Slack security basics

Slack has taken companies by storm, and with good reason: The communications platform makes it easy and convenient to chat with co-workers, collaborate on projects, and share files all in one place while virtually eliminating internal emails. But with so much information being shared among large groups of people, it can be hard to stay vigilant when it comes to Slack security. While Slack security provides some protection measures by default, it’s still pretty easy for sensitive data to slip through the cracks, possibly allowing unauthorized users to view confidential files containing sensitive information like PHI and PII. One method to reinforce Slack security is with product like Sookasa’s Slack Audit or File Scan that layers onto the platform to offer DLP, visibility, and enforcement measures. Let’s take a look at what Slack security already offers—and how it can be enhanced to keep files compliant and secure.

Slack security by default

Business customers who use Slack’s paid version can rely on fairly robust Slack security that lets team administrators enable two-factor authentication, access logging, single sign-on, and the deletion of customer data, to name a few. Slack security also includes customer data confidentiality, secure processing of credit card information, encryption in transit, and external security audits. Many of these security options are great for deterring hackers and mitigating employee mistakes—but they don’t address visibility or file encryption as strongly as they should when there’s so much data proliferating in the cloud.

How Sookasa works with the platform to enhance Slack security

As a fully-integrated CASB, Sookasa integrates seamlessly with Slack to let administrators monitor their teams’ activities and deliver even better Slack security. One of the downsides that comes with Slack’s productivity advantages is the difficulty in controlling all the various channels, who’s subscribed to what, and where information is being posted. Slack has become a hub for corporate communications (with employees sending more than 300 million messages on the platform), incorporating file sync-and-share solutions like Dropbox and Google Drive—but now there’s just too much data. It’s almost certain that, without any additional protection, files containing things like Social Security numbers, credit card numbers, intellectual property, and PHI are unintentionally being sent around to people who shouldn’t be seeing them.

Sookasa’s product integrations with Slack—Slack Audit and File Scan—change that by using Slack’s API to let administrators detect high-risk files and monitor activity in real time. File Scan allows admins to search for keywords or patterns (like SSNs, credit card numbers, or names of high-profile clients) across the platform—including in attachments and emails—to make sure information isn’t getting shared in an unsafe manner. Slack Audit lets administrators monitor file-sharing patterns to make sure files are being shared securely inside and outside of the organization; instantly detect anomalies in user access and sharing strategies; and gain visibility into data on the cloud. The easy-to-use Dashboard puts all the relevant information in one place, granting administrators a way to centrally control all aspects of a company’s Slack activity. What’s more, companies already using Sookasa’s encryption platform can share encrypted files within Slack as well; this means that no unauthorized user will be able to access these sensitive files and they’ll remain encrypted on mobile devices, too.

Coupling these additional strategies with default Slack security is a smooth way to promote collaboration without stifling the workflow. Nothing has to get deleted (as with Slack’s own bulk delete solution) making it easier to keep track of past projects, and no new interface interrupts the communication Slack users know and love.

As more and more companies get on board with Slack, it’s important to keep Slack security top of mind. With Sookasa, Slack security becomes second-nature.