Cisco Spark Security


End-to-end encryption of content


Cisco Spark uses industry-leading encryption to ensure data remains confidential, available, and secure at all times.

The Cisco Spark app encrypts your data before it leaves your device. Data stays encrypted when it's in transit to our cloud servers; when we process your data (data in-use) and when we store it (data at-rest).

Encryption of all content is done using dynamic keys from the key management server (KMS). There is a unique key per Cisco Spark space, which only authorized members of the space will be allowed access to obtain. Cisco Spark messaging content, files and Cisco Spark Board content are encrypted using keys from key management server.

Encryption in transit

We use Secure HTTP (HTTPS) to encrypt data in transit between your device and our servers, which protects the identities of the senders and receivers of the encrypted content.

All media in Cisco Spark, such as voice, video, desktop share, and white boarding are transmitted using Secure Real-Time Transport Protocol (SRTP; is defined in RFC 3711). Currently, the Cisco Spark Platform decrypts real-time media for mixing, distribution, and public switched telephone network (PSTN) trunking and demarcation purposes.

Authorization and authentication

Only people who have successfully authenticated with our service can view messages and files in Cisco Spark spaces. Unauthorized people who try accessing the URL of a space can’t see what has been shared.

Cisco Spark Hybrid data security (Spring 2017)

The cornerstone of end-to-end content encryption in the Cisco Spark Platform is a component known as the key management server (KMS). The KMS is responsible for creating, storing, authorizing, and providing access to the encryption keys that the Cisco Spark app uses to encrypt and decrypt messages and files. End-to-end encryption in Cisco Spark is possible because of the architectural and operational separation between the KMS and the rest of the Cisco Spark Platform. Think of them as being in separate realms, or trust domains, in the cloud: The KMS is in the security realm and all other component services that make up Cisco Spark are in the core. Security-conscious enterprise customers may choose to deploy the security realm services, including the KMS, on their own premises.

The upcoming Hybrid Data Security (limited availibility release) will include:

  • On-prem deployment of the security realm through the Cloud Collaboration Management portal (CCM)
  • Key management services. (Bring your own DB for storage of keys.)
  • Search indexer: Create and encrypt search indexes, submit encrypted search terms for content searches.
  • eDiscovery on-prem engine: While the eDiscovery UI will be hosted in the cloud, the engine remains on-prem for customers who opt to deploy HDS in their data centers.
  • Auto-upgrades, alerts, and notifications.
  • Local logs/audits of access to keys.

Compliance with legal and regulatory obligations


Compliance that works on encrypted content (Spring 2017)


Organizations using Cisco Spark need access to the content stored in their spaces for compliance and governance purposes.

The Cisco Spark compliance module is a distributed component in the Cisco Spark security architecture that sits in the security realm along with the Key Management Server (KMS). The Cisco Spark compliance module works with the encrypted content in the Cisco Spark Platform and produces a clear-text feed of activities and content to enable monitoring and extraction into a separate company-owned repository.

The search and extraction console for eDiscovery is the first tool in the Cisco Spark compliance portfolio to use the Cisco Spark compliance module to provide ad-hoc access to data.

Extraction console for eDiscovery and auditing (Spring 2017)

Cisco Spark compliance administrators with sufficient access privileges can query Cisco Spark for content in the spaces they own and download the results in the form of a JSON or CSV file. Results can be imported into Microsoft Excel or full eDiscovery software for further processing.

The Cisco Spark compliance console supports search based on space ID, email ID, date, keywords, or a combination of attributes.

The resulting space activity details and content, including text messages and file names, sizes, types, and URLs , are consolidated in the form of a CSV or JSON file. Files (pictures, Microsoft Office documents, PDFs, etc.) are also attached in original format.

Organization-wide retention policy (Spring 2017)

In the Cisco Cloud Collaboration Management portal (CCM), Cisco Spark administrators can define how long content is stored in all the spaces owned by the organization. Cisco Spark will delete messages and files when their timestamps match the retention limit. The default for this setting is “indefinitely”.

Users can view the retention policy of spaces in which they are participating, by accessing the information icon.

Mobile device management (Spring 2017)

Mobile devices running Cisco Spark can be further secured by requiring that the PIN device be configured. This is an organization-wide admin setting. This is in addition to all Cisco Spark content being encrypted at-rest in the device.

