Previewed at Frontiers in 2018, and eagerly awaited by IT admins and security officers, Slack has officially launched Enterprise Key Management (EKM).
What is EKM?
EKM is a security control that can be purchased as a bolt-on to Slack Enterprise Grid. It augments Slack’s existing security features by giving customers control over the encryption keys used to encrypt the files and messages within their Slack workspace. “Bring your own encryption” if you have had enough of the BYOx phenomena.
Slack has suggested EKM will provide on-premises level security controls to a cloud app. Former Chief Product Officer, April Underwood, unveiled EKM at the Frontiers conference with the comment of “EKM provides all of the security of an on-premise solution, with all the benefits of a cloud tool.”
I’ll let you decide whether that’s a good thing or a bad thing yourself. Whilst the stigma associated with cloud security remains ever present in business, it could be a turn off for cloud-first organisations. Nevertheless, EKM is a welcomed addition to the Slack portfolio.
EKM can be procured as a standalone product and in both on-premises and cloud deployments. Typical players in this space include the following:
- Amazon Web Services, Inc.
- CA Technologies, Inc.
- Dyadic Security
- Gemalto NV
- Google Inc.
- Hewlett Packard Enterprise
- IBM Corporation
- Oracle Corporation
- Quantum Corporation
- RSA Information Security
- Dell EMC.
- E-Security, Inc.
- Townsend Security
- Venafi
- Winmagic, Inc.
Slack has opted for Amazon Web Services’ EKM offering to power their solution.
What does this mean for Slack users?
Nothing changes for the day to day user of Slack. No addition module or anything to install. With EKM, Slack is the same Slack you know today. Channels, file sharing, search and over 1,500 apps at your disposal.
April Underwood suggested ““It is the same Slack but what it offers administrators is the ability to turn off access to data at any point. You can also turn it off for very specific data sets, channels and timeframes”.
Access can be revoked to certain messages but ultimately Slack is making your messaging experience safer. Slack already encrypts data in transit and at rest. It’s not quite full end to end encryption but it’s the next best thing in Slack’s eyes.
Geoff Belknap, Chief Security Officer at Slack, highlights the revoking functionality as unique.
“Rather than revoking access to the entire product, admins can choose to revoke access in a very granular, highly targeted manner. That granular revocation ensures that teams continue working while admins suss out any risks”
What does this mean for Slack admins?
Initial indications suggested EKM was expected to offer core protection of sensitive data in response to data protection and GDPR requirements. Supposedly, a range of new features to make the desktop experience faster and more secure were due to be enveloped in the feature release.
Slack Enterprise Grid customers now have access to, and ownership of, keys to encrypt and decrypt sensitive data stored in Slack including messages, files and comments.
Slack highlighted three key benefits for Slack and security admins:
- Visibility: EKM can provide admins with detailed logs of all the messages and files that are decrypted, offering greater visibility into how your data is being used.
- Control: With EKM, admins can granularly revoke key access to specific messages, channels or users, enabling teams to continue working in Slack while access to specific information is removed or changed.
- Assurance: Your content, including messages, files and comments will be encrypted using your key, thereby restricting access to your data to only those you authorise and no one else.
Geoff Belknap previews what to expect from Slack EKM in this quick video.
Who’s using EKM?
Cloud technology company Crowdstrike was one of the beta customers of Slack’s EKM. Colin Black, Chief Operating Officer at CrowdStrike, commented:
“Our mission at CrowdStrike is to stop security breaches. We talk to organizations every day about their security challenges and take our responsibility to protect their brand, data, and people very seriously. With the introduction of Slack Enterprise Key Management as an added security feature, we immediately saw its value in giving us total control of our data and the assurance that we’re protected in the event of a security threat in our supply chain”.
Monzo, a UK challenger bank, also trialed the BETA version of EKM. Monzo has been a flagship case study for Slack in the UK. Chief Technology Officer, Meri Williams, has publicly commented that she tends to receive less than 30 internal emails per week, thanks to Slack.
When it comes to banking, security is paramount. Recent reports of cyber attacks in the banking sector includes a central bank in Bangladesh suffering a $100m loss and a central bank in Russia reporting a $31m loss. Despite Slack providing just the internal communications at Monzo, as a challenger bank, each part of the communications process must be impenetrable. The introduction of EKM only furthers Monzo’s stance as the next generation of secure banking.
What next for Slack?
In terms of security, Slack highlighted some further steps to remain secure in Slack:
- Always know who you’re inviting to your Slack workspace
- Make smart decisions about which apps you use and who has permission to add them
- Always review your Audit Logs API so that you can look out for any inappropriate behaviours
Outside of security, all the talk surrounding Slack is with regards to their public listing. Rather than opting for a traditional IPO, Slack is offering their business up to the public. Speculation around a prospective buyer points to each possible angle. From the comms and collaboration industry, both Salesforce and Amazon have been suggested. Perhaps the Amazon Web Services EKM solution is a sign of things to come – but only perhaps.
