Slack Comes Up Short With Its New Security Announcements

In Collaboration, Technology by Daniel NewmanLeave a Comment


As Slack  makes its way deeper into the enterprise, it needs to layer on more sophisticated security measures like the encryption key management feature it released last year. Today, the company published a blog post outlining its latest security strategy, and while it still doesn’t include end-to-end encryption of Slack messaging, it is a step forward.

What it does include is a new administrative panel that can detect and shut down use on jail broken phones as well as force upgrades to remote users/devices. The other big feature is the ability to block downloads from devices outside of an approved list of IP addresses; this update is set to come later this year.

Read the story from Tech Crunch.

Analyst Take: The new security announcements from slack are a good evolution in the company’s efforts to become a more secure and robust solution that enterprises can count on. Slack has long faced scrutiny from many analysts, including myself for their sometimes lax attitude about security, which has been validated by a few significant vulnerabilities. 

I’m happy to see more controls being developed for admin’s to be able to remotely deal with rogue users, devices and downloads that could pose a threat to unexpected users. However, I still feel the reluctance to offer end-to-end (E2E) message encryption to handle sensitive content being transferred, it feels like there is a weak point in the solution; one that competitors like Cisco Webex and Microsoft Teams have addressed. This feature has also made WhatsApp a popular communication tool between enterprise executives as well as organization to organization communication sought to be treated with E2E.

Just consider that for a moment, a solution that is owned by Facebook is seen as a better option for secure communications than Slack. 

Now, Slack leadership claimed once again around these announcements that the company just isn’t seeing that much demand for E2E and that is why they have continued to steer from offering it. I tend to think it has more to do with trying to be “Enterprise Friendly” that the company has steered away. Key encryption, which is a security measure the company is offering, allows encryption, but does less to guarantee that unintended recipients can’t gain access to data; especially through malicious attacks that could gain access to stored archives of Slack conversation. 

From my perspective, Slack could benefit greatly by offering an E2E option that users could set up; especially for 1:1 conversations. A good example lives in media where a source and a journalist are communicating. Another may be an executive communicating with HR over some type of harassment matter. As of now, ensuring security and limited visibility between two persons is more difficult without E2E. And Slack could make it work without every conversation utilizing it; as well as limiting or blocking it from being used in groups or certain groups. 

While I stand by my comments that I believe Slack is doing better, I also believe that Slack is being somewhat naive to think that users don’t want E2E. Sure, IT may want all the files, but by not offering it you don’t eliminate private conversations, it just opens the organization and its employees to using WhatsApp or other 3rd party apps instead. Which defeats the whole purpose of it not being offered in the first place. 

More Analysis from Futurum Research:

Cisco’s Marketing Velocity: New Capabilities Ready Partners for Digital Marketing Breakthroughs

MSRC issues alert about widespread Corporate IoT vulnerability

IBM Deepens Its Commitment To Blockchain As Part of New Supply Chain Partnership


The original version of this article was first published on Futurum Research.

Daniel Newman is the Principal Analyst of Futurum Research and the CEO of Broadsuite Media Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise. From Big Data to IoT to Cloud Computing, Newman makes the connections between business, people and tech that are required for companies to benefit most from their technology projects, which leads to his ideas regularly being cited in CIO.Com, CIO Review and hundreds of other sites across the world. A 5x Best Selling Author including his most recent “Building Dragons: Digital Transformation in the Experience Economy,” Daniel is also a Forbes, Entrepreneur and Huffington Post Contributor. MBA and Graduate Adjunct Professor, Daniel Newman is a Chicago Native and his speaking takes him around the world each year as he shares his vision of the role technology will play in our future.

Leave a Comment