Overview

The overall goal of data residency (formerly called data locality) in Webex is to store user data in regional data centers corresponding with the customer's location. This offering is available for new customers and provides the following high-level functionality:

  • Our systems store your identities, such as email address and user ID, in your geographic region. Webex identity service processes client authentication requests locally in your region.

    Users can continue to meet with, message, and call users in other organizations across the globe without the need for separate accounts in foreign clusters. This means that Webex doesn't proliferate additional personal data elements

  • Encryption keys for your users are created and stored in your organization's geographic region, and the Key Management Service (KMS) in your region handles requests for the keys to encrypt and decrypt spaces, messages, and content in Webex App.
  • Encrypted user-generated content (meetings, messages, whiteboards, files and related metadata) is stored in the organization's geographic region.
  • We store data about your organization, such as verified domains, preferences, and security settings, in your geographic region.
  • Webex Partners in one region can create customer organizations in any region that we offer the services.
  • Webex Hybrid Services are supported in the region, including Hybrid Directory, Hybrid Calendar, Hybrid Calling, Video Mesh, Hybrid Data Security, and Hybrid Messages.

Webex offers data residency within the following regions

Webex services and user-generated content

USEUCanadaUKJapanAustralia
Meetings*
Common application data and identities
Messaging
Calling**
Encryption keys
Hybrid Services (data security, calling, calendar, directory, video mesh, and messages)
Webex Contact Center***

 

* For the list of Webex Meetings data centers for the rest of world, refer to Webex Meetings global data centers.

** For the list of Webex Calling data centers for the rest of world, refer to the Webex Calling privacy data sheet.

*** For the list of Webex Contact Center data for the rest of world, refer to Data Locality in Webex Contact Center

How we determine the data residency region

Messaging data residency

During provisioning, the administrator who sets up an organization sees a Country Selector drop-down menu in Control Hub. We determine the geographic region in which the organization's data resides based on the mapping of the selected country to its corresponding DC. When you create a trial and select a country that maps to the European region for example, the organization's user-generated content is stored in the region as well as the user identities and encryption keys.

To determine which region a country maps to, you can download the following Microsoft Excel file and select the country name from the drop-down menu: https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cloudCollaboration/wbxt/datalocality/CountryCodeGEOmapping.xlsx (The file begins to download immediately when you access the link.)

To enhance Webex Messaging data residency, we added a European geography (GEO) with data centers in Frankfurt and Amsterdam. The existing data centers in the United States of America continue to serve North America and the "Rest of World" (RoW).

Data residency regional locations.

Meetings Data residency

Meetings data is stored in a data center based on the time zone that you select for a Webex Meetings site during provisioning. For example, if you select a time zone from one of the European Union cities, then the Meetings data will reside in the data center in Frankfurt. Meetings data for other time zones outside of the European Union will reside in whichever data center is closest to the selected city.


 

At Cisco, we're committed to the protection and privacy of our customers’ data and personal information. The additional new data centers in Toronto, Canada, and Frankfurt, Germany, are part of this effort and complement existing data centers in the region, providing additional opportunities to host data in the EU and Canada. Since July 2021, new Webex customers from Europe can be provisioned to the data center in EU. Since July 2022, new Webex customers from Canada can be provisioned to the data center in Canada. We also have a migration plan in place to provide existing customers with more flexibility, and  to manage the data migration to your region.

Webex Calling residency

Calling data is stored in the data center closest to a customer’s principal place of business, as provided to Cisco by the Partner during the ordering process. Data residency is available in key markets in North America, Europe, and Asia and continue to expand to more regions. For the list of Webex Calling data centers, please refer to the Webex Calling Privacy Data Sheet.

Webex Contact Center residency

Webex Contact Center has achieved data residency in many countries we do business in North America, Europe and Asia and continues to expand. Based on the Country of Operation drop-down list that you selected on the Contact Center tab in the Setup wizard, the system creates the tenant in the closest data center based on the Country of Operation to Data Center mapping defined in Data Locality in Contact Center.

