Slack plots ‘enterprise-grade’ security updates for Slack Connect


Bobby Hellard

8 Oct, 2020

Slack announced a number of security updates for its external chat service Slack Connect during its virtual Slack Frontiers conference this week. 

A new verification feature and a firewall-protected app builder are among the new security updates. Slack also revealed some insights into the company’s future plans with ‘sneak peaks’ at prototypes currently in development. 

The company has been building its email alternative, ‘Slack Connect’, for months, with the service first announced in June. It’s designed to let businesses of all sizes to connect and collaborate with partners, suppliers or other companies in the same way they would internally.

Bringing the outside in can obviously create security risk, but Slack says it builds everything with ‘enterprise-grade security in mind’. As such, organisations will need to be verified and Slack will denote this with a new checkmark feature.

What’s more, verified companies will also be able to Slack users from other organisations directly. ‘Slack Connect Direct Messages’ offers secure direct messaging with just a private invite link sent between a trusted partner, customer or vendor. 

“A channel happens when there is already a project in place, but when you’re just starting out your relationship with a customer or someone you’re about to sell to, or someone you’ve just met at a conference, a DM is much more appropriate,” Ilan Frank, Slack’s VP of product told IT Pro

“So this will allow you, in a really lightweight fashion, connect with anyone else that is using Slack.”

For all those that want to build apps on Slack, the firm has launched a secure process that works behind a company’s firewall. ‘Socet Mode’ lets developers securely receive events and interactions from users behind their organisation’s firewall through a WebSockets connection. This means that internal developers can use the full suite of functionality that comes with Slack’s APIs, including building rich interactive apps, without exposing public HTTP endpoints.

Slack said these security features will roll out in “early 2021”, along with the ability for admins to pre-approve channel requests with trusted organisations. 

There was also a surprising feature which Slack revealed. The firm is currently working on a ‘Stories-style’ function – similar to what you might find on Instagram. The company is calling it ‘Asynchronous video updates’ but the name may change as it’s the feature is no more a prototype at the moment. 

Similarly, the firm is also looking into further audio-based features, including instant audio-only meetings.