News & Events

Cisco Webex Security and Encryption Explained

  • 1 December, 2020

Article, Cisco, Security, Unified Collaboration

Cisco Webex is the one-stop secure cloud platform for team collaboration. Webex is widely known to deliver the best quality video conferencing, calling, team collaboration and management/analytics tools. One big factor to take into account when deciding on the correct solution for your organisation is Cisco Security.

Webex platforms support end‑to‑end encryption keeping your messages, documents, and whiteboard content encrypted for all devices end to end but do you know how this process actually works? That’s the topic we’re going to delve into in this article.

Webex Security and Encryption Explained.

Cisco Webex is ISO certified which allows Webex applications to integrate with existing Multilayer Security Models that’s used on all Cisco’s core infrastructures and Security frameworks. We are going to discuss the top layer Application layer security which focuses on Cryptography, Administration Control and End user control.

Webex supports a Secure Cryptography methodology called “Protecting data at rest” which is where Cisco stores meetings and user critical data for your business using the following safeguards:

  • Stores all user passwords using SHA-2 (one-way hashing algorithm)
  • Encrypts all ad-hoc passwords used for meetings or recordings
  • Encrypts stored Network Based Recordings.

Essentially, this means Webex security encrypts both at the file level and at the logical volume level. The file key is a 256-bit block AES GCM key. This file key is then encrypted with a master key based on AES HmacSHA256 that is rotated based on policy and saved to a DB. This same process is also used during the viewing, playback or downloading of Webex data, where the encrypted media is then decrypted before, during and after the session.

cisco webex security

Understand Cisco employees, external users or colleagues do not have access to any customer data unless access is granted by the customer for support reasons. Access to systems in this case is allowed by the manager only in accordance with the “segregation of duties” principle. It is granted only on a need-to-know basis and with only the level of access required to do the job.

Cisco Employee access to these systems is also regularly reviewed for compliance where employees have to take annual International Organization for Standardization (ISO) 27001 Information Security Awareness training. In addition to these specialized controls, every Cisco employee undergoes a background check, signs a Nondisclosure Agreement (NDA), and completes Code of Business Ethics (COBE) training.

Webex is approved by all the major Industry wide Security standards and certifications below in addition to complying with its stringent internal standards discussed above.

webex security c5
cisco security encryption privacy shield
cisco encryption fedramp
Webex security iso
webex encryption aicpa soc 2

Webex Security with DLP (Data Loss and Prevention Applications)

Webex also integrates with Data Loss Prevention applications to keep company sensitive information safe. This is typically a concern for Compliance managers that need to adhere to existing Data Loss Prevention (DLP) policies, keeping employees safe as they share content with people outside their company. If you would like to understand the technologies and methodology Cisco uses to manage DLP in more detail, click here.

Final note...

For companies to be collaborative and get more done Webex solutions is the way to go, a proven industry leader in cloud communication and video conferencing. Cisco Webex security is extremely robust and the platform offers a scalable architecture, consistent availability, and multilayer security approach that is validated and continuously monitored to comply with stringent internal and third-party industry standards.

To ask us a question or get a free Webex Trial, please reach out via the button below.

New call-to-action