Slack unveils new admin security controls

Bobby Hellard

7 Aug, 2019

Slack has introduced a slew of security features to give IT admins more control over which employees use can use the service and how.

These new features will help to implement limits on users and devices, including blocking both from accessing their company’s Slack account if they’re deemed to be suspicious or unsecured. 

The changes follow on from the company’s Enterprise Grid service, which was launched last year and promised more user efficiency and tighter security.

“Without proper controls in place, mobile applications can open your employees up to new security risks,” Slack wrote in a blog post. “To alleviate that, we’re rolling out new functionality to ensure that only the right people and approved devices can access your company’s information in Slack.”

To start, Slack is introducing new secondary authentication controls, allowing admins to implement additional layers of security in the form of Face ID, Touch ID, or generated passcodes. This also comes with a time limit function, after which users have to re-authenticate. There are also session management tools to remotely wipe a user’s mobile or desktop session in the event their device is lost or stolen.

Alongside these, Slack also unveiled data sharing protections. New domain whitelisting tools will be available for admins to control which workspaces can be accessed by its employees. Slack said this not only shores up sensitive company information, but it will also help teams focus on their immediate workloads. Another related feature  blocks users from downloading company information to an unmanaged device.

This is just the beginning, according to Slack. Session management controls will soon be added to the admin dashboards, which will allow them to define the maximum number of devices a single employee can be logged into at one time. What’s more, the company is working on a feature where admins can detect if a device has been jailbroken and then block its access to the app.

Slack said these new features are designed for IT professionals “who want to modernise and improve how their organisations work while maintaining compliance with their industry”.

For Jake Moore, cyber security specialist at ESET, it shows that security is slowly becoming important to the normal user, delivering what the people want rather than what the industry thinks the consumer needs.

“With Slack making great steps forward, adding more prominent security functions, it will hopefully make people more aware of the importance of authentication and other protection techniques,” he said. “It might even push other manufacturers into rolling out similar features as default.”