Slack on Monday announced the introduction of Enterprise Key Management, an Enterprise Grid add-on feature that gives customers complete control over their encryption keys.
Slack does encrypt data for all organizations, both while it’s at rest and in transit. However, some organizations, particularly in regulated industries where data protection requirements are more stringent, may want to use their own encryption keys.
This helps them gain a better view of their data and provides granular control if certificates need to be revoked in case they become compromised.
First announced last year, the new feature uses Amazon’s AWS Key Management Service (KMS), which provides detailed activity logs for data access events.
“Unlike other solutions, ours isn’t all or nothing. You can revoke access in a very precise way if you need to,” Geoff Belknap, chief security officer at Slack, explained in a blog post. “Customers can decide to revoke access to data at certain times of day and in certain channels, for example. So if there’s a concern, you don’t have to just hit a button and shut down Slack completely, blocking all your different teams and departments from accessing the tool. Of course, you can make that decision, too, but the idea is that this solution makes securing your data much easier without restricting access to features that people rely on to do their day-to-day work.”
CrowdStrike and other companies have already tested Slack Enterprise Key Management.
In January, on the company’s 5th anniversary, Slack announced that it had over 85,000 paying customers and a total of more than 10 million daily active users across over 150 countries.
The platform has been increasingly targeted by both security researchers looking to find vulnerabilities and, more recently, cybercriminals who have found ways to abuse it to disguise their malware’s command and control (C&C) communications.
Related: Slack Releases Open Source Secure Development Lifecycle Tool
Related: Slack Flaw Allowed Hackers to Hijack Any Account
Related: Slack Tokens Leaked on GitHub Put Companies at Risk