Webex is the first UC and collaboration platform to achieve EU Cloud Code of Conduct (EU Cloud CoC) Level 3 adherence.
Cisco‘s Webex progressed through an independent third-party assessment and audit that verified all code controls. SCOPE Europe validated it, the EU Cloud CoC’s monitoring body. This double confirmation compliance affirmed trust in Webex’s approach to Level 3 adherence, illustrating the compliance and security of its cloud services.
Jelena Kljujic, Cisco’s EMEAR Privacy Officer, wrote in a blog accompanying the news:
In 2021, Cisco made a public commitment to incorporate the EU Cloud CoC controls into our solutions by design. We operationalized these controls into the Cisco Cloud Controls Framework (CCF). Cisco’s CCF uses a “build-once-use-many” approach for compliance accreditation in an evolving regulatory landscape.”
This allowed Cisco to leverage artefacts via Webex’s existing certifications, including Japan’s Information system Security Management and Assessment Program (ISMAP).
Utilising Cisco’s established CCF prepared Webex more quickly for the EU Cloud CoC Level 2 and 3 assessments. By centralizing various compliance requirements, the CCF offered a unified strategy for understanding and meeting compliance requirements.
This centralised approach benefits global cloud service providers, like Cisco, operating in over 100 markets with distinct compliance requirements. Converging security and privacy controls allow Cisco Cloud Services (CCS) to introduce adequate data protection by design. It also will enable CCS to use EU Cloud CoC controls as a baseline for global data protection requirements.
The EU Cloud CoC is an assurance framework for cloud service providers to prove EU General Data Protection Regulation (GDPR) compliance, encompassing transparency, accountability, data minimisation, data breach notification, and lawful data processing. There are also significant protections for personal data storage in the cloud, intending to empower individuals and expand their control over their personal data.
Cisco’s Focus on Security and Compliance-oriented Solutions
2023 has seen Cisco build upon its portfolio of products and partnerships, with security and compliance a regular theme of many of its launches.
Among the major news at Cisco Live last month was Cisco’s previewing of new generative AI capabilities to simplify security policy management and improve threat response to deliver on its Security Cloud ambition.
The Cisco Security Cloud will leverage a generative AI Policy Assistant to assess the issue of security policy management complexity. The Security Cloud will allow security and IT admins to produce detailed security policy prompts and evaluate how to best establish them across every aspect of an organisation’s security infrastructure.
Cisco Live also featured another AI-powered reveal in the form of a new Cisco security service edge (SSE) solution. The Cisco Secure Access offering is designed to enable better hybrid work experiences and simplify access across any location, device, and application.
Cisco Secure Access involves a common user access experience, delivering access to all applications and resources by intelligently and securely directing traffic to both private and public destinations. The service makes security operations easier by building multiple functions into one easy-to-use solution that protects all traffic. It provides analysis to speed up threat detection and response investigations and blocking, supported by Cisco Talos’s AI-driven threat intelligence.
As well as its solutions, Cisco has engaged in security-minded partnerships. In May, Spectrum Enterprise partnered with Cisco to enhance business cybersecurity solutions.
Spectrum introduced Secure Access with Cisco Duo and Cloud Security with Cisco+ Secure Connect to its portfolio. The plan was to allow organisations to offer secure, simple ways for employees and stakeholders to access business-sensitive information and applications on private networks and public clouds.
