In this article, we will focus on what value SphereShield offers for Webex over and above the controls and features Webex offer natively.
Webex is able to integrate with different Data Loss Prevention solutions, in different ways. Webex provides a rich set of admin and compliance APIs to help customers monitor and assert adherence to corporate policies. Unlike more traditional approaches, AGAT is able to provide DLP capabilities in real time, leveraging https://developer.webex.com/docs/api/guides/webex-real-time-file-dlp-basics
One of the main advantages of this approach is that we are not talking about reactive solutions, in which sensitive data is sent in a a file or a message, the communications reaches the destination and is deleted after the fact (it can take up to 5 minutes)
SphereShield uses the Real time DLP for files API to block files inline.
SphereShield also offers a real time solution which blocks sensitive information contained in both files and messages from reaching the cloud and obviously the destination user. Sometimes this is needed as a matter of company policy and sometimes it is required by law.
SphereShield DLP policies can be applied to a subset of users, they do not need to be org wide. You can also exclude a group of users. This helps solve both functional and commercial needs when DLP is only needed for a subset of users.
SphereShield DLP can inspect Audio using transcripts. Alerts will be sent after the meeting.
SphereShield DLP can inspect video (on screen text) using Video OCR. Alerts will be sent after the meeting.
SphereShield DLP can be integrated with other DLP vendors such as Forcepoint, Symantec, McAfee. This integration means that customers can use their existing DLP rules and infrastructure and cover Webex at the same time. Incidents will also appear in the existing Vendors incident manager.
SphereShield DLP can inspect files managed in SharePoint/One Drive in Webex.
SphereShield DLP violations are audited and integrated with the SphereShield eDiscovery. This is useful to see the entire context of a DLP incident.
Control Hub offers the ability to block GIPHY’s that may be inappropriate
SphereShield Safe content filter includes an anti harassment and Workplace safety feature that can block profane language and inappropriate images based on several different filters: Adult, Violent, Racy, Medical, Spoof. Policies can be configured based on Groups and Spaces.
Using Cisco eDiscovery for Webex your organization can search for Webex communication
Search can be done based on email, date range and space name . All entries must be manually input
eDiscovery results, split up every line of communication into a separate downloadable file. A conversation with 100 lines of communication will be searchable with 100 files containing one line of communication each.
Search dashboard in Webex
results presented as separate files
Example of file when opened
All communication can be archived as a backup (and even deleted from the cloud) . This can be stored on premise, in private cloud or as a backup in the cloud separate from Webex.
All communication is searchable based on several different parameters including email, date range, free text etc
The eDiscovery dashboard is designed with a user friendly and intuitive UI to support all levels of users. You can search and scroll through the communication seeing who said what, when they said it, where they said it and to who it was communicated.
The solution can be managed by non Webex admins e.g. HR or Compliance.
Audio transcript and Video OCR is also searchable.
Integrated with SphereShield DLP to see the entire context of a DLP violation
SphereShield offers many governance features, all of which are not offered in Control Hub
These are split into 3 Parts:
AD Group to assign as moderators - Members of this group will automatically be assigned as a moderator when in a space.
Control which Group members can be manually added as moderators.
Group that requires a Global Moderator - global moderator (admin) will be added to spaces that include members of these groups.
Groups allowed to create spaces
Groups allowed to create Teams
Groups allowed to add users to Space
Groups allowed to add users to Webex Teams
A prefix or suffix can be automatically to Spaces . This can be a configured text, department , country etc. This can also be applied to specific internal groups.
You can see and search all spaces and direct rooms based on many search parameters
The following actions can be taken by the SphereShield admin:
Delete room
Block room (room is not deleted but new content and membership is blocked)
Unblock room
Add tags for easy management and retention policies
Set retention policy per space
Add members even if you are not a member of the Space
Add moderator even if you are not a member of the Space
Remove members even if you are not a member of the Space
You can set retention policies for the entire organization for spaces and meetings.
It is on the roadmap to have one policy for spaces and another for direct rooms.
SphereShield offers extra flexibility when applying retention policies.
You can set retention policies based on
Scope : Internal or external
Type: Space or Direct
Tags
AD Group
User : email
This feature allows you to control what data users can see in the Webex App. If you want to permanently delete (card delete) the message this can be done via Orgs retention policy in Webex Control Hub
Ethical Wall helps organizations control :
Who can communicate with who
How users can communicate
To understand the value that Ethical Wall offers over and above the Webex in-built features, we need to address internal and external communication separately.
Webex allows organizations to control external communication in the following ways:
Allow all external communication
Block all external communication
Create lists of allowed external domains
With Webex native controls, when an external domain is open for communication -
The whole external domain is open
Communication with that domain is allowed for everyone internally (org wide policy)
All types of communication are permitted
You can restrict external file sharing on an org wide level. You can block externals only from viewing files. This is also an on/off setting without exception.
Ethical Wall adds flexibility to external communication control in 3 ways:
1- Open up external communication for a specific internal Group/Domain/User
2- Open up external communication to a whole external domain or even to just one external user from that domain
3- Open up external communication for limited communication capabilities. For example, allow IM’s but block file sharing and screen sharing for specific people
Webex offers the ability to block communication between specific internal groups with the Ethical Wall product (Not yet generally available)
Webex Ethical Wall is limited to the following two options:
Allow communication completely between Groups
Block communication completely between Groups
Other limitations include:
Limited to 5 policies
does not allow for exception rules
With Ethical Wall, organizations gain the flexibility to have granular control over the types of communication.
You can control the following types of communication:
Chat
Audio
Video
File sharing
Screen sharing
Adding users to conversations
It is very common that organizations do not want to impose a complete block between internal groups. Rather, they want the flexibility to allow chat and meetings, but to block file sharing and screen sharing.
Policies can be based on AD Groups, Internal Domains and individual users based on the UPN.
Ethical Wall is managed in the SphereShield Admin Portal which has a GUI interface.
Extra Added Value:
•Policies and rules can be applied retroactively on all existing Teams and Spaces
•Policies can apply to Teams and Spaces regardless of the number of people present
•Full visibility of all events detected for compliance officer