Cisco Takes Spark Security to Next Level

Cisco today announced four enhancements aimed at improving the security and control of its team collaboration platform, Spark, and, in the words of Cisco Collaboration group CTO Jonathan Rosenberg, setting a "new bar for what can be done" with securing cloud-based communications.

Specifically, Cisco has added a security and analytics dashboard, integrated mobile device management, improved password protection, and enabled on-premises security keys.

While Cisco has provided end-to-end encryption for Spark interactions since the get-go, it is now adding support for enterprise compliance, as well. Highly regulated companies like those in the financial services or healthcare industry must be able to meet legal requirements around e-discovery and archiving. To this end, Cisco released the Cisco Spark Control Hub, a tool that allows admins to provision, administer, and manage their full Spark service, as well as Spark Hybrid Services. Additionally, it lets admins view analytics for Spark and WebEx.

In addition, Cisco announced Pro Pack for Spark Control Hub, a premium offer for admins who want greater control and advanced capabilities via third-party integrations. Pro Pack includes several third-party integrations for compliance, data loss, and identity management. For compliance, enterprises can integrate with tools from Actiance and Global Relay for archiving and to enable e-discovery on all Spark communications. For data loss prevention, enterprises can integrate with Cisco Cloudlock, Skyhigh for Cisco Spark, and Symantec CloudSOC. Finally, for identity management, enterprises can integrate with Microsoft Azure Active Directory, Okta, and Ping Identity.

With new analytics capabilities, Cisco hopes to make finding insights from Spark "a snap," Rosenberg said. As shown below, Pro Pack delivers insight via a dashboard that displays information around spaces, active users, file sharing, endpoints, and more.

portable

Analytics has been available for WebEx for quite some time, but they were typically pretty slow and not particularly useful for IT teams trying to get a good view on how service is running, Rosenberg admitted. To enhance analytics and reporting capabilities, Cisco built a new fluid analytics solution based on streaming technology so everything adjusts automatically in real time, he said. "You just have to click to get new details -- it's so fast," he said.

Securing on the Device Level

Cisco also has taken aim at the security challenge of running Spark on mobile devices -- a concern raised among enterprise IT panelists at Enterprise Connect 2017 (see related story). Until now, organizations would need to tackle the threat brought on by lost or stolen mobile devices by using third-party mobile device management applications, many of with which Spark works. However, as Rosenberg explained, these solutions only work on specified devices or with users who have opted in. This means that users really carry a lot of risk, especially if communications applications are used in BYOD environments, he said.

To help IT with this problem, Cisco now allows Spark itself to be used for mobile device management, with key features built into the application. For example, even if an employee installs Spark on his kid's phone, IT can remotely wipe the phone.

In addition, Spark is running on a lot of devices that don't have PIN locks set, Rosenberg said. To help ramp up individual device protection, Cisco has implemented what Rosenberg calls a "progressive nag" to prompt users to set better security controls. When the Spark app detects that a user is trying to access content on a device on which a PIN lock hasn't been set, it will prompt the user to set a PIN. On the third try, the app will exit and no longer work until the user sets a PIN. "It's all part of us trying to do the right thing for the end user and deliver the security the enterprise needs at the same time," he said.

Security at a High Level

The final part of today's news -- and most exciting to him, Rosenberg said -- is something Cisco has been working on for the better part of five years, when Spark was just an idea. "Essentially, we're introducing the data security equivalent to on premises by allowing security keys to run on the customer premises," he said.

Today, one of the largest growing attacks is phishing. And the reality is that SaaS providers have become a main hacking target -- the honeypot problem, as it's known in security circles-- since a breach would give them access to much more data than they could get from hacking one company's servers, Rosenberg said.

Storing security keys on the premises eliminates that problem, he said. "Attackers get only encrypted messages and have to go after the enterprise directly."

Enterprises still have a choice -- they can choose to have Cisco keep the security keys or keep them themselves on premises. Further, they could do a mix for various user groups if the company is only worried about one department, for example.

UC industry analyst and close Cisco watcher Zeus Kerravala gave a thumbs up to these efforts. As shown in the No Jitter Research: 2017 Team Collaboration Survey, 60% of enterprise respondents have three or more team collaboration apps in use, Kerravala pointed out via email. "To date, the adoption of team collaboration apps has been ad hoc in nature with different groups making their own decisions. This approach might be OK today but as organizations become more dependent on team collaboration tools and they become embedded into business processes, it can lead to significant problems, as there is no enterprise IT control and the content can be scattered over a variety of different providers," he said.

With the enhancements announced today, he added, Cisco has brought the management tools, analytics, and security capabilities companies require to enable workers to use information cost effectively and without putting their organizations at risk.

Follow Michelle Burbick and No Jitter on Twitter!
@nojitter
@MBurbick