Data sharing, processing, and storage in Webex App and Messaging

The following tables describe how data is shared, processed, and stored in various scenarios. Because Webex App enables collaboration amongst users in multiple organizations, the rules for storage and processing depend in some cases on the type of collaboration, and whether you enable communication with other organizations.

In each table, the following designations are used for data residency:

Global—Data may be handled at a Cisco data center in any location.

Limited—Data resides in the organization's geographic region, but copies may be created or processed in other regions as needed.

Restricted—Data resides in the organization's geographic region.

In addition to data sharing, processing, and storage described below, refer to Webex App & Webex Messaging Privacy Data Sheet for more details on how Webex App and Webex Messaging process personal data.

Table 1. Control Hub administration activities
ScenarioData involvedShared withProcessingStorage
US, EU Rest of world US, EU Rest of world
Create a new customer organization. Data collected or generated to manage a customer account, including administrative email addresses, organization id, claimed domains associated billing information Cisco, partner

Restricted

Global

Restricted

Global

Use and manage a customer organization; add licensed services. Operational data such as organization settings, subscription history, product catalog, usage data, analytics, stored CSV files Cisco, partner, administrators

Restricted

Global

Restricted

Global

Create a new user. Universally unique identifier (UUID)

Restricted

Global

Restricted

Global

Table 2. Webex App user sign-in and app configuration
ScenarioData involvedShared withProcessingStorage
US, EU Rest of world US, EU Rest of world
Sign in to user account. OAuth token Identity service

Restricted

Limited

Restricted

Restricted

Password Identity service

Restricted

Restricted

Restricted

Restricted

Configure and use the Webex App. Data such as mobile device ID, device name, IP address; settings such as time zone and locale; personal directory data such as first name, last name, avatar, phone number Organization and partner administrators

Restricted

Global

Restricted

Limited

Personal directory data such as first name, last name, avatar, phone number Other users in the organization, or an external organization in the same region

Restricted

Global

Restricted

Limited

Users from an external organization in a different region*

Limited

Global

Restricted

Limited

* Use Control Hub to block communication with external organizations to prevent this scenario. This blocks communication with all external organizations.

Table 3. Webex App user content generation
ScenarioData involvedShared withProcessingStorage
US, EU Rest of world US, EU Rest of world
Send a message or file, create a space, flag messages. User-generated content Compliance officers

Restricted

Global

Restricted

Global

Other users in the organization, or an external organization in the same region

Restricted

Global

Restricted

Global

Users from an external organization in a different region*

Limited

Global

Limited

Global

Encryption keys Other users in the organization, or an external organization in the same region

Restricted

Limited

Restricted

Restricted

Users from an external organization in a different region*

Limited

Limited

Restricted

Restricted

Search indexes and derived metadata required to operate the service without "leaking" user-generated content or personally identifiable information outside of the region.

Restricted

Global

Restricted

Global

Share real-time media. Voice, video, content share Other users in the organization, or an external organization in the same region

Restricted

Global

Restricted

Limited

Users from an external organization in a different region

Limited

Global

Limited

Limited

Record a meeting. Meeting recordings stored in Webex Meetings

Restricted (meeting host’s DC region)

Restricted (meeting host’s DC region)

Restricted (meeting host’s DC region)

Restricted (meeting host’s DC region)

Create a whiteboard. Whiteboard content (whiteboards between organizations are co-owned) Other users in the organization, or an external organization in the same region

Restricted

Global

Restricted

Global

Users from an external organization in a different region*

Limited

Global

Limited

Global

* Use Control Hub to block communication with external organizations to prevent this scenario. This blocks communication with all external organizations.

Table 4. Service integrations
EntityData involvedShared withProcessingStorage
US, EU Rest of world US, EU Rest of world
Calendar environment integration Calendar meetings and events, some personally identifiable information Membership of all spaces (within the user’s organization)

Limited

Global

Limited

Global

Developer APIs API services for developers – transparent look-up and re-direct to the appropriate region’s services.

