Tech Brief

NEXTPLANE CONVERSECLOUD VS. CISCO WEBEX EXTERNAL (GUEST) ACCOUNT

Collaboration platforms, such as Cisco Webex, provide uninhibited and open collaboration within the enterprise. But, increasingly large enterprises are using more than one Team Collaboration solution. And when you look outside the company to customers, partners, or suppliers, the number of collaboration platforms in use becomes even more diverse.

Cisco Webex provides External Account as an alternative to interoperability. Webex External Account allows your Cisco Webex users to invite ANY external users with a business or consumer email account, such as Gmail, to participate as an External in your Cisco Webex with full access to team chats, meetings, and files.

Though this sounds like an easy way to provide external access for your organization, there are limitations and security risks that you need to consider before enabling External Account across your organization.

Let’s walk through the risks of enabling External Accounts on your Cisco Webex.

Security and Access Control

Setting up Webex External Accounts can be confusing, and is a big security concern. When the Cisco Webex users send their invitations, non-Cisco Webex users are NOT initially required to have an account on the Cisco WebEx to communicate with WebEx users. However, this temporary access, available via URL, is only valid for 24 hours. After 24 hours, the external users must sign up for a WebEx team account to continue collaborating with their colleagues through the platform.

Compared to Cisco WebEx Enterprise account password policies, the password policy for external Cisco WebEx accounts is vulnerable and does include Two-Factor Authentication (2FA). As a result, it’s nearly impossible for you to control whether accounts have strong security measures like password complexity check, password expiration, and Two-Factor Authentication (2FA).

Cisco WebEx External account:
At least six characters
At least 1 number (0-9)
At least 1 letter (a-z,A-Z)

Cisco WebEx Enterprise account: At least eight characters
At least 1 number (0-9)
At least 1 lowercase letter a-z
At least 1 uppercase letter A-Z
At least 1 special character ~!@#$%^&*()-_=+[]{}|;:,.<>/?

Also, In Cisco WebEx, your end-users are responsible for their external contacts’ participation and access to Spaces, including access to any sensitive files and documents in their Spaces. As a result, you can not control which external contact has access to your users’ Spaces and revoke their access in case of a security breach or incident.

According to security experts, Cisco External Accounts with weak passwords can become potential targets to wreak havoc on your unsuspecting Cisco Webex users. Since these users belong to other companies, you cannot disable their External Accounts. As a result, External accounts can become permanent backdoors to your infrastructure. The majority of IT departments view Cisco External Account as an unmitigated risk to their infrastructure.

Control and Management

Except at the domain level, which requires Pro Pack for Cisco Webex Control Hub for an additional cost of over $30.00 per user/mon, you can’t manage, limit access, or limit the number of Cisco WebEx External accounts.

Moreover, you do not have any tools for monitoring and troubleshooting any issues related to External accounts.

Even in internal mixed environments enabling external accounts will allow your end-users to send invites to users outside of your organization.

NextPlane ConverseCloud vs. Cisco WebEx Guest Accounts

NextPlane ConverseCloud for Cisco WebEx Federation

Unlike the Cisco External Account, NextPlane gives you user-level control on your federations. It also allows you to track and control your users by federated domains.

To provide you with user-level control requires your users to install the NextPlane app on their MS Teams clients and send chat invitations.

NextPlane bot takes advantage of the Cisco Webex APIs to provide a richer collaboration experience for both Cisco Webex and Non-Cisco Webex users:

  • Add external contacts
  • See external contacts’ profiles
  • Share presence
  • Exchange chat and IM messages with external contacts
  • Invite external users to channels
  • Send messages with rich-text
  • Send messages with emoji reactions
  • Share files

To establish a communication channel between the Cisco Webex users and their external contacts, NextPlane creates Webex user accounts to act as proxies for external contacts (non-Cisco Webex contacts).

To connect with external contacts, Cisco Webex users need to add the nextplane bot (nextplane@webex.bot) that provides them with the invite command. By initiating it, your users can send an invitation to connect to their external colleagues. The nextplane bot is available from NextPlane for Cisco Webex.

The NextPlane bot is not an executable code. It’s a registration of NextPlane ConverseCloud within the Cisco Webex infrastructure. This registration provides NextPlane ConverseCloud with an access token to call the Cisco Webex API methods and listen to Cisco Webex events on behalf of the NextPlane bot.

The nextplane bot only routes chat messages between your Cisco Webex users and the NextPlane ConverseCloud. It treats Cisco Webex chat inputs as a command and translates them into contact requests, such as SIP invites, and sends them to non-Cisco Webex contacts. When the contact request is accepted, it adds the invited contact to the contact list.

Security

NextPlane ConverseCloud only uses the Cisco Webex APIs to exchange chat messages with the Cisco Webex users and does not use any other APIs, such as the Cisco Graph API. By limiting all the internal operations and workflows to the Cisco Bot Framework, NextPlane does not need or require access to any admin credentials or elevated privileges.

During the installation, the nextplane bot will request the following permissions:

  • To receive messages and data
  • To send messages and notifications
  • To access user profile information

To send and receive messages, NextPlane uses authenticated and encrypted channels. The federated platform may use TLS-enabled SIP, XMPP, or HTTP protocol. The Cisco Webex users’ messages are transferred via the OAuth2-authenticated and TLS-enabled HTTP connection between NextPlane ConverseCloud and the Cisco Bot Connector.

Privacy

The Cisco Webex permissions are to ONLY send and receive messages to/from the invited contacts.

NextPlane ConverseCloud collects different kinds of information, including personally identifiable ones. The following are the types of information NextPlane ConverseCloud collects:

Database

ConverseCloud collects Cisco Webex users’ ID and profile information (name and email) and keeps them in its database. ConverseCloud only uses this information to provide external contacts with their connected Cisco Webex’ users’ contact details.

Log Data

The NextPlane servers automatically record a log entry for each message they process. The log entry contains only the metadata without the message content. The metadata consists of the following fields:

  • Sender address (e.g., john@acme.com)
  • Receiver address (e.g., peter@widget.com)
  • Message type (IM, Presence, typing, error)
  • Time and date of the message
  • Chat session ID

Management

Using NextPlane Management Portal, you can seamlessly connect different collaboration platforms within your company, or partners such as customers, partners, or suppliers outside your company. The NextPlane management portal provides customers with trailing 12 months of charts and graphs depicting the number of unique users, the number of messages exchanged, as well as detailed usage reports by internal and external federated domains and platforms.

Get More Information

NextPlane can help you with your interoperability and federation needs. Learn how the NextPlane ConverseCloud can help your business by visiting NextPlane, requesting a demo, or by connecting with us at sales@nextplane.net


Download Report