Cisco Cisco WebEx Meeting Center WBS30 White Paper
Web Conferencing: Unleash the Power of Secure Real-Time Collaboration
White Paper
Cisco Public
© 2016 Cisco and/or its affiliates. All rights reserved.
3
This organization is also dedicated to providing our customers with the information they need to mitigate and
manage cybersecurity risks.
The Cisco WebEx security model (Figure 1) is built on the same security foundation deeply engraved in
The Cisco WebEx security model (Figure 1) is built on the same security foundation deeply engraved in
Cisco’s DNA.
The Cisco WebEx team consistently follows the foundational elements to securely develop, operate, and
The Cisco WebEx team consistently follows the foundational elements to securely develop, operate, and
monitor Cisco WebEx services. We will be discussing some of these elements in this document.
Figure 1. Cisco Security Model
Multilayer Security Model
Application Security
Data Center Security
Cisco Security and Trust
Cryptography
Administartive Controls
End-User Controls
Physical Security
Infrastructure and Platform Security
Tools/Processes to securely
develop, and operate
Organizational structure to instill
security in Cisco DNA
“Security and trust will differentiate Cisco as the number one IT company”
Operational Ex
cellence and Monit
oring
ISO
Certified
SSAE
16
Cisco Security and Trust
Cisco Security Tools and Processes
Cisco Secured Development Lifecycle
At Cisco, security is not an afterthought but a
disciplined approach to building and delivering
world-class products and services from the ground
up. All Cisco product development teams are
required to follow the Cisco Secure Development
Lifecycle. It is a repeatable and measurable
process designed to increase the resiliency and
trustworthiness of Cisco products. The combination
of tools, processes, and awareness training
introduced in all phases of the development
lifecycle helps ensure defense in depth. It also
provides a holistic approach to product resiliency.
The Cisco WebEx Product Development team
passionately follows this lifecycle in every aspect of
product development.
Please read more about the Secure Development
Lifecycle
Cisco Foundational Security Tools
The Cisco Security and Trust Organization provides
not only the process but also the necessary tools
that give every single developer the ability to take a
consistent position when facing a security decision.
Having dedicated teams to build and provide such
tools takes away uncertainty from the process of
product development.
Some examples of such tools are:
Some examples of such tools are:
•
Product security baseline (PSB) requirements
that products must comply with
•
Threat-builder tools used during threat modeling
•
Coding guidelines
•
Validated or certified libraries that developers can
use instead of writing their own security code
•
Security vulnerability testing tools (for static and
dynamic analysis) used after development to test
against security defects
•
Software tracking that monitors Cisco and
third-party libraries and notifies the product
teams when a vulnerability is identified
Organizational Structure That Instills Security
in Cisco DNA
Cisco has dedicated departments in place to instill
and manage security DNA throughout the entire
company. To constantly stay abreast of security
threats and challenges, Cisco relies on:
•
Cisco Information Security (InfoSec) Cloud team
•
Cisco Product Security Incident Response
Team (PSIRT)
•
Shared security responsibility