Global look-up

In-region processing

Limited

Global

Limited

Global

Space ownership and content storage region

We store content in the region of the organization that owns the space where the content appears. Ownership depends on the type of space:

  • Group space—The owner is the organization of the person who created the space. We store content in the region of the owner organization.

  • Space within a team—The organization of the person who created the team owns spaces created within the team. Spaces created outside of the team and then moved into the team retain their original ownership. We store content in the region of the space owner's organization.

  • Conversation between two people (nongroup space)—If the people are in different organizations, each organization owns the content that its user posts. If the conversation includes a user from the North America/RoW GEO, we store the conversation content in the North America/RoW GEO.

  • Space created by a bot—We assign ownership to the organization of the first non-bot participant and store the content in the region of the owner's organization.

Frequently asked questions for data residency

Where can I find out where my data is located?

Cisco is transparent about the data residency of all the Webex services. Customer or partner administrators can verify the location of their Webex Services for Meetings, Messaging, and common application data by going to Account > Info > Data Locations in Control Hub.

Data locations in Control Hub

For Webex Contact Center service, you can confirm data residency by going to Contact Center > Settings > Service Details > Country of Operation in Control Hub.

Data residency for Contact Center in Control Hub

For legacy customers who are eligible for migrating their data to the new data centers in their regions, refer to Data center migration plans for your organization’s data in Control Hub.

Why am I seeing a Country Selector during the organization provisioning process?

Cisco Webex is excited to provide customers the ability to localize certain Webex App data within “geo-based” data centers. During provisioning, the Country Selector determines which region will store a new customer organization's data. This includes organization identity, users' personal identities, encryption keys, and user-generated content (encrypted messages, boards, files, and related metadata).

Based on the Webex messages data center mapping pre-defined for each country, EU, Middle East, and Africa customers will be provisioned to EU data centers; US, Canada, APAC, and South America customers will be provisioned to US data centers.

Note that Webex Meetings sites are local to many global regions. For more details, refer to Webex Meetings Global Data Centers. Customers from Canada can have their common application data and user profiles stored in Canadian data centers.

Which GEO locations are currently supported for Webex Messaging?

We introduced the following locations, with the intention of expanding to more locations later:

  1. Europe—Hosted in the data centers in Frankfurt and Amsterdam. This region is mapped to countries in Continental Europe, the Middle East, and Africa.

  2. North America and Rest of the World (RoW)—Hosted in data centers in the United States.

What is the recommendation when selecting a country for the GEO location?

A customer’s organization data is created and maintained in the GEO location where the Webex App service is provisioned. During provisioning, the administrator will see a new option for selecting a country from a drop-down menu. This action permanently sets the GEO location for the organization’s users and encryption keys.

When selecting the country for an organization, consider the following recommendations:

  • If the organization's users are primarily based in one country, select that country, even if it doesn't match the business address of the organization. This will improve the user experience and minimize latency by utilizing storage in the data centers closest to the users.

  • If the users are spread across multiple countries, select the country that has the highest user count. Keep in mind that all of the organization's users will have their data stored in the associated GEO location, even those who are not located in that country or GEO.

  • Ideally, the ship-to country and country of data residency are the same.


 

We do not currently support migrating between GEO locations. When you create an organization in a GEO, it stays in that GEO.

To check the GEO location that a particular country maps to, download the CountryCodeGEOMapping.xlsx file, open the file in Microsoft Excel, and select the country from the drop-down menu.

Can my organization's users continue to collaborate with users in other regions?

Yes. Data residency strengthens the security and compliance features of Webex App without compromising the simplicity of the user experience. All users on our platform can communicate globally while retaining a single user identity.

How does data residency impact compliance and visibility across GEOs?

Compliance officers continue to have 100% visibility on user content regardless of where the data is stored (based on the Webex App ownership model). This means that compliance capabilities like eDiscovery and cloud access security broker (CASB) integrations will continue to allow you to monitor and take action on data loss prevention events, even if your users collaborate with those from other regions. The administrator controls that are already available allow you to disable external communication as needed.