Slack enhances data security controls with new features

Giving administrators more control and visibility while enabling external collaboration to occur securely.
Written by Aimee Chanthadavong, Contributor

Slack has announced a set of new features aimed at giving administrators more control and visibility over their data, allowing customers to better comply with industry or region-specific security requirements, and enabling secure collaboration with external organisations.

The platform has introduced enterprise key management (EKM) support for Workflow Builder to enable full encryption of a workflow, including a workflow's steps, message, forms, channel destinations, and the data collected.

Additionally, it has partnered with Splunk to enable Slack audit logs -- including user login events, what operating systems are being used, user browser clients, configuration changes -- to be automatically ingested directly into Splunk before the data is visualised and analysed in pre-built dashboards.

Slack has also introduced a feature that enables administrators to designate a minimum app version of the Slack mobile app for all users to download and determine when it goes into effect.

Slack CSO Larkin Ryder explained how the new features have been designed to address growing concerns among companies as employees continue to work remotely.

"People are leaning into remote working like they never have before and they're having all the challenges of making those cultural changes in their companies. At the same time, they're being subject to additional cybersecurity attacks by hackers who are perpetrating phishing scams against the email services that most people still rely on for day-to-day collaboration," she told ZDNet.

"I talk to my fellow CSOs on a regular basis and we all share our COVID story, and the number one story I'm hearing from CSOs across the industry is about these phishing scams and what am I going to do to keep my organisation safe."

In addition, Slack has revealed it has attained moderate FedRAMP authorisation in the United States to enable government agencies and contractors to handle information on Slack.

Off the back of debuting Connect in June, Slack has also announced it will deliver EKM support for channels in Connect. Ryder said it will allow companies to manage their own encryption keys, including the ability to encrypt and decrypt channels within Connect, as well as the rights to revoke those keys so data will become unviewable by everyone else in the channel, including Slack.

Slack also plans to introduce verified checkmarks for organisations on Connect, but how the company plans to go about verifying companies, Ryder said: "Those details are being worked out".

"We have had a lot of conversations about what is the right way to do that because … it's not an easy problem at all. Really, you know that people really are who they say they are because we ask for driver's licenses and passports with individuals," she said.

"Companies don't have that. They have other indicators, so we're trying to identify what are the best indicators to validate that the people that we're interacting with really are who they say they are."

Other features "coming soon" include information barriers to restrict communications between specific users to avoid conflicts of interest or safeguard important information and integrating Slack with Microsoft Intune mobile application management so policies can be set across apps within a mobile device ecosystem to prevent corporate data being leaked.

Related Coverage

Editorial standards