Collabortion Vs Security

When COVID-19 emerged in March 2020, All of we know had changed for ever. Governments and private sector adound the world were forced to work from home nearly overnight. In addition to restricting travel and canceling large events, a growing number of companies are now rethinking their ways of working. While production workers as well as system-relevant workforce such as medical staff are still working on-site, a majority of the remaining workforce around the world has been force to work remotely.

It’s now clear that COVID-19 is going to be with us for some time – at the very least until there’s a working vaccine. And to it seems like after there is a working vaccine life will not return to the world as we knew it. Technologies that were enveloping for years such as Collaboration, Remote working and others are used only by Geeks are adopted by all sectors, i.e. remote sport training which was a taboo is a common tool today.

In the blink of an eye, collaboration was no longer a business convenience, but way to keep the business alive!

Thousands of small and medium businesses, as well as some of the largest companies in the world, are already benefiting of collaboration. Since the beginning of the pandemic they adopted all various tools of collaboration.

This situation has generated an explosion in the widespread use of video conferencing systems and chat applications such as Zoom, Cisco Webex, Google Meet, Microsoft Teams.

Cyber attackers are taking advantage of the opportunities associated with the fear surrounding the pandemic, widespread teleworking, difficulties in patching remotely connected endpoints, and the increased surface area of exposure resulting from allowing operations that are more fluid. In this context, poorly protected video conferencing sessions and applications are a major vector of attack.

COVID-19’s effect on work footprints has created an unprecedented security challenges. Many organzition are scrambling to enable collaboration apps for all but without security tools it could end with security breaches . For organizations leaning on these platforms, security should be top of mind.

As tens of millions of people turn to video conferencing to stay connected during the coronavirus pandemic, many have reported uninvited guests who make threats, interject racist, anti-gay or anti-Semitic messages, or show pornographic images. The attacks have drawn the attention of the FBI and other law enforcement agencies.

Cisco Webex  helps enable global employees and virtual teams to meet and collaborate in real time as though they were working in the same room. Businesses, institutions, and government agencies worldwide rely on Cisco Webex to simplify business processes and improve results for sales, marketing, training, project management, and support teams.

For all organizations and their users, security is a fundamental concern. Online collaboration must provide multiple levels of security; from scheduling meetings to authenticating participants to sharing content.

Cisco Webex Meetings provides a secure environment yet it can be configured as an open place to collaborate. Understanding the security features as site administrators and end users can allow you to tailor your Webex site to your business needs.

Cisco's Security and Trust organization monitors Webex security and privacy and publicly discloses security vulnerabilities.

There are three (3) Cisco Webex security principles: -

1. Webex is committed to respecting the privacy of your data.
2. Webex is secure by default.
3. Webex has cyber security governance and is transparent when there are security issues.

Cisco Webex provides a hardened collaboration platform that helps keep customers’ data secure. Cisco Webex does this by making privacy and security the top priority in the design, development, deployment, and maintenance of our networks, platforms, and applications. Cisco Webex employs multiple technologies, procedures, and teams to ensure the collaboration platform meets privacy and security requirements.

●      Cisco has a mature Secure Development Lifecycle, which is a repeatable and measurable process that includes: security requirements, threat modelling, secure design and coding, static analysis, vulnerability testing, privacy impact assessments, and third-party security assessments.

●      Cisco Webex has a security assessment program to assess and remediate vulnerabilities in the Cisco Webex environment on an ongoing basis.

●      Cisco Webex manages access to systems for administration and support based on “need to know,” separation of duties, role-based access, and multi-factor authentication.

●      Cisco Webex monitors networks and systems to detect outages, service latency, security incidents, and other unusual and unauthorized activities and events. Personnel are always on call to ensure that alarms are addressed.

●      The Cisco Product Security Incident Response Team responds to product security incidents. The Cisco Computer Security (and Data) Incident Response Team provides proactive threat analysis, incident detection, and internally coordinated security incident response.

●      Independent external and internal audits and risk assessments are performed on an ongoing basis. Cisco Webex is committed to resolving areas of improvement that may be identified.

●      Cisco’s commitment to customers is open and transparent. Cisco clearly communicates with customers about technical or other issues that could potentially expose their organizations to risk. Penetration results are available to customers under Non-Disclosure Agreements (NDA).

●      Cisco has a privacy program based on Privacy by Design in order to protect our customers’ Personally Identifiable Information (PII). The program includes a privacy impact assessment (PIA), incident response, notice to customers, and management of subject requests.

●      A privacy and security awareness education and training program is required for all staff while onboarding and again annually.

let's hope for better time where can go back to work !

Ronen Benjamin

Tech IT Wizard & Black Belt Master