Tuesday, 11 February 2020

What’s New in Security and Compliance for Webex

Three New Security Features in Control Hub


Security and compliance are top of mind for large customers when deploying collaboration solutions. In today’s modern and digital workplaces, collaboration spans organizational and functional boundaries and employees inevitably share sensitive data and intellectual property. Hence, building and maintaining trust with IT administrators and security professionals to keep user data safe within their organization or even when collaborating externally is a key focus area for Cisco Webex.

While Cisco Webex offers frictionless end-user experiences through modern collaboration, our 360 approach to security provides unmatched control, privacy, and compliance to meet the requirements of IT and security teams.

At Cisco Webex, we continuously listen to our customers’ critical security and compliance concerns and work hard to rapidly deliver new security controls to provide peace of mind to them. In September 2019, we announced a new Collaboration Flex plan add-on offer – the Cisco Webex Control Hub Extended Security Pack (ESP) – a Cisco-on-Cisco best of breed and easy-to-deploy package that strengthens data security and compliance and ensures seamless collaboration for businesses.

Now, we are introducing three new security features that can be configured and customized by administrators via Control Hub to meet your organization’s specific requirements.

1. Anti-Malware Protection: Protect users from Trojans, viruses, and ransomware – even when files are shared by external users by directly enabling Anti-Malware Scan from Control Hub. An Extended Security Pack subscription is required.

2. Block External Communication: Empower administrators to whitelist approved domains via Control Hub to allow communication with users from authorized domains or organizations.

3. Bot Management: Empowers administrators to control and contain the proliferation of bots within an organization with global access policies and local whitelist overwrites directly from Control Hub.

Anti-Malware Protection


The Extended Security Pack already includes the full set of functionalities from Cisco Cloudlock® for data loss prevention (DLP) by providing full visibility and control over sensitive data stored in Webex Teams.

We are thrilled to announce the general availability of Anti-Malware Protection capability in Webex Teams, included in the Extended Security Pack. The native, high-performance anti-malware engine, powered by Cisco Talos ClamAV in Webex Cloud, scans and remediates all files in spaces, even if they are uploaded by external users. End users will not be able to download infected files on both corporate-managed and personally-managed devices, as shown in figure 1. In addition, administrators have the option to enable or disable anti-malware scanning and access scan history report in the Control Hub, as shown in figure 2.

Cisco Collaboration, Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Certifications, Cisco Security
Figure 1. Blocking an infected file

Cisco Collaboration, Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Certifications, Cisco Security
Figure 2. Administrator control for Anti-Malware Scan

Block External Communication


In today’s workplace, collaboration transcends organizational boundaries. For instance, your organization has embarked on a new initiative such as a joint product offer with a partner. Such an effort typically involves multiple personnel, discussions, and approvals. With a closed platform, your options are limited when it comes to managing communications with a network of partners with whom information exchange is extremely asymmetric. Sending out long emails or waiting for weekly recurring calls to clarify key items can be expensive and frustrating. Not anymore, thanks to Webex Teams!

We understand your needs when it comes to external collaboration and has been working hard to enhance the Block External Communication feature. You can extend your communication footprint with users outside your organization without compromising security and compliance. Unlike other communication platforms and tools that introduce administrative overhead and end-user friction, we deliver on the vision that external collaboration should be an intuitive and seamless experience.

What Does This Mean For IT Administrators


With this new enhancement to Block External Communication, administrators can now create a Whitelist of approved domains via Control Hub (See Figure 1, preventing unauthorized communication with users from other domains/organizations. Block External Communication works by restricting Webex Teams space membership to users who belong to domains that are part of the administrator-approved Whitelist only. The policy is enforced in a forward-looking manner after it is enabled in your organization’s Control Hub setting. Retrospective scanning of existing spaces for membership violations is not performed. Administrators can be assured that users from their organization are collaborating only with external users who belong to trusted domains.

Customers in regulated verticals such as finance and healthcare trust Webex Teams to protect their valuable data and provide a secure platform. This is yet another step in the direction of our promise to deliver the most open yet secure platform. The new Block External Communication feature is currently in early field trials. Stay tuned for more updates as we target General Availability of this feature.

Cisco Collaboration, Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Certifications, Cisco Security
Figure 1: Control Hub configuration for creation of a domain Whitelist

Bot Management


Webex Teams is an open platform. A platform that your and external developers can customize and integrate into your business processes with the goal of enhanced interoperability with external data systems and enhanced productivity to your users. In fact, Webex Teams sports a slew of bots and applications developed by freelance developers – to market-leading ISV’s – curated and hosted on apphub.webex.com. You can find commercial integrations like a Salesforce bot, to crowd-pleasers like the Noora spa finder bot. And if you have a new solution in mind you can execute your creative juices by heading over to developer.webex.com and use the published well documented and fresh REST API’s as your entry point to your developer fame. Remember every Webex Teams login is also the entry key to the developer program – automatically.

Managing Bots From an IT Perspective

On to managing these bots from an IT perspective: We saw and heard the need to control the proliferation of these apps (bots and integrations), while we wanted to maintain the spirit of the open platform. The result is our new Bot Management capability. Similar to integrations management, Control Hub admins will find a new tab in the admin console which allows them to limit access to bots by their users. Customers without access to Pro Pack can still globally blacklist all bots, which will prevent the addition of bots to spaces going forward (See Figure 1). Pro Pack subscribers, in addition, can whitelist individual bots that your IT and Infosec departments deem safe and useful (See Figure 2). Bots in the allowed list can be added by anyone from your organization to space or invoked in direct conversations. Disallowed bots will result in an error message when trying to talk to them or adding them to a group space. This new feature is not retroactive and only works at the membership level, i.e., bots that were previously added to spaces will continue to work. The new bot management is currently in early field trials and expected to be generally available soon.

Cisco Collaboration, Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Certifications, Cisco Security
Figure 1. Globally Bot Management

Cisco Collaboration, Cisco Prep, Cisco Tutorial and Material, Cisco Guides, Cisco Certifications, Cisco Security
Figure 2: Individually whitelisted bots

This feature is currently in early field trials. Stay tuned for more updates as we target General Availability of this feature.

Related Posts

0 comments:

Post a comment