Slack talks up security with new encryption options, FedRAMP certification
Looking to show it can keep communication data secure and meet compliance demands, Slack unveiled several new updates
13 August 2020 | 0
As Slack works to entice large organisations to deploy its channel-based collaboration app, the company is touting a variety of security upgrades, including an expanded enterprise key management (EKM) system and stronger compliance capabilities.
Among the updates is the extension of EKM to give admins greater flexibility over the encryption of message data. Slack’s EKM, introduced in 2018 for Enterprise Grid customers, can now cover data sent by users accessing the Workflow Builder automation tool. The company also plans to expand EKM to messages sent in Slack Connect – the company’s recently announced platform for multi-company conversations – when it launches later this year.
Customers will also be able to choose which geographic region to store encryption keys, in line with Slack’s data residency capabilities. Key storage is available in Frankfurt, London, Paris, Sydney, Tokyo and, now, Montreal.
A new integration with data monitoring application Splunk allows audit logs to be grabbed from Enterprise Grid and pulled into a Splunk dashboard to more easily visualise data such as display logins, file actions and app installs. That can help security teams keep an eye on suspicious behaviour and track usage trends across an organisation.
“With this information, companies can improve service levels, reduce operational costs, mitigate risk, enhance DevOps collaboration, and identify opportunities to create new product and service offerings,” Slack said in a blog post.
The company also plans upcoming support for Microsoft’s Intune mobile application management platform to ensure that sensitive data can be deleted if an employee device goes missing. And it has added “information barriers” to block communications for compliance purposes, such as preventing discussions between traders and investment bankers at a financial institution.
“This level of granular control allows admins to meet rules and regulations without blocking organisation-wide collaboration,” Slack said.
The company also upgraded its FedRAMP authorisation to Moderate, the second of three levels for cloud service providers, expanding its potential within the public sector.
“Meeting these requirements can be a complex and lengthy process and should position Slack at a different level among a few select companies,” said Raul Castanon, senior analyst at 451 Research, S&P Global Market Intelligence. “This represents an important opportunity for the company and could have an impact beyond government agencies and contractors.”
Improved security and compliance capabilities have been a key focus for Slack in recent years, especially with the recent explosion in remote work.
“The new features recently announced show that Slack is steadily making progress, building up and enhancing data security controls in its platform over the past two years,” Castanon said. “The announcement is timely: nearly six months into the lockdown, organisations are looking at remote work as the ‘new normal.’”
A recent 451 Research survey indicated that the shift to remote work has shone a spotlight on security and collaboration. “These are among the top priorities for increased technology product/service spending,” said Castanon.
“The recent product updates in Slack align with these trends, closing several gaps that should allow the company to support remote workers, including those in organisations with strict compliance and security requirements as well as use cases involving remote collaboration.”
IDG News Service