Enhanced security measures are implemented on Slack's platform due to its rapid growth and increased security risks.
Slack, the popular communication platform, has announced three updates aimed at enhancing the security of its platform, as detailed in a blog post on Tuesday. The updates are designed to address the growing concerns of companies as they transition to permanently hybrid work environments.
Until recently, Slack's security tools were only accessible via API. However, the company is now making strides to make these tools more accessible, especially for companies without the resources for continuous auditing or expensive security information and event management tools.
One of the updates includes a no-code audit log capability for users, which is set to launch in September. This feature will empower companies to conduct audits without the need for extensive technical knowledge.
Another security upgrade is the introduction of session anomaly events. This feature allows Slack to flag irregular events, such as session-switching networks or cloning fingerprints from a token, to corporate audit logs.
The updates come in response to a vulnerability that was discovered earlier this year. Known as the invite link issue, it allowed hashed passwords to be shared among members, leading to Slack resetting the passwords of 0.5% of its customers earlier this month.
Slack has also been working closely with partners to improve its security. Okta, a leading identity and access management company, was part of Slack's audit UI pilot. Other companies involved in Slack's security updates include cybersecurity firms like CrowdStrike and Palo Alto Networks, as well as cloud service providers such as Microsoft and Amazon Web Services.
Eric Karlinsky, Okta's group product manager on its Zero Trust team, emphasised the importance of active participation from all technology vendors and a shared-fate mindset with customers in defending against modern attacks.
The rapid transition to remote work during the pandemic led to a boom in Slack adoption. In response to customer feedback and requests from companies like Okta, Slack is currently rolling out additional security tools. The new tool will allow administrators to quickly review unusual events, providing an extra layer of security in the expanded perimeter of hybrid work environments.
The updates are a significant step towards ensuring the privacy of customers who do almost all their work messaging via Slack, as companies navigate the challenges of securing an expanded perimeter in the new normal of hybrid work.
