Actually if you read the paper, the architecture is designed in such a way that the key management server can be implemented as an on-premise box while all the rest of your data lives in Cisco's cloud. In that situation, Cisco has access to your data but it's fully encrypted with keys that they do not have access to, making it a true end-to-end solution. It's a pretty interesting design that allows companies to be the only ones with access to the raw, unencrypted data while still letting Cisco manage everything in the cloud.
Now this does only apply for companies that choose to go with the on-premise KMS, if not, Cisco manages the KMS in their own cloud as well, which does mean it's not a true e2e solution (although like I said, I can speak with a pretty high level of confidence that security is one of the top priorities)
But the client (Cisco software) does the encryption does it not? Therefore it has access to the unencrypted data, therefore can do what it likes with it.
I mean I suppose that's true but that's a terribly weak argument. You could say the same thing about Signal which is considered one of the most secure messaging applications on the market at the moment. It's pretty trivial to monitor network traffic to see that the unencrypted data never leaves your own device
Now this does only apply for companies that choose to go with the on-premise KMS, if not, Cisco manages the KMS in their own cloud as well, which does mean it's not a true e2e solution (although like I said, I can speak with a pretty high level of confidence that security is one of the top priorities)