Cisco Spark Gets Stamp of Approval on ISO Security

Building on a successful certification of WebEx for Web conferencing, Cisco today announced it has achieved ISO 27001 certification for its team collaboration platform, Spark. If you're a casual observer like me, you might not readily recognize the standards by their ISO numbers. In a nutshell, this one means when you use Spark, you can now do so with confidence that it's a secure cloud service.

portable

Because Cisco had already laid some groundwork in achieving this certification (among others) for WebEx, it was able to move Spark through the process "relatively quickly" -- in just six months, said Jonathan Rosenberg, VP and CTO of Cisco's Collaboration Technology group. The ISO 27001 standard defines an extensive list of operational requirements that a cloud service provider must meet, as well as document how it's doing so, and prove that it will continue to meet these requirements moving forward.

"It covers everything from incident management to inventory control to access controls to vulnerability scanning and even personnel management," Rosenberg wrote in a Cisco Blogs post on the news. "Customers want to be sure that we're doing all of these things and doing them well. Rather than having to ask about every single detail, they can instead know that -- because we have this certification -- we're doing all of that stuff, and following best practices for them."

In short, what this means is that enterprises can feel more confident in the security of Cisco's cloud service.

Diverting from the Norm

For Cisco, putting an application in a certified data center and calling it good enough isn't, in fact, good enough, Rosenberg said. Getting certified to the ISO 27001 standard is the right way to approach compliance, in that the certification applies to the entire Spark platform, including the underlying data centers, he said. "It's about gaining trust. As an IT guy, you can feel confident signing off on a Spark [implementation]. Cloud is still relatively new, and gaining momentum. IT and buyers are gaining trust in cloud, and this is a step to deliver on that."

But are enterprises really asking for certification at the application level? For some industries in particular, the answer is yes, as Irwin Lazar, VP and Service Director at Nemertes Research, told me in an email exchange.

"I do think having software certified as ISO 27001 is important, especially for a pure cloud SaaS offering like Spark. These kinds of certifications are a critical requirement for regulated organizations to adopt technologies," said Lazar, noting that some Nemertes clients in like financial services, healthcare, and defense contracting can't deploy software that isn't ISO 27001 compliant.

UC analyst Zeus Kerravala agreed. "It's not good enough to have [your cloud app] in a secure data center [for some regulated industries]. The app has to be tested as well."

Kerravala further speculated that with the General Data Protection Regulation on its way in Europe, certifying cloud apps against the ISO 27001 standard will become even more important for any organizations doing business overseas (see "GDPR: From the EU to US").

According to Cisco, Spark is the first app of its ilk to receive this ISO designation. That may very well be true, Kerravala said, suggesting that the significant expense associated with the certification process makes it unlikely that any of the smaller players or startups have gone through it.

Hear directly from Rosenberg on Cisco's vision and product direction in a keynote address at Enterprise Connect Orlando 2018, coming March 12 to 15. He'll take the stage on Tuesday, March 13, at 10 a.m. Register now using the code NOJITTER to save an additional $200 off the Advance Rate or get a free Expo Plus pass.

Related content:

Follow Michelle Burbick and No Jitter on Twitter!
@nojitter
@MBurbick