itb-au logo
Story image

Slack doubles down on enterprise key management

20 Mar 2019

Slack is offering customers who use its Slack Enterprise Grid an addon that strengthens customer control of encryption keys used to secure files and messages within the Slack workspace.

Slack Enterprise Key Management (EKM) was initially previewed at Slack’s Frontiers conference in 2018, and now it is generally available to all Enterprise Grid customers.  

EKM augments Slack’s existing security features by giving users control of encryption keys, and also provides the security controls of an on-premise tool with the benefits of a cloud tool.

Slack’s chief security officer Geoff Belknap explains more about the tool in a blog. In it he states that EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.

Users bring their own encryption keys to EKM. Those keys are then managed in Amazon’s AWS KMS.

He stresses that users are full control of their encryption keys and when those keys are revoked. What’s more, admins can also revoke access to data or certain channels when necessary.

“Apart from being able to control access very granularly, you can also see how your data is being used.

"Detailed activity logs in Amazon’s AWS KMS tell you exactly when and where your data is being accessed.”

Belknap adds that the idea behind the solution is simply about security data easier without restricting access to features that people rely on to do their work.

“So if there’s a concern, you don’t have to just hit a button and shut down Slack completely, blocking all your different teams and departments from accessing the tool.”

He also says it’s important to remember security basics.

  • Always know who you’re inviting to your Slack workspace
     
  • Make smart decisions about which apps you use and who has permission to add them
     
  • Always review your access logs so that you can look out for any inappropriate behaviors. For example, Slack will notify you if one of your API keys has been exposed. Slack will also tell you when your users log in from new IP addresses. Use that information to protect your users and make good decisions about security."

Slack already encrypts all data in transit and at rest.

Link image
You’re invited: The secrets to workplace happiness in the post-pandemic world
It has been a rough year for workplace wellbeing, with disruption and health concerns worrying every employee. Join Poly’s A/NZ Kickstart 2021 on 10 December from 11am AEDT, where special guest Dr Justin Coulson will share secrets to workplace happiness in the post-pandemic world. Register now.More
Story image
Is the 'fast follower' mentality holding back anti-money laundering in Australia?
The decade-old rules-based systems cannot keep up with sophisticated cyberattacks and money laundering threats on their own, writes FICO financial crimes leader for APAC Timothy Choon.More
Story image
IDC names ESET a Major Player second year running
“ESET is strong in the areas of threat research, especially around Android malware identification and behavior detection.”More
Story image
Telstra Purple acquires services provider Epicon
Epicon was an Australian-owned company with more than 100 technical specialists and operations in ACT, VIC, NSW and QLD. More
Link image
Modernising cloud for the financial services industry
Investing in a cloud-enabled digital future is no longer an option, it's a core business need — especially for financial services. Here's how to achieve sustained success in highly regulated environments.More
Story image
AppsFlyer opens Sydney office, expands into A/NZ region
AppsFlyer has opened an office in Sydney, it’s 19th office worldwide and its first in Australia and New Zealand (A/NZ), marking the company’s expansion into the region.More