Security Experts:

Connect with us

Hi, what are you looking for?



Slack Introduces Enterprise Key Management Tool

Slack on Monday announced the introduction of Enterprise Key Management, an Enterprise Grid add-on feature that gives customers complete control over their encryption keys.

Slack on Monday announced the introduction of Enterprise Key Management, an Enterprise Grid add-on feature that gives customers complete control over their encryption keys.

Slack does encrypt data for all organizations, both while it’s at rest and in transit. However, some organizations, particularly in regulated industries where data protection requirements are more stringent, may want to use their own encryption keys.

This helps them gain a better view of their data and provides granular control if certificates need to be revoked in case they become compromised.

First announced last year, the new feature uses Amazon’s AWS Key Management Service (KMS), which provides detailed activity logs for data access events.

“Unlike other solutions, ours isn’t all or nothing. You can revoke access in a very precise way if you need to,” Geoff Belknap, chief security officer at Slack, explained in a blog post. “Customers can decide to revoke access to data at certain times of day and in certain channels, for example. So if there’s a concern, you don’t have to just hit a button and shut down Slack completely, blocking all your different teams and departments from accessing the tool. Of course, you can make that decision, too, but the idea is that this solution makes securing your data much easier without restricting access to features that people rely on to do their day-to-day work.”

CrowdStrike and other companies have already tested Slack Enterprise Key Management.

In January, on the company’s 5th anniversary, Slack announced that it had over 85,000 paying customers and a total of more than 10 million daily active users across over 150 countries.

The platform has been increasingly targeted by both security researchers looking to find vulnerabilities and, more recently, cybercriminals who have found ways to abuse it to disguise their malware’s command and control (C&C) communications.

Related: Slack Releases Open Source Secure Development Lifecycle Tool

Related: Slack Flaw Allowed Hackers to Hijack Any Account

Related: Slack Tokens Leaked on GitHub Put Companies at Risk

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...