Slack Improves Security For Businesses To Take On Microsoft Teams But Holds Out On End-To-End Encryption

Slack and Microsoft Teams have been competing intensely over the growing segment of business and enterprise communication. While Teams appears to have taken a slight lead, Slack has just infused several key security features into the popular instant communication and business collaboration software. Interestingly, the majority of the features that Slack has recently added appear to be focused on systems and communication administrators instead of the actual people or end-users of Slack. The new Slack features are being clubbed into and accessible from the soon to be deployed administrative dashboard.

Slack has significantly boosted the security and administrative control of the multi-faceted and widely-used communication platform. It is quite apparent that the platform is keenly interested in entering deeper into the world of enterprise communication. Hence to infuse layers of additional security measures, the company added the encryption key management feature that was released last year. Continuing the need to push added security, accountability, and confidentiality to business communication, Slack has overhauled its security strategy. Accordingly, it has added several new features that grant more granular controls to system administrators who are responsible for ensuring secure communication and preventing data leaks. Moreover, the new features also improve accountability as well as the ability to remotely secure or erase data.

Slack Boosts Communication Security, Confidentiality And Remote Administrative Controls:

In an attempt to meet and perhaps exceed the minimum level of security that enterprises, and more specifically regulated industries, need from their secure communications platforms, Slack has infused the new features. However, the viable alternative to Microsoft Teams hasn’t yet added End-To-End Encryption. Interestingly, the feature is common even in communication apps like WhatsApp and Instagram, and these aren’t recommended platforms for businesses that need confidentiality and information regulation.

Interestingly, it appears Slack may not infuse End-To-End Encryption, at least in the foreseeable future. Slack not only insists the feature would hinder or adversely affect user experience but also claimed that customers haven’t been demanding the same. Justifying the omission of the feature, Slack’s spokesperson noted, “If we were to add E2E encryption, it would result in limited functionality in Slack. With EKM (Encryption Key Management), you gain cryptographic controls, providing visibility and opportunity for key revocation with granularity, control, and no sacrifice to user experience.”

The statement makes it amply clear that Slack is focused on improving the scrutiny and monitoring of business communication. However, in addition to enhanced control over communication and collaboration, Slack has ensured there’s more accountability on the system and communications administrators of the enterprises that use Slack. Admins maintaining the communications platform must authenticate themselves using Touch ID, Face ID or they can enter a passcode on a mobile device.

Slack admins can now remotely wipe out chat history and other content if the user reports their devices as stolen or lost. Incidentally, this feature was previously available but had to be enabled through an API.

Slack Offers Administrative Dashboard For Admin-Level Security-Related Settings:

Slack will soon deploy an Administrative Dashboard, wherein administrators can control or set several security settings for users. The dashboard is currently in the last stages of deployment, but it contains several features that make admins very powerful. Some of the upcoming features in the Slack’s Administrative Dashboard are as follows:

Remote Access Restriction: Slack admins could soon be able to detect if users are running the app on jailbroken iPhone. They can even restrict access to the app on such a compromised device. It is quite likely that the admins would send out a notification cautioning users about the use of such devices before revoking access.

Forced Upgrades: Admins will soon be able to indirectly override the restrictions users place on updating of apps. Simply put, admins would be able to force upgrade the version of Slack. The platform has an interesting method to coerce users to update. Admins wouldn’t allow users to access Slack until the person downloads the latest version.

Block Content: Admins will soon be able to block files downloaded from Slack desktop. Incidentally, the restriction is dependent on the IP address. In other words, users would be able to download files only from a list of pre-approved IP addresses. Users won’t be able to download files from unknown or unapproved IP addresses.

Lock Default Apps: Slack admins could soon force file links to open in an approved browser. This setting is valid for the Slack app on mobile devices.

Slack is quite versatile and surprisingly flexible. Moreover, it can integrate well within other enterprise software ecosystems. However, businesses feel secure when they have better scrutiny and control on how their data and communications take place across devices. These features are specifically tailored to address these concerns.

Alap Naik Desai
A B.Tech Plastics (UDCT) and a Windows enthusiast. Optimizing the OS, exploring software, searching and deploying solutions to strange and weird issues is Alap's main interest.