Location Analytics Privacy Information
CMX (Connected Mobile Experience), Cisco Meraki’s cloud-based location analytics and user engagement solution, provides data about visitors to physical locations, enabling businesses to better understand the behavior of clients. CMX is available with all Cisco Meraki wireless access points.
CMX data is gathered by capturing and analyzing the beacons that every WiFi enabled device periodically emits when its WiFi antenna is turned on in order to detect the presence of nearby wireless networks. The Cisco Meraki dashboard displays anonymized and aggregated statistics on nearby devices, whether they join the network or not.
CMX distinguishes between devices and recognizes repeat visitors by collecting a MAC address, the unique identifier assigned to every device connecting to wired or wireless networks. Only a device's MAC address is captured, and the aggregated data provided to businesses using CMX can't be traced back to an individual without the business having prior knowledge of the MAC address of that person's device.
Cisco Meraki uses a one-way hash function to anonymize MAC addresses before storage. The function is irreversible; given a specific hashed MAC, there is no way to undo the function to reveal the original MAC address. In addition, bytes are dropped from the hashcode, meaning that even if one knew the hash function, they could not determine if a specific MAC had visited a location. Hashed MAC addresses are unique to each business or organization, so it is not possible to view CMX data for a single device across networks with different owners.
Our datacenters are protected by enterprise-class physical and network security, and are subjected to regular audits and penetration tests by independent third parties.
In addition to providing statistics to businesses within the Cisco Meraki dashboard, through the CMX API we export MAC addresses of probing clients, consistent with industry standards. Retail and enterprise customers can use the CMX API to integrate CMX data from their network with their own custom-built applications.
The CMX API provides no mechanism to connect MAC addresses with any other personal information. In order to leverage CMX data to identify or communicate with visitors, businesses must request that data directly.
We provide a set of best practices to users of the CMX API, and it is their responsibility to take appropriate measures to safeguard the privacy of personally identifiable information that they may collect.
If you would like to exclude your WiFi-enabled devices from CMX services, you may do so through a simple opt-out form, available here https://account.meraki.com/optout. Opting out will exclude your MAC address from CMX analytics in the Cisco Meraki dashboard and from export through the CMX API. It is the Cisco Meraki customer’s responsibility to notify visitors that CMX services are in use.
Security Vulnerability Rewards Program
Our customers’ security is a top priority for the Cisco Meraki team. We invest heavily in tools, processes, and technologies to keep our users and their networks safe, including third party audits, features like two factor authentication, and our out of band cloud management architecture. The Cisco Meraki vulnerability rewards program is an important component of our security strategy, encouraging external researchers to collaborate with our security team to help keep networks safe.
Reporting security issues
If you are a user and have a security issue to report regarding your account (issues including password problems and account abuse issues), non-security bugs, and questions about issues with your network please contact Cisco Meraki Support.
If you think you have discovered a vulnerability in a Cisco Meraki product or service, email [email protected] to include it in our Vulnerability Rewards program. We encourage the encryption of sensitive information that is sent to us via email, and support encrypted messages via PGP/GNU Privacy Guard (GPG). Please use our public key (ID 0x31130C04). We take these reports seriously and will respond swiftly to fix verifiable security issues. When properly notified of legitimate issues, we will do our best to acknowledge your report, assign resources and fix potential problems as quick as possible. Some of our products and services are complex and take time to update — in the spirit of furthering security, we ask that you provide reasonable time for us to address the vulnerability before any public disclosure.
Services in scope
Any Cisco Meraki web service that handles reasonably sensitive user data is intended to be in scope. This includes virtually all the content under *.meraki.com. In addition to Cisco Meraki-operated web properties, Systems Manager client applications and Cisco Meraki hardware devices are also in scope.
