Slack rolls out enterprise key management, but has no plans for end-to-end encryption
Credit to Author: Matthew Finnegan| Date: Mon, 18 Mar 2019 09:28:00 -0700
Slack has given large business customers control over the keys used to encrypt and decrypt data created in its team collaboration application.
The enterprise key management (EKM) feature was initially unveiled at the company’s Frontiers event in San Francisco in September, ahead of a closed pilot project; it is now available to all customers of Enterprise Grid, which is targeted at company-wide deployments at large organizations.
EKM allows businesses to better secure sensitive stored data, including messages, files and comments. The feature has been been “one of the most requested features in the enterprise and is opening up the doors for new industries for us like banking and professional services,” said Ilan Frank, head of enterprise product at Slack.
The addition of EKM should help Slack appeal to prospective Enterprise Grid customers, said Irwin Lazar, vice president and service director at Nemertes Research. Two years after its launch, Enterprise Grid is now used by 150 businesses, including Capital One and 21st Century Fox.
“Enterprise key management is important, especially for large businesses in regulated industries,” said Lazar. “Absent the ability to manage one’s own keys, an organization has no way of assuring control of its data. I do believe this will help Slack in its efforts to sell Enterprise Grid to its larger customers.”
Slack is not the only team collaboration software vendor to provide customers with encryption/decryption keys: Cisco, Symphony and ArmorText also offer this capability. With Slack’s EKM, IT admins can revoke access to data within a particular Slack channel, for example, rather than disrupting all users on the entire platform, said Frank.
“The purpose of having EKM is to have control over when you are able to revoke a key and sever access to your data,” he said. “We wanted to make sure that you can do that in good conscience and with granularity.”
Slack already encrypts all of its customer data in transit and at rest – EKM is an additional feature for Enterprise Grid users. EKM may come to other business subscription tiers in the future, too, though there are no plans to do so at the moment.
Slack also does not plan to add end-to-end encryption capabilities to its software – something rival apps such as Cisco Webex Teams and Symphony already provide.
Frank said Slack has considered adding end-to-end encryption, but stressed it would result in a trade-off in functionality.
“There are many, many limitations,” he said. “We figured we could do it that way, but then what we would be doing is making Slack into just a chat tool, similar to iMessage or WhatsApp, and that is not what our customers are asking for.
“In our conversations with customers and with prospects, nearly every single one has agreed that this [EKM] is the direction that they would prefer us to take, and that they would really much rather have the control over the keys with the combination of Slack continue to be Slack,” Frank said.
Lazar said end-to-end encryption would likely appeal to some customers, but noted the restrictions such a move would pose.
“Outside of some regulated industries, we haven’t seen that as being a critical need, but it does offer an added ability to protect data in the cloud,” said Lazar. “The challenge with end-to-end encryption is that it can limit the functionality of search in that a search function is unable to compile encrypted data. It also limits third-party application integrations.”
For many businesses outside of highly regulated industries such as banking and defense, end-to-end encryption is not currently seen as a “must-have.”
“It’s worth noting that right now our data shows that the most widely adopted team collaboration app is Microsoft Teams, which offers neither end-to-end encryption or customer-held keys,” he said.