New Slack Enterprise Key Management Has More Encryption Options

An add-on to Slack’s Enterprise Grid provides customers with the ability to use their own encryption keys, giving them greater control and visibility to their data.


Previewed at its Frontiers conference last September, Slack says Enterprise Key Management (EKM) is now available. EKM gives Slack’s Enterprise Grid customers better control over sensitive data in messages, files and comments.

Slack, best known for its messaging and collaboration features, said EKM will let large organizations connect and manage all of their Slack channels and give them control of the keys used to encrypt and decrypt their messages and files.

“Slack already encrypts your data in transit and at rest. But Slack EKM basically adds an extra layer of protection so that customers—especially those in regulated industries—can share conversations, data and files on Slack, all while still meeting their own risk mitigation requirements,” Slack’s Chief Security Officer Geoff Belknap said in a blog post.

Customers can choose to use their own encryption keys, which are then managed in Amazon’s AWS KMS (Key Management Service). Slack said the choice feature has unique advantages. For example, in the case of a security breach or what appears to be one, administrators can choose to revoke access “in a very granular, highly targeted manner” connected with the incident rather than more broadly.

“That granular revocation ensures that teams continue working while admins suss out any risks,” said Belknap.

That level of control appealed to one early Slack Enterprise Grid EKM customer, Victor Carpetto, the head of Enterprise Architecture & Global Infrastructure at video game company Take-Two Interactive Software.

“Slack's Enterprise Key Management solution offers unique capabilities that we have not seen in other products before. Specifically, we are able to surgically control access to data and relationships within the Slack ecosystem. This helps satisfy our security needs,” Carpetto said in a statement.

When it was previewed at Frontiers in September, Slack said it hoped to offer EKM by the end of 2018 or in 2019. Ilan Frank, head of enterprise product at Slack, said at the conference that adding EKM without slowing down Slack’s performance was challenging but promised to meet that goal by the product’s release. “EKM must give administrators full control of your keys and meet the security requirements of your organization,” said Frank. “Slack’s agility and speed can’t be negatively influenced. It’ll be the same Slack you know and love.”

Slack Gets a Unique Endorsement

One thing you don’t see very often is a security company endorsing a security feature from another company. But cloud security firm CrowdStrike said it was intrigued by EKM as soon as it was announced.

“With the introduction of Slack Enterprise Key Management as an added security feature, we immediately saw its value in giving us total control of our data and the assurance that we're protected in the event of a security threat in our supply chain," Colin Black, chief operating officer at CrowdStrike, said in a statement.

Since its launch in 2013, Slack has grown quickly from a tool favored by engineering departments and other technical users to a collaboration tool used more broadly in the enterprise even to the extent of pushing out or minimizing the use of legacy email and instant messaging.

In January, Slack reported the messaging platform is now used by more than 10 million users daily in over a hundred countries and in five different languages. The company estimated that there are more than 50 million Slack channels in use today with over 202 million messages posted in those channels every week.

Slack’s Enterprise Grid offering gives customers centralized controls and administrators a single point of visibility to manage Slack. It also integrates with other applications teams use at work. Administrators can control permissions and configure integrations on a per-workspace basis. Grid also gives administrators the ability to create shared channels between workspaces so it can be used for projects that involve multiple teams or departments.

David Needle

David Needle

Based in Silicon Valley, veteran technology reporter David Needle covers mobile, bi g data, and social media among other topics. He was formerly News Editor at Infoworld, Editor of Computer Currents...