How Webex Securely And Privately Provides For Over 4.2 Million Meetings A Day

By Patrick Moorhead - April 30, 2020
Cisco & Webex

Cisco's Webex is one of the biggest collaboration platforms in the world. In recent months it owes a lot of its traffic to the COVID-19 crisis and the growing number of employees now working from home (WFH). However, Webex was not built in a month nor built in the timeframe of the COVID-19 crisis. I believe its security and reliability have been improving and growing to a point where it is one of the many collaboration platforms that finds success in providing for people and businesses during a crisis without having to make compromises like Zoom.

Abhay Kulkarni, Vice President and General Manager of Webex Meetings, said it best when he said, "security and privacy must be at the forefront" for the tools leaders are relying on for remote working. When businesses, schools, governments, and healthcare operations are all relying on a video call solution, it should be equivalent to them relying on the security and privacy of a building.

During the Crisis, Webex has seen 240,000 online signups in a single 24-hour period, whereas, before the crisis, it was running 300 million users in a single month. Webex has handled 4.2 million meetings in a single day and over 14 billion meeting minutes in March, both of which are more than double what they were before the crisis.  

I would like to discuss why I believe Webex is one of the most secure (if not the most secure) and reliable video call solutions, including the extra security it has provided for struggling businesses during the crisis.

Security is the Webex cornerstone

Cisco is very proud of the security it provides for its customers. It should be proud as the company is the largest end to end security companies on the planet. That’s not just my opinion, it’s based on revenue numbers rom research firm Canalys.

As many tech companies began offering their services to help fight the welfare and economic crisis of COVID-19, Cisco offered its services to companies through security. You can tell a lot about a company by what they offer in times of a crisis, and many companies and users were drawn into Webex by the security features it offers.

Webex is secure by default, and doesn’t make it the user's responsibility to opt-out of sharing their data, or change meeting settings in order to be protected .This is a part of Cisco's belief that it should never trade convenience for security. I agree with this for  businesses, governments and schools. Cisco gives a great example of this in Abhay Kulkarni's blog when he talks about single sign-on (SSO). There is convenience and simplicity in using SSO for app development. However, instead of Webex app developers using Software Development Kits (SDKs) for Facebook, Google, and Microsoft SSO integration, it decided to take the more secure and private route of using OAuth.

Webex integrates with many industry-leading apps including Microsoft 365 apps, G Suite apps, and Salesforce. 

Another way that Cisco ensures the privacy and security of Webex rooms is by assigning meeting IDs to rooms by default rather than called out externally. Webex enables strong passwords by default for any meeting and the user experience is designed to not expose meeting IDs if a user were to post a screenshot of their meeting window on social media. Finally, all recordings and transcriptions are encrypted and stored at-rest, in-house, at the customer.

Cisco's Secure Development Lifecycle (SDL) approach

A critical component to developing software at Cisco is developing the mindset of security first along with the software. When developing software, Cisco uses its Secure Development Lifecycle approach. SDL is a repeatable and measurable process designed to increase Cisco product resiliency and trustworthiness. Webex is one of the many Cisco software solutions to have security built-in as a key foundational element. Let me repeat- Cisco is the largest security company on the planet. When we look at what Webex is built off, SDL, we can look forward and see that it is an uncompromising statement from Cisco that security comes first.

Webex integrates with many industry-leading apps including Microsoft 365 apps, G Suite apps, and Salesforce. 

Just as Cisco turns a user's security features on by default, it also turns a user's opt-in data sharing off by default. This is so that it is Cisco's responsibility to ensure a user's privacy rather than the responsibility of the user. Chuck Robbins, CEO and chairman at Cisco, said in a blog on Webex Security, "At Cisco, we believe data privacy is a fundamental human right." I stand by that statement wholeheartedly. Cisco does not rent or sell user data to third parties, nor does it put user data in compromising situations, as I mentioned with SSO.

The last security practice Cisco has with its users is that it discloses all security vulnerabilities and quickly works to fix it. Cisco does this by having an Independent Security and Trust Organization independent from its engineering team. In some ways, it is counterintuitive to reveal to your customers that your security software is not actually secure. As I have said often, security is a constantly moving target and if you sit idle, your product will be exploited. However, Cisco shows transparency and trust to its customers and that it is always striving to improve its security. It is one thing to have security vulnerabilities, and it is another to have security vulnerabilities and try and cover them up or as we have seen the past couple weeks, possibly cover it up.

Security in numbers for remote workers

Many of Cisco's security offerings have shown impressive growth numbers during the crisis. Cisco says its Security business offering continues to see at least 10 times the number of requests from organizations asking for security support and has added more than 9 million Security users since the beginning of its free offering in March. Cisco's multi-factor authentication, Cisco Duo, has seen more than 3,300 new organizations signing up globally in the last week, a 200% increase in weekly sign up rates. Over the past 21 days, Cisco's VPN that lets businesses connect anywhere, Cisco AnyConnect, has fulfilled 240% of the prior year's total annual number of trial requests. Over the past week, Cisco's DNS-layer security, Umbrella, has seen a 100% increase in the number of web-requested free licenses on the usual weekly average. These impressive numbers tell us that businesses want security for their remote work, and Cisco is a leading provider.

Wrapping up

While Webex has a long history of providing one of the industry-leading secure collaboration applications, it continues to evolve with new features and functionality. New AI-enabled Cognitive Collaboration features include People Insights that integrate with company directories to show who’s who during the meeting and Webex Assistant for Rooms that let you start meetings with your voice.

Webex may not have the fun features we see on Zoom on the PC like being able to put a tiger as your backdrop (yet), but, 9 times out of 10, a company or school, if they’re aware of it, is going to put the security of its video call solution over the simplicity and convenience of the software. While I’m trying to be funny about the tiger background, you can get a virtual background in the Webex Meetings Mobile App for iOS devices. 

I believe Cisco understands security very well and not just because it’s the largest security company in the world. The company follows through every step of Webex with its Software Development Lifecycle approach. It provides what I would consider uncompromising security and transparency to businesses so that when Webex is a needed video call solution, Cisco is a trusted company to provide that. It has achieved some impressive numbers during the COVID-19 crisis, and I believe it couldn't hit those numbers if it didn’t have a reliable and trusted foundation.

Note: Moor Insights & Strategy co-op Jacob Freyman contributed to this article.

+ posts
Patrick founded the firm based on his real-world world technology experiences with the understanding of what he wasn’t getting from analysts and consultants. Ten years later, Patrick is ranked #1 among technology industry analysts in terms of “power” (ARInsights)  in “press citations” (Apollo Research). Moorhead is a contributor at Forbes and frequently appears on CNBC. He is a broad-based analyst covering a wide variety of topics including the cloud, enterprise SaaS, collaboration, client computing, and semiconductors. He has 30 years of experience including 15 years of executive experience at high tech companies (NCR, AT&T, Compaq, now HP, and AMD) leading strategy, product management, product marketing, and corporate marketing, including three industry board appointments.