It is difficult to provide a definitive list of bugs that will qualify for a reward: any bug that substantially affects the confidentiality or integrity of user data is likely to be in scope for the program. Common examples include:
- Cross-site scripting
- Cross-site request forgery
- Cross-site script inclusion
- Mixed scripting
- Flaws in authentication and authorization mechanisms
- Server-side code execution or command injection bugs
The following reports are definitely excluded:
- Attacks against Meraki / Cisco corporate infrastructure
- Attacks against Cisco infrastructure outside of the *.meraki.cisco.com, and *.meraki.com domains
- Attacks against the free tools Meraki Stumbler and Planner
- Social engineering and attacks on physical facilities
- Brute-force denial of service attacks
- Vulnerabilities in Cisco Meraki-branded services operated by third parties.
- URL redirection, logout cross-site request forgery
- Flaws present only when using out-of-date browsers or plugins
- Attacks by an organization owner that affect the organization’s own users (e.g. malicious custom splash pages)
- Vulnerabilities found in Cisco services outside of the Cisco Meraki brand
Out of concern for the availability of our services to all users, we ask you to refrain from using any tools that are likely to automatically generate significant volumes of traffic. Of course, your testing must not violate any law, or disrupt or compromise any data that is not your own. When investigating a vulnerability, please only target your own account. Never attempt to access anyone else's data and do not engage in any activity that would be disruptive or damaging to Cisco Meraki, Cisco Meraki customers, or Cisco Meraki users.
Rewards for qualifying bugs range from $100 to $2,500. Each bug is rewarded based on the severity of the vulnerability found, as determined by the Cisco Meraki reward panel. Limit one reward per bug.
Frequently asked questions
Q: Who determines whether my report is eligible for a reward?
A: The reward panel consists of the members of the Cisco Meraki Security Team and Chief Technology Officer Bret Hull.
Q: What happens if I disclose the bug publicly before you had a chance to fix it?
A: We promise to respond promptly and fix bugs in a sensible timeframe — and in exchange, we ask for a reasonable advance notice. Reports that go against this principle will not qualify.
Q: What if somebody else also found the same bug?
A: Only the first person to alert us to a previously unknown flaw will qualify.
Q: Can I report a problem privately?
A: Yes. If you are selected as a recipient of a reward, and if you accept, we will need your contact details to process the payment. You can request not to be accredited publicly.
We are unable to issue rewards to individuals who are on sanctions lists, or who are in countries (e.g. Cuba, Iran, North Korea, Sudan and Syria) on sanctions lists. You are responsible for any tax implications depending on your country of residency and citizenship. There may be additional restrictions on your ability to enter depending upon your local law.
99.99% Reliability SLA
Highly Available Redundant Architecture
SSAE16 Type II Audited Datacenters
Cisco Meraki operates the industry's largest-scale Cloud Networking service. The Cisco Meraki cloud service powers over tens of thousands of networks worldwide and connects millions of devices. Cisco Meraki also has the most experience in the cloud, having run its production service continuously for seven years. The Cisco Meraki Cloud Networking platform is trusted by thousands of IT professionals, from enterprises to hospitals, banks, and retailers.
This website is the central repository of information regarding security, privacy, and reliability as related to Cisco Meraki cloud hosted services. Here you will find information concerning:
- Our datacenters, our security processes, and certifications
- How we safeguard your data
- Best practices for securing your organization's network
- How Cisco Meraki networks continue to operate when disconnected from the cloud
- PCI compliance information, tools, and best practices
- Cisco Meraki’s 99.99% uptime Service Level Agreement
Cisco Meraki Datacenter Design
The Cisco Meraki service is colocated in tier-1, SAS70 type II / SSAE16 certified datacenters. These datacenters feature state of the art physical and cyber security and highly reliable designs. All Cisco Meraki services are replicated across multiple independent datacenters, so that customer-facing services fail over rapidly in the event of a catastrophic datacenter failure.
