Cisco Webex: Protecting Your Data
Trust is the bottom line when moving to the cloud. And this trust is earned, not given. Your cloud technology provider earns this trust by ensuring that the security and data privacy of its solution follows best practices.
At Cisco we know this is especially true for Canadian healthcare providers and educators, which is why we take the following steps to protect your privacy on our Webex platform:
- Webex Meetings and Webex Teams follow data security and data privacy industry standards and are ISO 27001, 27017, 27018 and SOC2 certified.
- We perform a privacy impact assessment designed to ensure appropriate privacy features and security controls are built into Webex so you may use it in compliance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and other provincial privacy laws.
- More information on Cisco Webex’s privacy practices can be found in our Cisco Webex Trusted Platform.
Webex Meetings and Webex Teams are industry certified, secure, transparently managed and privacy-driven cloud based collaboration solutions. Built from the ground up with data security and data privacy in mind, our cloud collaboration architecture is a secure way to connect users in your organization.
Data privacy refers to regulating and securing data that can lead to user identification, also known as personally identifiable information (PII). The European Union was the first to develop regulations on how cloud service providers could collect, use, and disseminate PII, as well how to protect and who can access this data through the General Data Protection Regulation (GDPR).
In Canada, PIPEDA governs how private sector organizations collect, use, and disclose personal information. The security and privacy built into Cisco’s cloud collaboration solutions enable them to be used in compliance with GDPR and PIPEDA, which means your personal information is safe.
Why is data privacy important?
Canada has had stringent anti-spam legislation since the introduction in 2014 of the Canadian Anti-Spam Law (CASL) with which Cisco complies. However, this legislation doesn’t preclude ill-intentioned people from accessing your personal data in unauthorized ways, and this can lead to identity theft resulting in a devastating toll on your employees, customers, or company.
Keeping data safe and the problem with shadow IT
The role of enterprises is to protect their users and the organization from personal data misuse or identity theft. This can be accomplished by moving the workforce towards a secure cloud collaboration solution that has the proper safeguards and policies in place.
Any other option will lead to users bringing their own application to work. This is known as shadow IT, where free consumer-grade applications are used for corporate business. The danger here is that consumer-grade applications often have privacy terms which allow the use and distribution of personal data in unintended or unknown ways.
Once a trusted application has been deployed, data must flow and be stored in a secure manner. We encrypt meeting media traffic and recordings in transit and at rest by applying modern public key cryptography processing, ensuring data integrity and confidentiality at every step.
For those who require a higher level of security, Webex Meetings offers an option to configure end-to-end encryption into your solution. With this option, media stream traffic cannot be decrypted by the Cisco Webex Meetings server. What does that mean? Webex Meetings offers a secure communication channel for multi-participant meetings.
In summary, don’t let your users put your enterprise data at risk by letting them choose any collaboration application. Be mindful of your security requirements when choosing your enterprise collaboration platform.
Cisco Webex delivers a trusted, secure, and private solution for all your collaboration needs.
Cisco Webex is a solution you can trust. To learn more, visit the Cisco Trust Center and read our Webex Security White Paper.Tags:
Does Cisco offer its Canadian customers Canadian data sovereignty?