Security Experts:

Slack Unveils New Enterprise Security Tools

Slack on Tuesday unveiled several new security tools designed to provide administrators of its Enterprise Grid product better control over who can use the platform and how they do it.

Some of the new features focus on providing control over which users and which devices can access Slack. Administrators can enable an additional layer of authentication for the Slack mobile app, requiring users to authenticate via Face ID, Touch ID or one-time passwords after they log in.

In the next weeks, new session management tools will allow admins to remotely wipe mobile or desktop Slack sessions for a specified user in case their device is lost.

New enterprise security tools launched by Slack

Later this year, Slack will introduce new session management controls to the administrator dashboard to allow admins to define the maximum number of devices a user can be logged into at one time. The company also plans on adding features for detecting if a device is jailbroken (i.e. less secure) and blocking access, and for forcing application updates.

Slack has also introduced some controls focusing on how the platform can be used, particularly when it comes to accessing and sharing data. New domain whitelisting tools, which are already available, allow admins to specify which workspaces can be accessed within an enterprise network, preventing employees from accessing workspaces where they are not supposed to share sensitive information.

Other newly available features enable administrators to restrict file downloads and copying messages on mobile devices. Slack says one of its banking customers has used this to ensure that employees are not able to view or share confidential information outside the office.

Early next year, Slack plans on rolling out similar download restriction capabilities for desktop computers that connect from IP addresses that have not been approved by the organization.

In addition, later this year, Slack hopes to introduce default browser controls that will allow admins to require all links from Slack to open in a specified web browser that is managed within a mobile application management container.

Last month, Slack reset the passwords for accounts that users have not secured after the data breach suffered by the company in 2015.

Related: Slack Introduces Enterprise Key Management Tool

Related: Slack Lists Cybersecurity Risks Ahead of Going Public

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.