View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
March 18, 2019

Slack Says You Can Now “Bring Your Own” Encryption Key

Admins can revoke key access to specific messages, channels or users

By CBR Staff Writer

Slack security has been given a notable upgrade with the launch today of a new encryption management dashboard that provides more granular security permissions for an admin. It can be purchased as an add-on for business users.

The Enterprise Key Management (EKM) service allows customers to “bring your own” encryption keys (albeit keys have to be hosted on AWS’ Key Management Service, which provides its own Hardware Security Modules).

Slack described the offering as allowing admins detailed logs of all the messages and files and ability to “granularly” revoke key access to specific messages, channels or users, for more bespoke security environments.

It’s aimed at Slack Enterprise Grid customers. Slack Enterprise Grid is the company’s offering for major corporate customers (users include IBM, Oracle, Capital One and Target, Slack says). It comprises “unlimited” work spaces with a centralised admin control panel, with add-ons like EKM.

Slack security Slack Security Offering: More Control

Geoff Belknap, Slack’s chief security officer said: “Slack already encrypts your data in transit and at rest. But Slack EKM basically adds an extra layer of protection so that customers—especially those in regulated industries—can share conversations, data and files on Slack, all while still meeting their own risk mitigation requirements.”

He added: “There are a couple of things that make Slack EKM distinctive. First, by allowing customers to bring their own encryption keys (which are then managed in Amazon’s AWS KMS), customers have a lot more control and visibility over their most sensitive data. But what actually makes the design of our system so unique is that, in the case of an incident let’s say, rather than revoking access to the entire product, admins can choose to revoke access in a very granular, highly targeted manner. That granular revocation ensures that teams continue working while admins suss out any risks.”

Read this: What You Need to Know About “Messaging Layer Security” and Why You Should Care

(While AWS uses FIPS 140-2-validated HSMs, not all customers will appreciate being limited to that services: many financial services companies in the UK, for example, remain highly sceptical of cloud-based security offerings and are keen to retain direct access to their HSMs in their own data centres.)

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Cloud technology company Crowdstrike was one of the beta customers of Slack’s EKM. Colin Black, Chief Operating Officer at CrowdStrike, commented in a release: “We immediately saw its [Slack’s EKM] value in giving us total control of our data and the assurance that we’re protected in the event of a security threat in our supply chain.”

Slack’s security whitepaper shows that it supports TLS 1.2 protocols, AES256 encryption, and SHA2 signatures, whenever supported by the clients. It runs a Hackerone Bug Bounty scheme and says it secures its own encryption keys in a “secure server on a segregated network with very limited access.”

Launch Comes Ahead of Listing

The product release comes a month after Slack announced that it was preparing to go public. Unusually, the company – which boasts over 10 million daily active users – is bypassing the usual method of going public (an IPO) in favour of a direct listing.

This allows the company’s shareholders, such as early investors or employees, to begin selling their stock on the exchange with public investors buying stock directly from these insiders, rather than investment bank middlemen.

See also: GDPR Encryption Clause: Is This the “Get Out of Jail Free” Card?


Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.