Administrators can force the Cisco Spark browser session to time out when accessing Cisco Spark outside of the company’s intranet. This offers protection against users leaving browser sessions open inadvertently in public places.

Cisco Spark administration


Programmatic APIs for user provisioning


Cisco Spark for Developers includes administration APIs that allow administrators to programatically provision a user or the entire organization. By automating administration, user management and provisioning can be centralized in an existing tool. For example, a partner selling multiple collaboration tools to customers can use these APIs to enable Cisco Spark provisioning through a centralized portal.

Using these APIs, an admin can:

  • Create a user
  • Update a user
  • View license usage of an organization
  • View available roles of an organization

Cisco Spark meetings, messaging, and calling

Meetings

Cisco Spark brings people together to collaborate, discuss, and make decisions in instant and scheduled meetings. In-app audio and video calling pulls the people in your space together for a huddle, with one tap. Meetings powered by Cisco WebEx provide an even more productive meeting environment. All Cisco Spark meetings allow screen sharing and a variety of tools for interactive creative work.

Basic Meetings


Instant meetings


Share video, screen share, and use interactive drawing and white boarding within the Cisco Spark app with up to 25 users. Just tap the Call activity circle to start your meeting. Anyone in the space can join or add guests from outside of the space.

Join from desktop, mobile or room device endpoints

Join a meeting in the Cisco Spark app from Cisco Spark Board, any Cisco Spark room device, or Cisco phones registered to Cisco Spark.

Simplified scheduling with @spark

With Hybrid Calendar Service, you can add @spark to your Microsoft Outlook invite to automatically create a new Cisco Spark space for all the people in your meeting. People can just click the link at the bottom of your invite to join.

Advanced Meetings


Instant meetings


Host meetings with Cisco WebEx and enjoy all the capabilities of a WebEx meeting. Share video and screen share with up to 200 people.

Join from any device

Join meetings from any browser, from desktop and mobile devices, on phones via the public switched telephone network (PSTN), from Cisco Spark room devices, Cisco phones registered to Cisco Spark, Microsoft Skype for Business endpoints, third-party standards-based video endpoints, and more.

Personal meeting room with a unique url

Each user gets a Personal Room with its own, customizable persistent URL and URI to make scheduling and joining meetings easy.

Simplified scheduling with @spark and @webex

Using Cisco Spark Hybrid Services makes it easier to schedule meetings and create Cisco Spark spaces. The Calendar Service in Advanced Meetings allows you to add @webex to your Microsoft Outlook invite, which automatically populates the body of your email invite with your Cisco WebEx meeting information.Users can also add @spark to their Microsoft Outlook invite, which will create a Cisco Spark space and add the meeting to that space.

Cisco Spark Board

The Cisco Spark Board is a touch-based, three-in-one collaboration device that combines wireless presentation, interactive digital white boarding, and video conferencing. It’s designed for rich team collaboration, securely connecting physical and virtual meeting spaces so that teams can work together any time before, during, and after meetings.

Messaging

The mobile-first Cisco Spark messaging experience is designed to keep agile, remote teams connected in secure virtual work spaces. Persistent individual and group conversations with contextual file sharing allow people to jump in and contribute as time permits. Teams discuss, share, and make decisions on a rolling basis. Audio and video calling capabilities are right there in the app.


Teams


Create and name Cisco Spark spaces for individual projects or topics so users can find conversations easily.

Search and Filter

Do secure searches for information, files, people, teams, or spaces. Filter a search to limit it to specific spaces or specific people’s messages.

@Mention

Call attention to important messages by tagging a person’s name in the message. Prioritize for your own reading those messages someone has tagged for you.

Favorites

Prioritize important spaces by making them favorites. Then filter for favorite spaces for easy viewing.

Flags

Flag any message to make sure you view it later.

Filter view

Zero in on relevant information (unread messages, private messages, favorites, mentions, or flags).

Content preview

Preview files on any device, so you can view before downloading.

Content upload from mobile

Upload files stored in the cloud to Cisco Spark—from your mobile device.

Notifications

Receive notifications on all the devices you use for Cisco Spark. You can choose to be notified when a message is posted to a space in which you are mentioned, when you are added to a conversation, or when you receive a call. Tailor your notifications for individual spaces and teams. Turn them on and off as needed.

