The global market for web conferencing is projected to reach US$3.9 billion by 2020, fueled by the rising demand for real-time collaboration among globally dispersed business enterprises and workforce. Cisco’s WebEx offers web collaboration solutions for both the private sector and government agencies. ITWatchIT spoke with Jay Mulkerin, Senior SE Manager, Collaboration at Cisco, and Vincent Chin, Unified Communications/UC, Cisco, about Cisco’s WebEx solution specifically geared towards government agencies.
The adoption of technology is typically slow for federal agencies, but the Federal Risk and Authorization Management Program (FedRAMP) makes it easier to implement innovations in cloud technology, such as Cisco’s WebEx Web Conferencing.
How Secure is the Application?
The FedRamp certification process involves a lot of controls that vendors have to adhere to, and a lot of that is cloud-based. From a security perspective, when a lot of agencies have applications on premise, they have to go through different [The Federal Information Security Management Act] FISMA controls in order to get certified.
The process is typically for them to submit their application, have an agency sponsor it – then they get processed, and finally certified. WebEx is a Software-as-a-Service web application tool, and Cisco is also adding Unified Communications as a Service (UCaaS) to that.
Let’s say I am a federal government CIO, I can either put applications on premise or have it outsourced as a service in the cloud. What FedRAMP does is to give it a checkmark, because if government agencies were to do it on premise, they would have to follow the same certifications.
Since we store it in the cloud, they don’t have to install any hardware or software. It also saves them the trouble and expense of hiring IT staff to manage and troubleshoot it, since Cisco manages everything. They basically come to Cisco and have voice, video, web collaboration and cloud, and it is all US data centers, actively monitored by US personnel.
It is a great thing for us because Webex is an industry leader for web conferencing, and now, we can extend that to federal customers, who can have the same service, in a secure environment.
As far allowing devices talk to each other, API is the big driver, and you can implement that when you write the codes. That is what we are striving for as an organization, which is to have our APIs embed voice and video into these products.
From a security standpoint, we implement end-to-end encryption. For instance, if the USDA wants to have sensors in the field for farmers to track whether their tractors are running or something like that, you have to make sure that it is encrypted and ensure that you are following the government standards in place.
How Secure is the WebEx for the Private Sector in Comparison?
It is also secure. The difference is that following FedRAMP requirements, the one for government is US personnel only, and goes through the government processes, as far as enhancing the security. The product itself is secure natively; we are only going through those processes to adhere to government standards.
From a features functionality aspect, you can lock a WebEx meeting. As such, if there are only three participants in a meeting, you can lock it so that no other person can join the meeting. Let’s also say a person joins a meeting and doesn’t identify who they are, you can expel them, as the host of that meeting.
In terms of WebEx itself, you can either do 128-bit encryption or end-to-end encryption. The other component is the way the WebEx infrastructure is set up – it is a switch-based network, and noting is actually stored on our data centers.
The concern that a lot of agencies have is the security of and privacy of shared content— PII information or any other kind. Since nothing is actually stored in our data center, none of that data will reside on a server when you end the meeting.
Even if a hacker tries to hack into our system, there’s nothing for them to hack into — unless you record the meeting.
What Happens if the FBI or other Agency Requests for Data?
Well, there is a caveat to that. The information that we do store includes recordings. We also capture who attended the meeting and for how long you attended the meeting. With regards to the actual data, we do not capture that. As such, if you share a PowerPoint or Word document, that data will not be stored on our servers when the meeting ends.
It is like a phone call — when you make a phone call, unless a three-letter agency is recording it, nothing is actually stored.
If it has End-to-End Encryption, How are They Getting Access to Data?
That’s something that a lot of agencies have to weigh, with regards to whether they are going to have the recording feature enabled or not. If you lock the meeting, the agencies won’t be able to gain access to your meeting. This goes for both the private sector and federal sector.
Do You Have a Similar Price Structure for Private and Federal Sector?
We are following government guidelines in terms of the controls that they require us to have in place. Enterprise looks for similar things in terms of single sign-on and end-to-end encryption, but for the most part, their requirements are not as stringent as that of the government.
Do you Have Other Products Like That in the Federal Space?
WebEx is the first service that we have certified, and we are about to launch UCaaS, which is also voice. If you look at a lot of vendors, they have IaaS and SaaS. WebExs is SaaS, and UC is essentially SaaS as well. Everything we are doing in the cloud, you can actually do on premise.
The biggest key is that we are certainly certifying it – the government doesn’t have to spend resources on building that infrastructure, having people manage it, and certifying it – those are the three biggest things.
Vincent Chin, Unified Communications/UC, Cisco
Jay Mulkerin, Senior SE Manager – Collaboration at Cisco