- 99.99% uptime service level agreement (that's under one hour per year)
- 24x7 automated failure detection — all servers are tested every five minutes from multiple locations
- Rapid escalation procedures across multiple operations teams
- Independent outage alert system with 3x redundancy
- Globally distributed datacenters
- Every customer's data (network configuration and usage metrics) replicated across three independent datacenters
- Real-time replication of data between datacenters (within 60 seconds)
- Nightly archival backups
- Rapid failover to hot spare in event of hardware failure or natural disaster
- Out of band architecture preserves end-user network functionality, even if connectivity to the Cisco Meraki cloud services is interrupted
- Failover procedures drilled weekly
Cloud Services Security
- 24x7 automated intrusion detection
- Protected via IP and port-based firewalls
- Remote access restricted by IP address and verified by public key (RSA)
- Systems are not accessible via password access
- Administrators automatically alerted on configuration changes
- Only network configuration and usage statistics are stored in the cloud
- End user data does not traverse through the datacenter
- All sensitive data (e.g., passwords) stored in encrypted format
- A high security card key system and biometric readers are utilized to control facility access
- All entries, exits, and cabinets are monitored by video surveillance
- Security guards monitor all traffic into and out of the datacenters 24x7, ensuring that entry processes are followed
- Datacenters feature sophisticated sprinkler systems with interlocks to prevent accidental water discharge
- Diesel generators provide backup power in the event of power loss
- UPS systems condition power and ensure orderly shutdown in the event of a full power outage
- Each datacenter has service from at least two top-tier carriers
- Seismic bracing is provided for the raised floor, cabinets, and support systems
- In the event of a catastrophic datacenter failure, services fail over to another geographically separate datacenter
- Over-provisioned HVAC systems provide cooling and humidity control
- Flooring systems are dedicated for air distribution
Regular Penetration Testing
- All Cisco Meraki datacenters undergo daily penetration testing by an independent third party
- Cisco Meraki datacenters are SSAE16 / SAS70 type II certified
Out of Band Control Plane
Cisco Meraki’s out of band control plane separates network management data from user data. Management data (e.g. configuration, statistics, monitoring, etc.) flows from Cisco Meraki devices (wireless access points, switches and security appliances) to the Cisco Meraki cloud over a secure Internet connection. User data (web browsing, internal applications, etc.) does not flow through the cloud, instead flowing directly to its destination on the LAN or across the WAN.
Advantages of an out of band control plane:
- Unlimited throughput: no centralized controller bottlenecks
- Add devices or sites without MPLS tunnels
- Redundant cloud service provides high availability
- Network functions even if management traffic is interrupted
- No user traffic passes through Cisco Meraki’s datacenters
- Fully HIPAA / PCI compliant
What happens if my network loses connectivity to the Cisco Meraki cloud?
Because of the Cisco Meraki out of band architecture, most end users are not affected if Cisco Meraki wireless APs, switches or security appliances cannot communicate with Cisco Meraki cloud services (e.g., because of a temporary WAN failure):
- Users can access the local network (printers, file shares, etc.)
- If WAN connectivity is available, users can access the Internet
- Network policies (firewall rules, QoS, etc.) continue to be enforced
- Users can authenticate via 802.1X/RADIUS
- Wireless users can roam between access points
- Users can initiate and renew DHCP leases
- Established VPN tunnels continue to operate
- Local configuration tools are available (e.g., device IP configuration)
While the Cisco Meraki cloud is unreachable, management, monitoring, and hosted services are temporarily unavailable:
- Configuration and diagnostic tools are unavailable
- Usage statistics are stored locally until the connection to the cloud is re-established, at which time they are pushed to the cloud
- Splash pages and related functionality are unavailable
Security Tools and Best Practices for Administrators
In addition to the Cisco Meraki secure out of band architecture and hardened datacenters, Cisco Meraki offers a number of tools for administrators to maximize the security of their network deployments. Use of these tools provide optimal protection, visibility, and control over your Cisco Meraki network. This page contains information about how to quickly and easily increase the security of your meraki.com accounts and our recommended best practices for account control and auditing. For more information, see Cisco Meraki manuals.
Enable two-factor authentication
Two-factor authentication adds an extra layer of security to an organization's network by requiring access to an administrator's phone, in addition to her username and password, in order to log in to Cisco Meraki cloud services. Cisco Meraki’s two factor authentication implementation uses secure, convenient, and cost effective SMS technology: after entering their username and password, an administrator is sent an a one-time passcode via SMS, which they must enter before authentication is complete. In the event that a hacker guesses or learns an administrator's password, she still will not be able to access the organization's account, as the hacker does not have the administrator's phone. Cisco Meraki includes two-factor authentication for all enterprise users at no additional cost.
