Slack talks up security with new encryption options, FedRAMP certification

Looking to show it can keep communication data secure and meet compliance demands, Slack unveiled several updates for its popular team chat app.

Slack logo / security / network
Slack / Your Photo / Getty Images

As Slack works to entice large organizations to deploy its channel-based collaboration app, the company is touting a variety of security upgrades, including an expanded enterprise key management (EKM) system and stronger compliance capabilities.

Among the updates announced Tuesday is the extension of EKM to give admins greater flexibility over the encryption of message data. Slack’s EKM, introduced in 2018 for Enterprise Grid customers, can now cover data sent by users accessing the Workflow Builder automation tool. The company also plans to expand EKM to messages sent in Slack Connect - the company’s  recently announced platform for multi-company conversations - when it launches later this year. 

Customers will also be able to choose which geographic region to store encryption keys, in line with Slack’s data residency capabilities. Key storage will be available in Frankfurt, London, Paris, Sydney, Tokyo and, now, Montreal.  

A new integration with data monitoring application Splunk allows audit logs to be grabbed from Enterprise Grid and pulled into a Splunk dashboard to more easily visualize data such as display logins, file actions and app installs. That can help security teams keep an eye on suspicious behavior and track usage trends across an organization. 

“With this information, companies can improve service levels, reduce operational costs, mitigate risk, enhance DevOps collaboration, and identify opportunities to create new product and service offerings,” Slack said in a blog post. 

The company also plans upcoming support for Microsoft’s Intune mobile application management platform to ensure that sensitive data can be deleted if an employee device goes missing. And it has added “information barriers” to block communications for compliance purposes, such as preventing discussions between traders and investment bankers at a financial institution.  

“This level of granular control allows admins to meet rules and regulations without blocking organization-wide collaboration,” Slack said.  

The company also upgraded its FedRAMP authorization to Moderate, the second of three levels for cloud service providers, expanding its potential within the public sector.

“Meeting these requirements can be a complex and lengthy process and should position Slack at a different level among a few select companies,” said Raul Castanon, senior analyst at 451 Research / S&P Global Market Intelligence. “This represents an important opportunity for the company and could have an impact beyond government agencies and contractors.”

Improved security and compliance capabilities have been a key focus for Slack in recent years, especially with the recent explosion in remote work.

“The new features recently announced show that Slack is steadily making progress, building up and enhancing data security controls in its platform over the past two years,” Castanon said. “The announcement is timely: nearly six months into the lockdown, organizations are looking at remote work as the ‘new normal.’”

A recent 451 Research survey indicated that the shift to remote work has shone a spotlight on security and collaboration. “These are among the top priorities for increased technology product/service spending,” said Castanon.  

“The recent product updates in Slack align with these trends, closing several gaps that should allow the company to support remote workers, including those in organizations with strict compliance and security requirements as well as use cases involving remote collaboration.” 

Copyright © 2020 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon