Slack’s Enterprise Grid gets security and compliance enhancements

More than 150 large organizations now use Enterprise Grid, which was unveiled a year ago.

#slack signage
Scott Webb (CC0)

Slack has unveiled a raft of new security and compliance features aimed at boosting the appeal of its Enterprise Grid product among IT leaders and admins.

While Slack has tended to be adopted on a team-by-team basis, Enterprise Grid offers centralized management of the team chat application on a company-wide basis and supports up to 500,000 users.

A year after its launch, Enterprise Grid has been deployed by 150 businesses globally. The largest deployment is IBM, which has more than 110,000 daily active users. There are several other Enterprise Grid customers with between  50,000 and 100,000 daily users.

Slack now counts Capital One, Target and Conde Nast as among its biggest clients.

App management and user on-boarding

Among the new features is the addition of a new Apps page to the Slack Admin Dashboard. This improves oversight of how apps are used and managed across every workspace in an organization, providing insight into who installed an app, for example, or what channels they are used in.

“So you can do an audit of your apps across the entire organization,” said Ilan Frank, head of Enterprise Product at Slack.

It will also be possible to deploy or restrict an app across an entire organization. A company might, for example, decide to install an in-house developed helper bot on every workspace, said Frank, rather than leaving control of that process to a workspace admin. 

org app management Slack

Slack has bolstered the platform's ability to manage apps company-wide.

Slack also moved to help large organizations looking to on-board new users onto the platform. A new workspace discoverability service helps those  users find relevant workspaces by entering the names of colleagues they work closely with, offering self-governance.

Frank said that move came in response to enterprise customers who wanted ways of simplifying the process of bringing employees onto the collaboration software.

The latest changes highlight how Slack is having to adapt its product – initially aimed at smaller teams or groups of staff – to larger organizations. “This is not like a 500-person company where you can easily send the 10 or so people that start every month to a Slack on-boarding class,” Frank said. “You are talking a 50,000 or 100,000-person company; that is a lot more complicated.” 

Raul Castañon-Martinez, senior analyst at 451 Research, said the new features should help enhance Slack’s enterprise-friendliness as deployments of the tool grow in scale.

“Slack’s success is closely tied to organic, bottom-up adoption; this means that employees find value in it,” Castañon-Martinez said. “The new features show that Slack is also paying close attention to the other part of the equation: enterprise requirements for management and security.

“The new product features Slack’s commitment to continue building an enterprise-grade platform,” he said.

Security and compliance additions

Slack has also made changes to its compliance processes and features. It is now possible to create a Custom Terms of Service that all employees must sign before logging in to Slack. Custom Terms of Service can be applied to guest accounts too, which could differ from those provided for staff and require an NDA, for example. 

Furthermore, if terms of service are changed in future, users will be required to sign them again in order to access the application again. Slack also tracks which employees and guests have signed the terms of service.

“For our large enterprise [customers], this was key for using a cloud-based system,” said Frank.

custom terms of service Slack

Companies can now create customized Terms of Service for Slack users.

Slack also rolled out enhancements to security and data protection.

An Audit Log API lets admins monitor and audit more than critical events within the applications. This includes file downloads, login activity and workspace permission changes. The API can be integrated into monitoring tools such as Splunk and Sumo Logic to watch for abnormal activity and receive alerts.

And Slack has improved its enterprise mobile management (EMM) support. Integrations with more than a dozen EMM vendors were unveiled last summer, including VMware Airwatch, MobileIron and Blackberry. Now, Slack will allow admins to block “copy and paste” functions on mobile devices, to prevent file and text data leakage - a feature that was sought by financial service clients in particular, said Frank.

Also in the works are device-level security controls, including app-specific passcodes and a force logout function.

“I meet a lot of CISOs and they say, ‘That’s great, we love Slack, our employees love Slack, but I need this feature, things like block copy-paste, before we can roll it out to the entire company,’” said Frank.

Castañon-Martinez said that the enhanced compliance and management capabilities will help Slack appeal to IT decision-makers and could “counter Microsoft’s position” as the Slack rival pushes its own group chat tool, Teams.

Still, as a relatively new company, Slack has more to do in terms of convincing large enterprises to invest in organization-wide deployments of its product, he said. “The biggest challenge for Slack is changing the conversation, which for many years has been dominated by the industry incumbents,” said Castañon-Martinez.

“Tools like Slack show that organizations are already moving beyond traditional business communications and collaboration, but the framework is still Unified Communications.”

This story, "Slack’s Enterprise Grid gets security and compliance enhancements" was originally published by Computerworld.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon