Cisco rolls out industry-first security features for Spark

The collaboration platform will now, among other things, enable customers to run on-prem key servers for securing cloud content.
Written by Stephanie Condon, Senior Writer
(Image: Corinne Reichert/ZDNet)

Cisco on Monday is unveiling a set of new security features for its Spark platform that it says are unprecedented in the cloud collaboration space.

The new capabilities, years in the making, "set a new bar for enterprise-grade security for collaboration tools," Cisco CTO Jonathan Rosenberg told ZDNet.

First, Cisco is giving customers the ability to host on-premise encryption keys for securing content on the Spark platform. The feature was four years in the making and amounts to "a new market capability that has never existed for a cloud product before, which is data security equivalent to on-prem storage," Rosenberg said.

End-to-end encryption is already available for Cisco Spark. Now, a customer can have their encryption keys sit on premise, run by the enterprise administrator, rather than on the Cisco Spark cloud. In order for an attacker to gain access to a customer's data, they'd have to breach Cisco databases, as well as the customer's on-premise system simultaneously.

"There's no such thing as a system that's 100 percent secure," Rosenberg said. "This is a solution for a category of customers that are worried about a set of risks inherent in large-scale SaaS-based content storage and cloud systems."

The increased risk of threats like phishing attacks can deter enterprises from moving to the cloud or moving critical workloads.

"We don't think every customer is going to do this, but we do think based on feedback we've had in talking to customers, a significant bit of the enterprise space is extremely excited for these features," Rosenberg said. "In the past, they could stick with on-prem and or go to the cloud and just accept the risk. You don't even have to accept that risk anymore."

Next, Cisco is rolling out compliance features previously incompatible with end-to-end encryption, including data loss prevention and e-discovery.

"We've made it possible to apply end-to-end encryption in a way that the messages are still encrypted... but now also infosec, legal teams and people who are authorized are also able to gain access to those messages," Rosenberg said. "It's a seemingly contradictory set of capabilities that we've been able to combine in a pretty innovative way."

Cisco's also introducing mobile device security on non-managed devices for Spark. Spark analytics reveal that a "shocking" number of people using the Spark app don't have a PIN lock or fingerprint lock on their device, Rosenberg said, though he declined to give any specific figures.

The new security features are baked into the Spark app, to secure those personally-managed devices without locks. For instance, Web Smart Timeouts let the Spark web app know when it's running outside of the company network and automatically log out the user. Additionally, Enterprise Certificate Pinning protects from malicious hotspot providers and access network without requiring the user to actually enable their company VPN client. There's also a "Graceful PIN lock" feature that encourages a user to set a PIN lock and eventually locks the user out if they don't.

Lastly, Cisco Spark is getting new analytics capabilities. With simple data manipulation, a user can assess variables like which callers suffered the worst call quality on conference calls and whether the problem was widespread or localized.

The new capabilities will be available through a new IT pro pack that customers can add on to Cisco Spark. The platform's newly-rebranded administrative portal also shows off the new features.

Related coverage:

Editorial standards