Cisco is launching a new set of what is described as ‘sovereign controls’ for its Webex customers in the EU. This will see encryption keys for messaging and calling being hosted in the EU by Cisco partners such as Deutsche Telekom and Eviden.
The networking giant says this move builds on its existing EU data residency programme and will make it easier for European customers to comply with data residency and GDPR legislation. All of the keys and data will be held separately from Cisco infrastructure.
Webex is Cisco’s workplace communications platform with video meetings, calling, messaging and events. It offers encryption keys and secure infrastructure that currently goes via Cisco’s wider infrastructure in the US and elsewhere. Under the new plan that information will be held and managed in data centres controlled by either Deutsche Telekom or Eviden.
The communications tool already offers end-to-end encryption as well as zero-trust encryption for meetings. This level of security also protects user-generated content produced within Webex. This secure layer stops malicious groups from being able to access data created within Webex and safeguards it while in transit from one user to another.
“This new feature demonstrates Webex’s commitment to deliver cloud solutions that meet evolving European privacy and security requirements”, said Javed Khan, senior vice president, and general manager of Cisco Collaboration. “It paves the way for future sovereignty solutions for Government, highly-regulated industries, and the upcoming EUCS certification scheme.”
The benefits of Cisco’s sovereign controls for tech teams
Offering EU-hosted keys will allow organisations to utilise the latest cloud and collaboration technologies while maintaining sovereign data security, Cisco explained. Customers will be able to choose a European cloud provider they already work with without having to host their own encryption keys. This will ensure they maintain control of their data privacy.
Data sovereignty has become a hot topic for tech leaders, with the legality of data transfers between Europe (including the UK, which is currently still under GDPR) and the US in doubt after a string of data-sharing agreements between the two continents were struck down in the courts. A new data privacy framework has been agreed upon between the EU and US, but has yet to come into force and has not had its legality tested. As a result, US-based vendors like Cisco have been rushing to prove to customers that using their services will not leave clients vulnerable to GDPR breaches.
Cisco already provides EU data residency for existing customers using Webex. It allows end users to comply with data regionalisation requirements. This includes the EU Cloud Code of Conduct (EU Cloud CoC), a transnational framework for cloud service providers to demonstrate compliance with the EU GDPR. The new change adds that level of regionalisation to the encryption keys shared between connections to enable security.
“We are proud to enable Webex customers to raise the level of control on their sensitive data,” said Zeina Zakhour, vice-president and CTO for digital security at Eviden, a new company which spun out of French ITSP Atos. “Developed, manufactured, and operated in Europe, our hardware security module is securely hosted in a data centre outside the cloud.”