into giving up credentials. This could lead to compromised login credentials or malware installation.
- Privacy concerns: Organizations must consider the privacy implications of using a third-party platform like Webex. It is important to understand how user data is collected, stored, and utilized by Cisco Systems.
- Endpoint security: As the Webex app supports various devices and platforms, ensuring endpoint security becomes crucial. Organizations should implement appropriate security measures on each device accessing the platform to minimize the risk of unauthorized access or data leakage.
- Compliance requirements: Depending on the industry and location, businesses may have specific compliance requirements related to data privacy and security. It is essential to assess whether Cisco Webex meets these compliance standards.
How does Webex secure sensitive data?
Cisco takes its external users’ data security seriously and implements many security controls as standard.
- Webex Meetings uses end-to-end encryption as standard, paired with Zero Trust permissions to limit exposure during data transmissions.
- For Webex cloud storage, there's on-prem hybrid data security (HDS) or bring-your-own-key (BYOK) encryption and key management. Cisco is also compliant with major privacy and security regulations, including GDPR and CCPA.
Due to compliance certifications, password protecting capabilities, meeting access restrictions, and encryption capabilities, Webex is generally considered a more secure environment than Zoom and Microsoft Teams, especially for industries like healthcare that have more stringent compliance standards.
How does Webex protect user privacy?
Cisco Webex is committed to user privacy and compliance with data protection regulations. Cisco deploys privacy features such as end-to-end encryption, data retention policies, and user consent mechanisms. Additionally, Cisco provides transparency about their data collection practices and offers options for users to control their data and privacy settings.
Best practices to safeguard data in Cisco Webex
Businesses can’t solely rely on Cisco's highest levels of security measures. They also bear responsibility for securing their data in Webex. Administrators should configure and enforce policies that regulate how employees share sensitive information in workstream collaboration tools.
Enabling 2FA and MFA
To limit the risk of threat actors gaining access to their Webex application, companies should enable 2-factor authentication (2FA) and multi-factor authentication (MFA). These login methods reduce the likelihood of a third-party being able to log in to the Webex service.
Employee Training Protocols
Employees should also be trained to recognize phishing, smishing, and social engineering attacks, and know what to do if they receive a suspicious message.
Adding Moderators
Moderators control Webex spaces, add members, oversee content, and manage files and messages. They’re invaluable in spaces where sensitive information is present, and they’re often the first to notice if something is amiss.
Validate Participants' Identities
The roll call feature is designed just for this purpose, to confirm meeting participants’ identities before beginning any sensitive discussions. In this way, you can be sure no one is present who shouldn’t be.
Enable Meeting Lock
When all it takes to join a meeting is having a link, meeting lock can be an invaluable security measure to keep out unauthorized persons. When paired with roll call, this feature adds a layer of protection to meetings even from those who have the link but shouldn’t.
Using Scheduled Meetings
When security is important, use scheduled Webex meetings because they are password-protected and have comprehensive security features. You can enable meeting passwords, disallow joining before the host has arrived, and control the mute function on participants’ microphones.
Control Access with Meeting Lobbies
The lobby feature allows participants to gather and be admitted to the meeting at the host’s discretion after their identity has been verified.
How does Aware support privacy and security in Cisco Webex?
Aware uses industry-leading, proprietary natural language processing (NLP) to analyze Webex messages in real time to flag noncompliant information sharing and automatically notify stakeholders and administrators.
From a single, centralized AI platform, Aware provides:
- All-in-one governance, eDiscovery, DLP, and workplace intelligence.
- Protects sensitive business information around the clock using both regular expression (regex) and keyword monitoring to identify insider risks as they happen, and with fewer false positives.
- Optical character recognition (OCR) technology supports security in Webex by detecting screenshots and NSFW images.
- Cutting-edge password and code identification modules surface content that poses the highest risk to your organization.
Request a demo to learn more about the Aware Webex integration and how to get compliance, security, and next-generation business insights for your collaboration data at scale.