Security and encryption

Cisco Spark encrypts messages, files, and room names on your device before sending them to the cloud. Content arrives at our servers in encrypted form and is processed (data in use) and stored (data at rest) in its encrypted state until it is decrypted on the intended recipients’ devices.

Learn more

Space moderation and team moderation

When the teamwork is sensitive, lock spaces and assign moderators. Then only a moderator can add or remove people, edit the space name, or delete others’ messages and files. Moderators can also assign co-moderators.

Care Assistant (paid plans)

Cisco Spark's built-in Care Assistant automatically connects people to subject matter experts, making it ideal for internal support and help desks.

Languages supported

Cisco Spark messaging supports multiple languages.

Calling

Cisco Spark calling is built on a cloud-based phone service perfect for small to mid-size organizations, offering the benefits of traditional phone systems without the expense and complexity of on-premise deployment. Alternatively, connect your existing Cisco Unified Communications Manager call control infrastructure to your Cisco Spark service through Cisco Spark Hybrid Services. Our partners can help with your PSTN and other connectivity services.

Cisco Spark also offers a range of IP and video IP phones.

Learn more: Cisco Spark Hybrid Services

Features


Audio and video calls with internal and external participants


  • Make and receive audio calls from phones registered to your Cisco Spark service. Dial international, national, or local formats.
  • Make and receive internal video calls through registered phones, or within the app.
  • Place video calls to other businesses or people by dialing their SIP user/room identifier.

Calls from the Cisco Spark app

Make and answer your calls in the Cisco Spark app. When called, your phone and the app ring at the same time.

Apple iOS 10 integration

The Cisco Spark Call app for Apple iOS 10 tightly integrates with your Apple iPhone via Apple’s Callkit. Use the built-in dialer to make Cisco Spark calls.

Turn calls into meetings

Calling another Cisco Spark user automatically creates a Cisco Spark space for screen sharing, file sharing, and messaging.

Cisco Spark Phone—Cisco Spark app integration for desk phone control

Initiate, end, answer or decline a phone call using your Cisco Spark IP desk phone, by clicking a button from within the app.

My Cisco Spark portal for users

Customize your phone settings, generate a device activation (QR) code, and personalize call features such as single number reach, do not disturb, and call forward.

Directory-based dialing

Access and call corporate directory contacts from the Cisco Spark phone or app. Personal contacts on IP phones

Personal contacts on IP phones

Add your personal contacts on Cisco Spark IP phones. Then add shortcuts to a local contact in your directory or call history.

Speed dials with status monitoring

Configure speed dials in your Cisco Spark IP phone. If you’re calling a Cisco Spark user, the line status is shown in the line key.

Single number reach

Give people a single number at which to reach you. Answer your calls on your desk or mobile phone.

Do not disturb

Turn off your ringer for incoming calls.

Decline a call with a message on Cisco IP phone 8800

Decline a call and send a Cisco Spark message (“Can I call you later?”) with the touch of a button.

Call hold and resume, with video

Let callers hear music with video while waiting for you.

Caller ID mapping

Set your caller ID to display during a call. Choose to display your personal line or the official company number.

Shared lines

Configure a single phone or extension number for multiple users.

Multiple calls per Line

Receive eight simultaneous calls per line—ideal for receptionists and broadcast hunt groups.

Call forward

Forward your calls to any number you choose.

Call transfer

Transfer a call in progress to another person.

Call park

Put phones in common areas such lobbies (for assistance) or classrooms.

Ad-hoc video conferencing

Initiate an unscheduled audio or video call with up to two other parties.

Emergency services dialing

Dial emergency services (911 in U.S.). Providing your organization, phone number, and device is supported, so that the emergency service has your address and callback number.

Hunt groups

Configure a collection of telephone numbers to ring in a specific order based upon a ringing algorithm. Monitor your login status through a line key.

Auto Attendant or virtual receptionist

Set Auto Attendant to greet callers and route them to employees or departments. Includes time-of-day routing with time-zone support, holidays, route-to actions, and submenus.

Message waiting indicator

You’ll be notified by the message waiting indicator (MWI) when you have unheard voicemail.

Voicemail and voicemail to email

Check voicemail from any phone. Your voicemail follows you so you can listen and respond promptly. You can also receive an email with the audio file as an attachment.

Key expansion module on Cisco IP Phone 8800 family

Add line keys for additional functionality—ideal for receptionists.