Strengthen your password policies
You can configure organization-wide security policies for your Cisco Meraki accounts to better protect access to the Cisco Meraki dashboard. Under Organization > Configure, you may:
- Force periodic password change (e.g., every 90 days)
- Require minimum password length and complexity
- Lock users out after repeated failed login attempts
- Disallow password reuse
- Restrict logins by IP address
Enforce the principle of least privilege with role-based administration
Role-based administration lets you appoint administrators for specific subsets of your organization, and specify whether they have read-only access to reports and troubleshooting tools, administer managed guest access via Cisco Meraki’s Lobby Ambassador, or can make configuration changes to the network. Role-based administration reduces the chance of accidental or malicious misconfiguration, and restricts errors to isolated parts of the network.
Enable configuration change email alerts
The Cisco Meraki system can automatically send human-readable email alerts when network configuration changes are made, enabling the entire IT organization to stay abreast of new policies. Change alerts are particularly important with large or distributed IT organizations.
Periodically audit configuration and logins
Cisco Meraki logs the time, IP, and approximate location (city, state) of logged in administrators. Additionally, Cisco Meraki provides a searchable configuration change log, which indicates what configuration changes were made, who they were made by, and which part of the organization the change occurred in. Auditing configuration and login information provides greated visibility into your network.
Verify SSL certificates
Cisco Meraki accounts can only be accessed via https, ensuring that all communication between an administrator's browser and Cisco Meraki cloud services is encrypted. As with any secure web service, do not log in if your browser displays certificate warnings, as it may indicate a man-in-the-middle attack.
30 seconds before being logged out, users are shown a notice that allows them to extend their session. Once time expires, users are asked to log in again.
Cisco Meraki provides a comprehensive solution to ensure a PCI compliant wireless environment held to the strict standards of a Level 1 PCI audit (the most rigorous audit level). Cisco Meraki’s rich security feature set addresses all of the PCI Data Security Standards, helping customers to build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, and monitor network security.
Unlike traditional networks, Cisco Meraki’s intelligent security infrastructure eliminates the management complexities, manual testing, and ongoing maintenance challenges that lead to vulnerabilities. Cisco Meraki’s intuitive and cost effective security features are ideal for network administrators, while powerful and fine-grained administration tools, account protections, audits, and change management appeal to CISOs.
Centrally managed from the cloud, Cisco Meraki makes it easy and cost effective to deploy, monitor, and verify PCI compliant networks across distributed networks of any size.
Secure retail environments using Cisco Meraki: See customer stories
PCI-DSS requirements applicable to wireless LANs and their related Cisco Meraki features:
- Cisco Meraki Infrastructure – Isolated from the Cardholder Data Environment
- Requirement 1.2.3 – Segregate Wireless Network and the Cardholder Data Environment
- Requirement 2.1.1 – Change Vendor Defaults and Enable Strong Encryption
- Requirement 4.1.1 – Encrypt Authentication and Transmission with Industry Best Practices
- Requirement 6.1 – Use the Latest Security Patches
- Requirement 7.2 – Restrict Access Based on a User’s Need to Know
- Requirement 8 – Implement User-Based Access Controls
- Requirement 10 – Track and Monitor All Access to Network Resources
- Requirement 11.2/11.3 – Perform Regular Audits and Penetration Testing
- Requirement 11.1/11.4 – Detect Unauthorized Access
Cisco Meraki Infrastructure – Isolated from the Cardholder Data Environment
The Cisco Meraki cloud-hosted management system is out of band, meaning that traffic (including cardholder data) does not flow through Cisco Meraki’s cloud or any other Cisco Meraki infrastructure not behind your firewall. Learn more about Meraki’s out of band architecture. Cisco Meraki datacenters are SSAE16 / SAS70 type II certified, feature robust physical and cyber security protection, and are regularly audited by third parties. Learn more about Cisco Meraki’s datacenters.
