Secure by default

Collaboration tools such as Cisco Webex are increasingly in the spotlight for digital security andprivacy reasons. With the increasing digitization of the workplace and the challenges it brings, itis critical to address the security and efficiency of these tools.

Secure Webex Meetings

The Webex Meetings platform was designed and is maintained at the highest level ofsecurity. By default, all Webex meetings are encrypted, meaning that all communicationbetween Webex applications registered in the cloud, Webex devices, and Webex servicesis encrypted. Webex uses the TLS protocol, version 1.2 or later, with security-enhancedcipher suites for signaling. Once a session is established over TLS, all media streams -whether audio (VoIP), video, screen sharing, or document sharing – are securely encrypted.

For SIP and H323-based endpoints participating in a Webex meeting, Cisco stronglyrecommends encrypting all media and signaling streams at the edge of the enterprisenetwork using Expressway/SBC to avoid unencrypted traffic on the Internet.For standard conferences (as per the default Webex template) where devices and servicesuse Secure Real-Time Transport Protocol (SRTP) to encrypt media on a hop-by-hop basis,Webex media servers require access to the media encryption keys to decrypt the media foreach SRTP call leg (this applies to any conferencing provider that supports SIP, H323,PSTN, recording, and other services using SRTP).

For companies seeking an even higher level of security, Webex also offers the option ofend-to-end encryption for meetings. In this configuration, the Webex cloud does not haveaccess to the meeting participants’ encryption keys and cannot decrypt their mediastreams. End-to-end encryption, based on Webex Zero Trust Security, uses standardprotocols to generate a shared encryption key for the meeting using Messaging LayerSecurity (MLS). This key is used to encrypt meeting content using Secure Frame (S-Frame).With MLS, the meeting encryption key is generated by each participant’s Webexapplication or Webex device and combines each participant’s public key with their privatekey, which is never shared. The meeting encryption key is never transmitted over the cloudand changes as attendees join and leave the meeting. For more details on Zero TrustSecurity-based end-to-end encryption, read the White Paper “Zero Trust Security forWebex”

Collaboration Trainings with NTS

NTS offers collaboration training. Special attention is given to the proper handling of Webexmeetings, including the correct management of participants, the use of security featuressuch as encryption, and how to overcome challenges in confidential meetings. Through this customized training and extensive resources, NTS ensures that organizations canmake the most of Webex to keep their communications processes secure and efficient.

“As Cisco has always emphasized its commitment to security and privacy, I am pleased toensure that these aspects play a central role in the development of not only Webex, but allCisco products and are considered fundamental principles,” said Christoph Grassmugg,Technology Manager for the Collaboration Division at NTS.

Webex security summary:

• By default, participation in Webex meetings through the Webex application, Webexdevices, and web browsers is secured with the latest encryption technology. Thisincludes support for unencrypted PSTN dial-ins to Webex meetings.
• Webex sets a new standard for meeting cryptography with its Zero Trust securitystrategy. This strategy not only includes robust end-to-end encryption but also addsa verified identity check at the end of each participant to ensure comprehensiveprotection against a wide range of attacks. End-to-end encryption (E2E), whichWebex has supported for over 12 years (since 2008), is available to all Webextenants and can be enabled for all users or configured on a per-user basis to meetspecific security needs. It is important to note, however, that enabling Zero Trustmeetings comes with several limitations:
  • No PSTN dial-in option
  • No connection to third-party endpoints
  • No support for dial-in from web browsers
  • Etc.