Analog telephone adapter 190sc

Connect analog phones, fax machines, and other U.S. FXS devices to make and receive calls and DTMF. With support for T.38 Fax.

Cisco Spark calling hardware


Cisco IP Phone 7832


An effective conferencing station with superior HD audio. Recommended for executive offices and small meeting rooms with up to six participants.

Video conferencing room-based endpoints

Connect your physical conferencing rooms to your Cisco Spark service with Cisco Collaboration Endpoints (DX, SX and MX product families). Requires an additional room license.

Cisco Spark calling administrative features


Administration, management, and analytics (Cloud Collaboration Management)


Use the Cisco Cloud Collaboration Management Portal

  • Manage your users, services, and your global and granular configurations.
  • Access support, trouble ticketing, and service performance.
  • Analyze how Cisco Spark is being used.

Connection tests

Run a health check from Cisco Spark or perform the Cisco Spark Network test (Mozilla Firefox or Google Chrome).

Get notifications about maintenance events and reported incidents. Choose email or SMS alerts.

Single sign-on (SSO)

Simplify authentication for your users and user management by authenticating against a directory using SAML2.0. Includes ADFS2.0 and 3.0, Google Apps, Okta, Microsoft Azure AD, Shibboleth, and more.

Active directory synchronization

Synchronize your company’s Active Directory and mirror it to the cloud for Cisco Spark user accounts. Your user list remains the single source of truth.

Manage telephone (DID) numbers

Get a visual aid of the mapping between DIDs, users, and extension numbers.

Company Number configuration

Designate a telephone number as your company number. Use it as a Caller ID option for any user dialing out from the company.

Multiple extension number ranges

Configure multiple extension ranges for your users’ extensions.

Variable length extension number

Configure your system extension numbers with 3-5 digits.

Class of service – international

Configure international numbers dialing on a per-company and per-user basis.

Department and lobby phone configuration

Put phones in common areas such lobbies (for assistance) or classrooms.

Local time display

Maintain your company time zone, and separately configure local time on a per-device basis––ideal for remote workers.

Preferred language settings

Set up a preferred language for your users to interact with their phones and my.ciscospark.com portal. Languages supported: English (U.S. and U.K.), Spanish (for Latin America), French (Canada).

Customer reports

Monitor your users’ system usage, quality experienced, and endpoints registered.

Cisco Spark PSTN Preferred Media Partner Ecosystem

Cisco Spark service does not include PSTN services. Customers need to purchase PSTN services from a third-party provider listed below. Our partners can provide PSTN local, long-distance, and direct-inward-dial services.


Intelepeer (USA)


PSTN voice services fully integrated with Cisco Spark calling for a complete business calling solution.

Visit Intelepeer

TATA Communications (USA)

Global SIP Connect for Cisco Spark calling offers a suite of basic PSTN calling features with a single flat rate for domestic calls. This enables smaller businesses to access Tata Communications’ worldwide network and international calling rates that were previously only available to the largest multinational enterprises.

Visit TATA Communications

Supported devices and applications for Cisco Spark


Cisco Spark app


  • Android Smartphones––Jellybean 4.1 and later
  • iPhone and iPad––iOS 9.0 and later
  • Mac––OS X Maverick 10.10 and later on a supported Mac
  • Web––Google Chrome (latest), Mozilla Firefox (latest), Internet Explorer 11
  • Note Cisco Spark calling is available only on Mozilla Firefox.
  • Windows PCs––Windows 7 and later

Cisco Spark Room devices

  • Cisco Spark Board
  • Cisco TelePresence SX10 Quick Set
  • Cisco TelePresence SX20 Quick Set
  • Cisco TelePresence SX80 Codec
  • Cisco TelePresence MX200 G2
  • Cisco TelePresence MX300 G2
  • Cisco TelePresence MX700
  • Cisco TelePresence MX800
  • Cisco Spark Board

Desktop devices and IP and video IP phones (desk phones)*

  • Cisco DX70
  • Cisco DX80
  • Cisco IP Phone 7811, 7821, 7841, 7861
  • Cisco IP Phone 8811, 8841, 8845, 8851, 8861, 8865

Phone accessories

  • Key expansion modules: add buttons to your phone
  • Add line keys for additional functionality––ideal for admin assistants.
  • Supported on 8851, 8861, 8865 Phones.

* Cisco IP Phone models 8821 and 8831 are not supported