Requirement 1.2.3 – Segregate Wireless Networks and the
Cardholder Data Environment
Cisco Meraki wireless APs include an integrated stateful firewall which ensures that guest WiFi users and other non-privileged clients cannot access cardholder data, in conformance with Requirement 1.2.3. The firewall’s LAN isolation feature enables one-click secure guest WiFi, wherein guests can only access the Internet. Blocked from LAN access, guests cannot spread viruses or reach internal resources. Cisco Meraki’s firewall provides fine-grained control, from layer 3 through 7. Configure VLAN tags, ACLs, identity-based policies, and block unwanted applications — even peer-to-peer apps without well-known hosts and ports.
Requirement 2.1.1 – Change Vendor Defaults and Enable Strong Encryption
Cisco Meraki does not ship with default vendor keys that need to be changed. Cisco Meraki hardware is configurable through an SSL-encrypted connection, accessible only by authenticated users. To comlpy with Requirement 2.1.1, simply enable strong security standards, such as WPA2 (802.11i). See Requirement 4.1.1 for more information on wireless encryption.
Requirement 4.1.1 – Encrypt Authentication and Transmission with
Industry Best Practices
Compliant networks require strong encryption using industry best-practices, e.g., WPA2, for wireless networks used for cardholder data. Cisco Meraki supports WPA2 (802.11i), offering both WPA2-PSK and WPA2-Enterprise with AES encryption. To maintain compliance with Requirements 4.1.1 and 2.1.1, enable WPA2 on any SSID that cardholder data is transferred over. Since Cisco Meraki’s firewall will isolate traffic between SSIDs, WPA2 need not be enabled on SSIDs that are not used for cardholder data (e.g. a guest WiFi SSID.)
Requirement 6.1 – Use the Latest Security Patches
Cisco Meraki firmware updates are delivered seamlessly from the cloud to APs, security appliances, and switches. When firmware updates are available, an administrator simply schedules an appropriate time for Cisco Meraki devices to download and install the new version, eliminating insecure and out of date firmware in the Cardholder Data Environment. This delivery model facilitates compliance with Requirement 6.1 – without deciphering compatibility matrices, time consuming manual updates, site visits to branch locations.
Requirement 7.2 – Restrict Access Based on a User’s Need to Know
Cisco Meraki provides role-based administration to enforce the principle of least privilege in compliance with Requirement 7.2. Role-based administration lets you appoint administrators for specific subsets of your organization and specify whether they have read-only access to reports and troubleshooting tools, can administer managed wireless guest access via Cisco Meraki’s Lobby Ambassador, or can make configuration changes to the network.
Requirement 8 – Implement User-Based Access Controls
Cisco Meraki includes a comprehensive suite of features to enable unique ID and authentication methods for network administration, in compliance with Requirement 8. Configure organization-wide security policies for your Cisco Meraki administrator accounts to better protect access to the Cisco Meraki dashboard and network infrastructure. These policies include account protections such as two-factor authentication, password hardening policies, and the use of encrypted transmission (SSL/TLS) for access to the Cisco Meraki dashboard.
Requirement 10 – Track and Monitor All Access to Network Resources
Cisco Meraki logs the time, IP, and approximate location (city, state) of logged in administrators. Additionally, Cisco Meraki provides a searchable configuration change log, which indicates what configuration changes were made, who they were made by, and which part of the organization the change occurred in. Auditing this configuration and access information satisfies Requirement 10 and provides greater visibility into your network.
Requirement 11.2/11.3 – Perform Regular Audits and Penetration Testing
Cisco Meraki datacenters undergo thorough quarterly scans and daily penetration testing by McAfee SECURE, an Approved Scanning Vendor (ASV). Cisco Meraki is verified to be free of vulnerabilities such as injection flaws, cross-site scripting, misconfiguration, and insecure session management. Cisco Meraki datacenters are SSAE16 / SAS70 type II certified and hardened against physical and network intrustion. These procedures exceed the scanning and penetration testing requirements of requirement 11.2 and 11.3, respectively.
