There’s a lot to love about Slack: channels, file sharing, link unfurling, search and more than 1,500 apps all under your control. It’s a great productivity and collaboration tool. But what about the security of all that data that’s being exchanged? To provide users of Slack with a powerful new security feature, the company has developed Enterprise Key Management (EKM). This security control can be purchased as an add-on to Slack Enterprise Grid. It augments Slack’s existing security features by giving you control over the encryption keys used to encrypt the files and messages within your company’s Slack workspace.
Slack chief security officer Geoff Belknap explains the advantages Slack EKM provides:
Slack already encrypts your data in transit and at rest. But Slack EKM basically adds an extra layer of protection so that customers—especially those in regulated industries—can share conversations, data and files on Slack, all while still meeting their own risk mitigation requirements.
There are a couple of things that make Slack EKM distinctive. First, by allowing customers to bring their own encryption keys (which are then managed in Amazon’s AWS KMS), customers have a lot more control and visibility over their most sensitive data.
But what actually makes the design of our system so unique is that, in the case of an incident let’s say, rather than revoking access to the entire product, admins can choose to revoke access in a very granular, highly targeted manner. That granular revocation ensures that teams continue working while admins suss out any risks.
“Unlike other solutions, ours isn’t all or nothing. You can revoke access in a very precise way if you need to,” Belknap continues.
This means that access to data can be revoked at certain times of day and in certain channels. There’s no need to shut down Slack completely—other non-blocked teams can continue to use Slack as they normally do. Work continues to flow without any disruption while the network remains secure.