- Slack, up against increased security and privacy risk as millions of workers shift to remote work, announced three updates designed to make the platform more secure, in a blog post released Tuesday.
- Slack will launch a no-code audit log capability for users in September to allow administrators to quickly review unusual events. The tool has only been available via API previously and will help companies without the ability to conduct continuous auditing or pay for security information and event management tools.
- Earlier this year, the company introduced multi-security assertion markup language (SAML) identity, which allows users to sign into Slack from up to 12 different identity providers. Another security upgrade, called session anomaly events, allows Slack to flag irregular events to corporate audit logs, such as session-switching networks or cloning fingerprints from a token.
The rapid transition to remote work during the pandemic was a boon for Slack adoption. In the new environment, where major companies are shifting to permanently hybrid environments, some workers split time between the workplace, a home office and working remotely on extended business trips.
That shift in the primary office environment has led to major concerns about how companies can secure an expanded perimeter, while at the same time maintaining the privacy of customers, many of whom do almost all their work messaging via Slack.
“Based on customer feedback and requests from companies like Okta and others, we’ve begun rolling out additional tools that address the security challenges brought on by this new kind of work,” said Kevin Clark, VP of security at Slack.
Okta was part of Slack’s audit UI pilot and the companies have had ongoing conversations around anomaly events, according to a spokesperson for Slack.
“Defending against modern attacks requires active participation from all technology vendors and we must adopt a shared-fate mindset with our customers,” Eric Karlinsky, Okta’s group product manager on its Zero Trust team, said in the Slack announcement.
Earlier this month, Slack had to reset the passwords of 0.5% of its customers after a vulnerability called invite link allowed hashed passwords to be shared to other members. The vulnerability had been around for about five years.