Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Slack Unveils New Enterprise Security Tools

Slack on Tuesday unveiled several new security tools designed to provide administrators of its Enterprise Grid product better control over who can use the platform and how they do it.

Slack on Tuesday unveiled several new security tools designed to provide administrators of its Enterprise Grid product better control over who can use the platform and how they do it.

Some of the new features focus on providing control over which users and which devices can access Slack. Administrators can enable an additional layer of authentication for the Slack mobile app, requiring users to authenticate via Face ID, Touch ID or one-time passwords after they log in.

In the next weeks, new session management tools will allow admins to remotely wipe mobile or desktop Slack sessions for a specified user in case their device is lost.

New enterprise security tools launched by Slack

Later this year, Slack will introduce new session management controls to the administrator dashboard to allow admins to define the maximum number of devices a user can be logged into at one time. The company also plans on adding features for detecting if a device is jailbroken (i.e. less secure) and blocking access, and for forcing application updates.

Slack has also introduced some controls focusing on how the platform can be used, particularly when it comes to accessing and sharing data. New domain whitelisting tools, which are already available, allow admins to specify which workspaces can be accessed within an enterprise network, preventing employees from accessing workspaces where they are not supposed to share sensitive information.

Other newly available features enable administrators to restrict file downloads and copying messages on mobile devices. Slack says one of its banking customers has used this to ensure that employees are not able to view or share confidential information outside the office.

Early next year, Slack plans on rolling out similar download restriction capabilities for desktop computers that connect from IP addresses that have not been approved by the organization.

In addition, later this year, Slack hopes to introduce default browser controls that will allow admins to require all links from Slack to open in a specified web browser that is managed within a mobile application management container.

Last month, Slack reset the passwords for accounts that users have not secured after the data breach suffered by the company in 2015.

Related: Slack Introduces Enterprise Key Management Tool

Related: Slack Lists Cybersecurity Risks Ahead of Going Public

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...