Why it matters: Slack is looking to enhance its security controls by making it easier for admins to control access to workspaces and organizational data. With Microsoft utilizing its dominance in enterprise, Slack is trying to shore up its security to compete.
Just weeks after announcing an updated desktop app, Slack is announcing updated security controls called Enterprise Grid that promise greater control over who can access Slack spaces and increased compliance with industry requirements.
"These new features are designed for leaders who want to modernize and improve how their organizations work, while maintaining compliance with their industry- or company-specific security policies," Slack said in their blog post. "It’s all part of our ongoing commitment to providing IT leaders and enterprise admins with the tools they need to deploy Slack to thousands of employees in a safe, secure and centralized way."
First, Slack is adding new functionality to allow administrators to control access to their organization's data and on what devices. This includes mobile devices where admins can enable two-factor authentication (2FA) using biometric data (i.e. fingerprint, facial recognition) or app passcode. Admins can also delete sessions that are associated with a particular user if the user's device is stolen or misplaced. There are also additional controls for smartphones that can block access to Slack if the device is rooted or jailbroken as well as force app updates.
Second, Slack is adding new domain whitelisting tools that control which spaces can be accessed within a corporate network. This is supposed to prevent unauthorized access to workspaces and keep sensitive data from being shared. Additionally, there will be controls to restrict downloading files or even copying messages.
To tighten the security even further, Slack is planning a future update that will allow admins to block file downloads on desktops that are not in approved IP address ranges. The company is also adding a feature that will force all links shared in mobile version of Slack to open in a specific browser. This would allow the company to enforce policies via a mobile device manager like MobileIron or AirWatch.
Last month, Microsoft revealed that their Slack competitor, Teams, had leapfrogged over Slack in terms of daily users. Considering Microsoft's dominance in the enterprise market, Slack needed to prove that it could provide the same level of security to match the behemoth that is Microsoft.
That said, Slack is still one of the most widely used collaboration tools. It's so popular that even Microsoft itself had to ban the use of Slack internally in lieu of its own product. The addition of tighter security controls could go a long way to keep existing Slack users away from the competition.