Slack will soon give businesses an additional level of security by letting them manage their encryption keys. The feature will appeal to a small number of large organizations for now, but it could help the startup expand its footprint in the enterprise market.
Slack already encrypts the messages and files that flow through its premium platform for large businesses, called Enterprise Grid. Now, the vendor plans to give customers control of the keys that unlock that encryption.
“Enterprise key management is another significant step that Slack needs to take to meet increasing security demands — and according to their promise, without hurting speed or usability, [which are] common side effects of EKM,” said Wayne Kurtzman, analyst at IDC.
Slack touted the forthcoming feature as providing “all the security of an on-premises solution, with all the benefits of a cloud tool.” But the vendor clarified that the keys will be created and stored in Amazon’s public cloud.
“In the future, we may expand this offering to support an on-prem or private cloud [hardware security module] key store,” said Ilan Frank, director of Slack’s enterprise products.
Cisco Webex Teams lets businesses manage encryption keys on premises or in the cloud. It also provides end-to-end encryption. In contrast, Slack only encrypts data in transit and at rest, which means the data may get decrypted at certain routing points in the cloud.
Slack has no plans to change its encryption model, Frank said, citing potential “usability drawbacks” related to search and advanced app and bot features.
Symphony also offers end-to-end encryption and enterprise key management. Its team collaboration app has found a niche among banks and other financial firms, which generally have strict compliance and regulatory standards.
“I think, from Slack’s case, it’s a good first step in allowing customers to control their own keys,” said Zeus Kerravala, founder and principal analyst at ZK Research in Westminster, Mass. But Slack should also ensure businesses can store those keys in their own data centers and eventually pursue end-to-end encryption, he said.
Slack’s enterprise key management feature will be particularly useful for external communications done through Slack, said Alan Lepofsky, a vice president and principal analyst at Constellation Research, based in Cupertino, Calif.
When partners communicate through a shared channel in Slack, the company that established the channel will have control over the encryption keys.
“I think this will be a very important use case, as it’s that external communication where you really want to ensure security and privacy,” Lepofsky said.
Slack expects to make enterprise key management available for purchase to Enterprise Grid customers sometime this winter.
Slack looks to appeal to more large enterprises
Slack launched Enterprise Grid last year in an attempt to expand beyond its traditional base of teams and small businesses. The platform lets large organizations unify and manage multiple Slack workspaces.
Slack said in January that more than 150 organizations had deployed Enterprise Grid, including 21st Century Fox, Target, Capital One and IBM. But the vendor did not mention the product in May when it announced that 8 million people at more than 500,000 organizations worldwide were using Slack daily.
As the vendor tries to win more contracts with large businesses, Slack faces competition from vendors that already have deep penetration in the enterprise market — notably Cisco and Microsoft.
Cisco recently tied its team collaboration app to the online meetings platform Webex, which has 140 million users. Also, Microsoft has been aggressively building out the features of Microsoft Teams, which integrates with the Office 365 productivity tools relied upon by 135 million people.
“[Enterprise key management] is an important addition to Slack as it becomes more mature for enterprise needs,” Lepofsky said.