Requirement 11.1/11.4 – Detect Unauthorized Access
Cisco Meraki’s out-of-the-box WIDS/WIPS, Air Marshal, protects the network from unauthorized wireless access points that may compromise network security. Rogue APs are unauthorized wireless APs that connect to your wired LAN, or that connect to a separate network but masquerade as part of your WLAN, using your same SSID. Cisco Meraki automatically detects rogue APs, identifying their IP address, VLAN, manufacturer, and model, and optionally contains them to neutralize their threat. Air Marshal includes network-wide visualization, email alerts, and reporting, meeting Requirements 11.1 and 11.4.
For more information about Cisco Meraki security capabilities, PCI compliance, and configuration best practices, please contact a Cisco Meraki specialist.
EU Privacy and Data Protection Compliance
The Cisco Meraki team is committed to privacy, data security, and compliance with applicable regulatory environments, both domestically and abroad. The Meraki cloud-based architecture is designed from the ground up with privacy and data security in mind.
Meraki’s technical architecture and its internal administrative and procedural safeguards assist customers with the design and deployment of cloud-based networking solutions in compliance with EU data privacy regulations.
In addition, the Cisco Meraki product line complies with the U.S. - E.U. Safe Harbor framework and the U.S. - Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Cisco Meraki has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program please visit http://www.export.gov/safeharbor/, and to see our certification please click here.
Additional information regarding the safeguards we employ with respect to data transfers from E.U. and Switzerland-based companies can be found in our FAQ for Customers on Compliance with European Data Protection Laws. This document is also available in German and French.
Cisco Meraki Service Level Agreement
This Service Level Agreement (this “Agreement”) sets forth Cisco Meraki’s obligations and our customers’ rights with respect to the performance of Cisco Meraki’s Hosted Software. All capitalized terms used but not otherwise defined in this Agreement have the meanings given to them in the End Customer Agreement, available at meraki.cisco.com/support/#policies, or as otherwise entered into between Cisco Meraki and Customer (the “Customer Agreement”).
1. Definitions. For purposes of this Agreement, the following terms have the meaning ascribed to each term below:
“Downtime” means if the Hosted Software is unavailable to Customer due to failure(s) in the Hardware, Firmware, or Hosted Software, as confirmed by both Customer and Cisco Meraki.
“Monthly Uptime Percentage” means the total number of minutes in a calendar month minus the number of minutes of Downtime suffered in a calendar month, divided by the total number of minutes in a calendar month.
“Service Credit” means the number of days that Cisco Meraki will add to the end of the Term, at no charge to Customer.
2. Service Level Warranty. During the Term, the Hosted Software will be operational and available to Customer at least 99.99% of the time in any calendar month (the “Service Level Warranty”). If the Monthly Uptime Percentage does not meet the Service Level Warranty in any calendar month, and if Customer meets its obligations under this Agreement, then Customer will be eligible to receive Service Credit as follows:
|< 99.99% - ≥ 99.9%||3|
|< 99.9% - ≥ 99.0%||7|
3. Customer Must Request Service Credit. In order to receive any of the Service Credits described above, Customer must notify Cisco Meraki within 30 days from the time Customer becomes eligible to receive a Service Credit. Failure to comply with this requirement will forfeit Customer’s right to receive a Service Credit.
4. Maximum Service Credit. The aggregate maximum amount of Service Credit to be issued by Cisco Meraki to Customer for all Downtime that occurs in a single calendar month will not exceed 15 days. Service Credit may not be exchanged for, or converted into, monetary amounts.
5. Exclusions. The Service Level Warranty does not apply to any services that expressly exclude this Service Level Warranty (as stated in the documentation for such services) or any performance issues (i) caused by Force Majeure on the terms set forth in Section 9.3 of the Agreement, (ii) that resulted from Customer’s equipment or third party equipment, or both (not within the primary control of Cisco Meraki), or (iii) that otherwise resulted from Customer’s violation of Sections 3.5 or 4.2 of the Agreement.
6. Exclusive Remedy. This Agreement states Customer’s sole and exclusive remedy for any failure by Cisco Meraki to meet the Service Level Warranty.