Slack beefs up security with enterprise key management

Collaboration software vendor Slack has announced the rollout of Enterprise Key Management (EKM) to tighten up security and compliance for its enterprise customers.

Hannah Williams Nov 16th 2018

Collaboration software vendor Slack has announced the rollout of Enterprise Key Management (EKM) to tighten up security and compliance for its enterprise customers.

Speaking on stage at the Slack Frontiers event in London yesterday, April Underwood, chief product officer at Slack said: “It is the same Slack but what it offers administrators is the ability to turn off access to data at any point. You can also turn it off for very specific data sets, channels and timeframes.

“You can do it very seamlessly with very few employees affected. We have just started taking off with pilots and it will be launched on Enterprise Grid this winter,” she added.

Announced at its US Frontiers event in September, the EKM solution is expected to offer core protection of sensitive data in response to data protection and GDPR requirements, by giving customers ownership of the keys used to encrypt and decrypt sensitive data stored in Slack. It also includes a range of new features to make the desktop experience faster and more secure.

In addition to this, Slack also unveiled added capabilities for third-party app integrations to offer quick connections between Slack and other popular enterprise software that customers may use to complete tasks and transfer information to colleagues as and when needed.

“There have never been more software applications than there are today to help people get every single task, in every single part of the workforce done. These tools have made individuals significantly more productive, but it’s not individuals that get work done - teams do,” she added. Some of these integrations include Asana, Zendesk, Atlassian and more.

Its most recent partner, Atlassian, was announced in July 2018 to provide a migration path to Slack for all customers. As part of the strategic partnership, Slack acquired the IP for Hipchat Cloud and Stride – formerly part of Atlassian – as an addition to its communication and collaboration offerings.

The vendor also announced its plans to support a variety of use cases for email integration.

According to Underwood, the future of the workplace means channels are providing a different way to work and more and more customers are making Slack an enterprise-wide deployment.

“Last year, we predicted that by 2025 channels would be the default way that work gets done, so email is the old way,” she said. “Channels are a foundation of how teams work together on Slack, channels are a fundamentally different way to work and they create transparency and greater alignment. They also increase access to communication which helps every individual on the team make better decisions."

Its recent acquisition of Astro, the email infrastructure firm, proves this. Astro, which was launched in 2015, uses machine learning to simplify management of email inboxes and scheduling. Its Astrobot was built to allow users to reply to emails directly from Slack.

The acquisition of Astro means Slack is driving an ease of communication between Slack and non-Slack users, providing a more seamless experience for customers requiring that integration with email.

“Our vision is to help make it easier and more seamless to bring conversations from email into Slack channels where they can be most productive and contribute to the archive being built,” she said.

Customer case study

UK digital challenger bank, Monzo is an example of a customer that has widely deployed Slack across the company.

Monzo is particularly fond of the email integration, which the company says has helped to cut down on email across teams.

Since joining the company early this year, Monzo’s chief technology officer Meri Williams tends to receive less than 30 internal emails a week, she told Computerworld UK.

Slack also enables constant communication across the engineering team, which for a banking and finance company, is extremely important.

The ability to ensure there is a consistent approach to Monzo's internal policy of “transparency by default,” as mentioned by Williams on stage, is incredibly useful for the company.

“You can also be very sure of who someone is when on Slack, whereas emails are easier to spoof and easier to attack," she said. "We quite frequently get people trying to pretend that they need a payment urgently, you often get that kind of thing, and so the idea that people can check with anybody on Slack is a nice measure,” she told us.

The IT support team also utilises a Slack bot to make security functions like changing passwords as fast and smooth a process as possible for employees.

“Some things, we would even follow up with something like a two-factor authentication for humans, so if someone asked on Slack for something sensitive like a new VPN key then the tech-ops team will take the request on Slack then verify in person or on the phone,” Williams added.