Webex end-to-end encryption

Webex end-to-end encryption uses the Webex Key Management System (KMS) to create and manage encryption keys that are used to secure content shared in Webex Meetings and Messaging. Webex end-to-end encryption is used to encrypt user-generated content such as chat messages, files, calendar meeting information, whiteboards, and annotation

With Webex end-to-end encryption:

  • An additional layer of encryption is added to data in transit and at rest.
  • Webex App uses end-to-end encryption to encrypt content using the AES-256-GCM cipher before transmitting the content over TLS to the Webex cloud.
  • Webex end-to-end encrypted content is stored on content servers in the Webex cloud that use the AES-256-CTR to encrypt data at rest.

 
By default, our cloud-based KMS generates and distributes encryption keys. You also have an option with Webex Hybrid Data Security (HDS) to manage your own on-premises version of the key management system.

The added layer of security the Webex end-to-end encryption provides, protects both user data in transit from transport layer security (TLS) interception attacks and stored user data from potential bad actors in the Webex cloud.

The Webex cloud can access and use end-to-end encryption keys, but only to decrypt data as required for core services such as:

  • Indeksiranje sporočil za funkcije iskanja
  • Preprečevanje izgube podatkov
  • Prekodiranje datoteke
  • eDiscovery
  • Arhiviranje podatkov

Webex uses Transport Layer Security (TLS) v1.2 or v1.3 to encrypt data in transit between your device and our servers. The TLS cipher selection is based on the Webex server TLS preference.

Using either TLS 1.2 or 1.3, Webex prefers cipher suites using:

  • ECDHE za ključna pogajanja
  • Potrdila na osnovi RSA (3072-bitna velikost ključa)
  • Preverjanje pristnosti SHA2 (SHA384 ali SHA256)
  • Strong encryption ciphers using 128-bit or 256-bit (such as AES_256_GCM, AES_128_GCM, and CHACHA20_POLY1305)

As an example, these are the possible ciphers used depending on the Webex server TLS preference:

  • TLS v1.2—TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS v1.3—TLS_AES_256_GCM_SHA384

Cisco secures Webex App media streams (audio, video, and screen sharing) using the Secure Real-Time Transport Protocol (SRTP). Webex App uses the AEAD_AES_256_GCM cipher to encrypt media.

For in-depth information on Webex App security, see the Webex Application Security Technical Paper.

Security features in Webex App spaces

Dodate lahko dodatno varnost z uporabo moderatorjev za ekipe in prostore. Če je skupinsko delo občutljivo, lahko moderirate prostor. Moderatorji lahko nadzirajo, kdo ima dostop do prostora, ter izbrišejo datoteke in sporočila.

Poleg tega, če kateri koli prostor vključuje ljudi zunaj vašega podjetja, boste v teh prostorih videli poudarjena nekatera področja, na primer obrobo, ozadje, ikono v območju za sporočila in njihove e-poštne naslove.

external space participants

Zasebnost za datoteke in sporočila

Aplikacija Webex uporablja napredne kriptografske algoritme za zaščito vsebine, ki jo delite in pošiljate. Edini ljudje, ki si lahko ogledajo datoteke in sporočila v prostoru aplikacije Webex, so povabljeni v ta prostor ali pooblaščeni posamezniki.

Varnostni standardi gesel

Ekipe IT lahko dodajo funkcije, ki uporabljajo obstoječe varnostne politike, kot je enotna prijava (SSO) ali sinhronizacija aplikacije Webex z imeniki zaposlenih. Aplikacija Webex samodejno prepozna, kdaj nekdo zapusti podjetje, zato nekdanji zaposleni ne bodo mogli dostopati do podatkov podjetja z aplikacijo Webex.

Vaše podjetje lahko tudi konfigurira aplikacijo Webex tako, da zahteva gesla in avtentikacijo, ki ustrezajo varnostnim standardom vašega podjetja. Aplikacija Webex podpira ponudnike identitet, ki uporabljajo protokola Security Assertion Markup Language (SAML) 2.0 in Open Authorization (OAuth) 2.0.