Slack makes some key security enhancements
As Slack makes its way deeper into the enterprise, it needs to layer on more sophisticated security measures like the encryption key management feature it released last year. Today, the company published a blog post outlining its latest security strategy, and while it still doesn’t include end-to-end encryption of Slack messaging, it is a big step forward.
For many companies, there is a minimum level of security they will require before they use a tool like Slack company-wide, and this is particularly true for regulated industries. Slack is trying to answer some of these concerns with today’s post.
As for end-to-end (E2E) encryption, Slack believes it would adversely affect the user experience and says there hasn’t been a lot of customer demand for it so far. “If we were to add E2E encryption, it would result in limited functionality in Slack. With EKM (encryption key management), you gain cryptographic controls, providing visibility and opportunity for key revocation with granularity, control and no sacrifice to user experience,” a Slack spokesperson told TechCrunch.
Today, the company provides the ability for admins to require Touch ID or Face ID or to enter a passcode on a mobile device. In addition, if a user reports a device stolen, admins can wipe Slack conversations remotely, although this is currently only available through an API.
What they have coming soon is a new administrative dashboard, where admins can manage all of this kind of security in a single place. They will even be able to detect if a person is using a jail-broken phone and shut down access to the phone. In addition, they will be able to force upgrades to the latest version of Slack by not allowing access until the person downloads the latest version.
Later this year, admins will be able to block files downloaded from Slack desktop that come from outside of a set of pre-approved IP addresses. And on the mobile side, they will be able to force file links to open in an approved browser.
All of these features are designed to make administrators feel more comfortable using Slack in a secure and reliable way. One of Slack’s big strengths is its ability to integrate with other pieces of the enterprise software ecosystem, but companies still want control over what files are shared and how they open across devices. These new tools go a long way toward easing those types of concerns.
Slack hands over control of encryption keys to regulated customers