Organizations’ greatest fear when moving to the cloud is losing control over data. But the story of how to enforce controls for organizations’ most sensitive data has evolved over time.
At first, companies were interested in blocking high risk cloud services. Now that more and more companies are strategically adopting enterprise cloud services, their focus has shifted to securely enabling cloud applications that help their business. In our McAfee Cloud Adoption and Risk Report, we discovered that almost 72 percent of data in the cloud is uploaded to enterprise applications, and 21 percent of all files contain sensitive data. Securing high value data in a handful of sanctioned cloud applications is now the top cloud security priority for organizations.
Slack has rapidly risen to become one of the most-used enterprise applications. Slack, the workplace communication app that began as a way for gamers to communicate, now has 10 million daily active users, the company reported earlier this year. That’s up from 4 million daily active users in 2016 and 8 million last year.1
Employees use Slack to collaborate in real-time, exchanging anything from lines of code to files in a range of formats. Whether it’s a product team planning a new release, an operations team discussing infrastructure or a marketing team discussing product collateral and releases with outside vendors or partners employees exchange critical business information both within and outside the organization through Slack. Enterprise customers across industries have rolled out company-wide deployments to thousands of users, tasking IT security teams with enforcing controls at scale.
Now Slack has become the latest leading cloud providers to enable customer control over their data. Encryption with customer-managed keys empowers Slack customers to implement another line of assurance on top of the robust security controls offered through McAfee’s partnership with Slack. This announcement is a breakthrough for companies that want to use Slack without outsourcing ownership of encryption keys to their SaaS provider.
BYOK: The Final Frontier for Cloud Control
Encryption serves as a critical tool for enterprise data security and compliance. Before moving to the cloud, companies encrypted their data in on-premises data bases and applications. With the shift of computing into the cloud, encryption has become standard for enterprise cloud services.
While many enterprise cloud services encrypt data to satisfy their customers’ policy requirements, the level of control customers have over encrypted data varies. Encryption with customer-managed keys offers cloud customers the highest level of security and control over their data. In this configuration, customers have the sole power to unencrypt data with their own managed keys. Bring-your-own-keys (BYOK) encryption provides additional peace of mind for organizations with strict security requirements; cloud customers can remove access to data through an application at any time by revoking the keys.
Slack has seen rapid growth in the enterprise as a powerful collaboration platform. Security teams can power strategic initiatives such as agile development or sharing with external partners by securely enabling Slack. With Enterprise Key Management for Slack, Enterprise Grid customers can encrypt data with their own encryption keys, regaining the final layer of control that organizations had for data encrypted on-premises. Customers can manage their keys in the AWS Key Management Service (KMS).
Operational Slack Security at Scale
Companies relying on Slack for organization-wide collaboration need to address the risks to sensitive data shared across teams, geographies, and external partners. They also need to consider the security of user behavior, whether concerning accidental security blunders, malicious insider threat, or compromised accounts.
Enforcing these security requirements across thousands of users and devices calls for a dedicated Slack security solution. McAfee MVISION Cloud for Slack provides a comprehensive set of capabilities for total control over data and user activity. With the availability of Enterprise Key Management, Slack customers can enforce an additional element of control as part of their Slack security approach.
Companies looking to enable secure collaboration with Slack can implement the following capabilities:
- Data loss prevention to secure sensitive data uploaded to Slack, based on identification with a multi-faceted content analytics engine
- Collaboration control preventing unauthorized sharing of sensitive data, within and outside the organization
- Access control to enforce security policies on the context of device type, user, activity, geography, department, and more.
- Activity monitoring to efficiently and comprehensively investigate incidents with a detailed audit trail
- Threat protection powered by machine learning to identify anomalous behavior indicative of a threat
Integrating Slack with a Cloud-Native Security Strategy
Companies that strategically leverage cloud services develop holistic approaches to managing cloud risk. This process spans evaluating the security of cloud services, standardizing on selected providers, and monitoring risks to users and data in real-time.
A designated cloud security platform such as a cloud access security broker (CASB) helps enterprises centrally manage all aspects of cloud risk without impacting the usability and business features that drive organizations to the cloud in the first place. For example, a CASB can provide risk ratings for cloud collaboration applications, block high-risk services while coaching users to sign up for Slack, and ensure that centralized security policies apply to all data transactions within Slack.
Slack has reached maturity as a critical business tool. With robust security features like Enterprise Key Management, IT teams can satisfy their strictest security requirements while providing a collaboration solution that employees love. A CASB allows security teams to prioritize and execute Slack security as part of the enterprise cloud portfolio.
For more information: