Connect with us

Hi, what are you looking for?


Data Protection

Slack Unveils New Enterprise Security Tools

Slack on Tuesday unveiled several new security tools designed to provide administrators of its Enterprise Grid product better control over who can use the platform and how they do it.

Slack on Tuesday unveiled several new security tools designed to provide administrators of its Enterprise Grid product better control over who can use the platform and how they do it.

Some of the new features focus on providing control over which users and which devices can access Slack. Administrators can enable an additional layer of authentication for the Slack mobile app, requiring users to authenticate via Face ID, Touch ID or one-time passwords after they log in.

In the next weeks, new session management tools will allow admins to remotely wipe mobile or desktop Slack sessions for a specified user in case their device is lost.

New enterprise security tools launched by Slack

Later this year, Slack will introduce new session management controls to the administrator dashboard to allow admins to define the maximum number of devices a user can be logged into at one time. The company also plans on adding features for detecting if a device is jailbroken (i.e. less secure) and blocking access, and for forcing application updates.

Slack has also introduced some controls focusing on how the platform can be used, particularly when it comes to accessing and sharing data. New domain whitelisting tools, which are already available, allow admins to specify which workspaces can be accessed within an enterprise network, preventing employees from accessing workspaces where they are not supposed to share sensitive information.

Other newly available features enable administrators to restrict file downloads and copying messages on mobile devices. Slack says one of its banking customers has used this to ensure that employees are not able to view or share confidential information outside the office.

Early next year, Slack plans on rolling out similar download restriction capabilities for desktop computers that connect from IP addresses that have not been approved by the organization.

In addition, later this year, Slack hopes to introduce default browser controls that will allow admins to require all links from Slack to open in a specified web browser that is managed within a mobile application management container.

Advertisement. Scroll to continue reading.

Last month, Slack reset the passwords for accounts that users have not secured after the data breach suffered by the company in 2015.

Related: Slack Introduces Enterprise Key Management Tool

Related: Slack Lists Cybersecurity Risks Ahead of Going Public

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...