Investments in Privacy and Security Innovation

The following is based on an excerpt from the 2020 CSR Impact Report, published on December 8, 2020.

Today’s cyber attacks are ever-evolving, so we must make investments to stay ahead. These investments include enhancements to the foundational security of our solutions, adding layers of security that help protect against counterfeit and unauthorized versions of hardware and software. We also manage a portfolio of 400 (and growing) products that are equipped with trustworthy capabilities to protect against cyber attacks, verify hardware and software integrity, and earn and maintain customer trust. These technologies, such as image signing, Secure Boot, Cisco Trust Anchor module, and runtime defenses, are integrated into many of our platforms to help ensure code is authentic, unmodified, and operating as intended.

We rigorously test and certify products—over 175 product lines in all—to meet global government security certifications and requirements. We also invest in advanced security research, conducted through 20 research partnerships in five countries.

Responding to global needs

At Cisco, we have always taken a global approach to privacy and security. Recognizing privacy as a fundamental human right, we work closely with regulators around the world to drive consistency in our approach to protecting and respecting privacy. We have a centralized Chief Privacy Office with regional officers leading each of the three major regions where we do business. Each regional officer chairs a Regional Privacy Council for their respective territory to ensure we are addressing local and country laws in our global approach.

To demonstrate our compliance capabilities and adherence to global privacy principles, we have certified our enterprisewide program to EU Binding Corporate Rules, APEC Cross-Border Privacy Rules system and Privacy Recognition for Processors, and the EU/UK/Swiss-U.S. Privacy Shield. In the U.S., we continue to call for federal privacy legislation that ensures a consistent baseline of protection for all users.

Beyond Cisco: Enhancing global awareness

By embedding security and privacy throughout our operations and solutions and sharing our cyberresilience strategies widely, we earn and maintain customer trust and help make the world more safe and secure. When we all have better security and privacy practices, we’re all better off. A few ways we engage with the public and private sectors to improve our collective cyberdefenses include:

• Advising governments and academia and participating in industry working groups to help develop better collective cyberresilience strategies
• Encouraging standards organizations to accelerate the advancement of technology engineered with security, privacy, and trust by design and default
• Raising concerns when government legislation could potentially impact the security or privacy of technology
• Spearheading agreements to share threat intelligence with select organizations, such as Interpol, to jointly fight cybercrime
• Investing in our first Center of Excellence and Co-Innovation to focus on security and privacy
• Publishing new research and leading practices in Cisco’s Trust Center to transparently share what we have learned publicly
• Participating in events such as National Cybersecurity Awareness Month, initially in the U.S. and now in multiple countries
• Leading efforts to build the next generation of security talent and improve inclusion and diversity across Cisco and the industry, including:
  • Working with global universities on research projects and programs dedicated to the enhancement of security and privacy
  • Teaching security courses to diverse students through the Cisco Networking Academy and working with higher educational institutions to develop security and privacy curricula

Collaboration without compromise: Keeping Webex secure during COVID-19

The need for secure collaboration technologies like Cisco Webex, our videoconferencing platform, has been especially critical during the COVID-19 pandemic. As the largest enterprise security company in the world, Cisco was uniquely positioned to provide unparalleled, secure collaboration services to our customers as workforces around the globe went remote.

Knowing that bad actors would exploit individuals whose work-from-home environment was not secure, we helped customers implement secure networked systems for remote workforces, ensuring their businesses stayed productive. We also published a white paper with tips and resources for keeping one’s family cybersafe.

Videoconferencing became a staple of many people’s personal and professional lives, and demand for Cisco’s secure Webex capabilities skyrocketed. We hosted 14 billion meeting minutes in March 2020 alone, more than double the number in February 2019. We sustained this level of use throughout the year, hosting 26 billion minutes in October 2020 compared to just 7 billion minutes in the same month in 2019. Users took note of Webex’s distinctive features, including never compromising security for convenience or speed. Unlike other services, Cisco turns data sharing off by default, allowing users to choose exactly what they are willing to share. We also have maintained strong controls to keep meeting rooms secure and to encrypt all meeting recordings and transcriptions.

Because of Cisco’s approach to security and privacy by design, we were ready to meet critical demand during these extraordinary times. As almost every business learned to navigate a new reality, the end-to-end security of solutions like Webex gave our customers one less thing to worry about—so they could focus on staying connected and productive.

Visit our Cisco ESG Reporting Hub to read the full CSR Impact Report and learn more about the progress we’re making to power a more inclusive future through CSR.