Skip to main content
close search
site logo
Dive Brief

Slack enhances platform security amid rapid expansion and heightened risk

The enterprise messaging platform has faced increased customer concerns about security and privacy.

Published Aug. 31, 2022
David Jones's headshot
Reporter
A screen with the Slack logo on the trading floor of the New York Stock Exchange.
The logo for Slack is displayed on a trading post monitor at the New York Stock Exchange (NYSE), June 20, 2019 in New York City. Drew Angerer via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Slack, up against increased security and privacy risk as millions of workers shift to remote work, announced three updates designed to make the platform more secure, in a blog post released Tuesday. 
  • Slack will launch a no-code audit log capability for users in September to allow administrators to quickly review unusual events. The tool has only been available via API previously and will help companies without the ability to conduct continuous auditing or pay for security information and event management tools. 
  • Earlier this year, the company introduced multi-security assertion markup language (SAML) identity, which allows users to sign into Slack from up to 12 different identity providers. Another security upgrade, called session anomaly events, allows Slack to flag irregular events to corporate audit logs, such as session-switching networks or cloning fingerprints from a token.

Dive Insight:

The rapid transition to remote work during the pandemic was a boon for Slack adoption. In the new environment, where major companies are shifting to permanently hybrid environments, some workers split time between the workplace, a home office and working remotely on extended business trips. 

That shift in the primary office environment has led to major concerns about how companies can secure an expanded perimeter, while at the same time maintaining the privacy of customers, many of whom do almost all their work messaging via Slack. 

“Based on customer feedback and requests from companies like Okta and others, we’ve begun rolling out additional tools that address the security challenges brought on by this new kind of work,” said Kevin Clark, VP of security at Slack. 

Okta was part of Slack’s audit UI pilot and the companies have had ongoing conversations around anomaly events, according to a spokesperson for Slack.

“Defending against modern attacks requires active participation from all technology vendors and we must adopt a shared-fate mindset with our customers,” Eric Karlinsky, Okta’s group product manager on its Zero Trust team, said in the Slack announcement.

Earlier this month, Slack had to reset the passwords of 0.5% of its customers after a vulnerability called invite link allowed hashed passwords to be shared to other members. The vulnerability had been around for about five years. 

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell