Cisco Spark Security

Cisco Spark uses industry-leading encryption to ensure data remains confidential, available, and secure at all times.

End-to-end encryption of content

Cisco Spark uses industry-leading encryption to ensure data remains confidential, available, and secure at all times.

The Cisco Spark app encrypts your data before it leaves your device. Data stays encrypted when it's in transit to our cloud servers; when we process your data (data in-use) and when we store it (data at-rest).

Encryption of all content is done using dynamic keys from the key management server (KMS). There is a unique key per Cisco Spark space, which only authorized members of the space will be allowed access to obtain. Cisco Spark messaging content, files and Cisco Spark Board content are encrypted using keys from key management server.

Encryption in transit

We use Secure HTTP (HTTPS) to encrypt data in transit between your device and our servers, which protects the identities of the senders and receivers of the encrypted content.

All media in Cisco Spark, such as voice, video, desktop share, and white boarding are transmitted using Secure Real-Time Transport Protocol (SRTP; is defined in RFC 3711). Currently, the Cisco Spark Platform decrypts real-time media for mixing, distribution, and public switched telephone network (PSTN) trunking and demarcation purposes.

Authorisation and Authentication

Only people who have successfully authenticated with our service can view messages and files in Cisco Spark spaces. Unauthorized people who try accessing the URL of a space can’t see what has been shared.

Cisco Spark Hybrid data security (Spring 2017)

The cornerstone of end-to-end content encryption in the Cisco Spark Platform is a component known as the key management server (KMS). The KMS is responsible for creating, storing, authorizing, and providing access to the encryption keys that the Cisco Spark app uses to encrypt and decrypt messages and files. End-to-end encryption in Cisco Spark is possible because of the architectural and operational separation between the KMS and the rest of the Cisco Spark Platform. Think of them as being in separate realms, or trust domains, in the cloud: The KMS is in the security realm and all other component services that make up Cisco Spark are in the core. Security-conscious enterprise customers may choose to deploy the security realm services, including the KMS, on their own premises.

The upcoming Hybrid Data Security (limited availibility release) will include:

On-prem deployment of the security realm through the Cloud Collaboration Management portal (CCM)

Key management services. (Bring your own DB for storage of keys.)

Search indexer: Create and encrypt search indexes, submit encrypted search terms for content searches.

eDiscovery on-prem engine: While the eDiscovery UI will be hosted in the cloud, the engine remains on-prem for customers who opt to deploy HDS in their data centers.

Auto-upgrades, alerts, and notifications.

Local logs/audits of access to keys.