Illustration of a lock and key, representing security at Slack.

Security at Slack: How Slack Protects Your Data

Our number one value: Maintaining your trust. Learn how Slack keeps your organisation safe and productive.

Author: Kevin Clark, VP of Security at Slack30th October 2024

Slack is committed to providing a secure and reliable work operating system for organisations of all sizes. Our layered security approach, robust features, and commitment to compliance give information security and IT professionals the peace of mind they need to focus on their core business objectives, knowing that their data is protected.

Our white paper, “Security at Slack” will help you stay up to date on how you can keep your data secure and compliant. This white paper offers a detailed look into how we maintain the security of Slack, along with security best practices for IT professionals. Read on for a quick rundown of what you’ll learn in the white paper.

Slack’s multi-layered security approach

Slack employs a multi-layered security approach in every aspect of our work operating system, from the underlying infrastructure to the features you and your employees love to use each day. Here’s a closer look at some of the security measures we have in place:

  • Encryption: Slack encrypts data both in transit, using TLS 1.2 protocols, and at rest, using FIPS 140-2 compliant encryption standards, ensuring that your data is protected from unauthorised access.
  • Network security: Slack restricts network access from public networks to the production environment and hardens the hosts therein according to industry standards.
  • Secure development: A robust Secure Development Lifecycle (SDLC) with code reviews, continuous integration testing, and a public bug bounty program is used to identify and mitigate potential vulnerabilities.
  • Access control: Multi-factor authentication is required for all administrative access, and access to privileged commands is restricted and logged.
  • System monitoring: Slack continuously monitors its infrastructure for suspicious activity, with all production logs securely stored and accessible only by authorised security personnel.
  • External audits: Independent third-party audits and penetration tests are conducted regularly to assess and continuously improve Slack’s security posture.

Ensuring companywide safety and compliance

Slack meets industry-leading security standards and has achieved numerous certifications and attestations to give customers peace of mind that Slack can help  meet their compliance requirements.

List of all of Slack's compliance certifications and attestations

List of all of Slack's industry regulations

 

Reducing risk with Slack security features

Slack includes a robust set of security and data protection features that give you the control, visibility, and flexibility you need to protect your data with confidence, without compromising agility. These features include:

Identity and device management

Data protection

  • Enterprise Key Management (EKM) is an additional layer of protection available to our Enterprise Grid customers, providing enhanced control over encryption keys.
  • Data Loss Prevention (DLP) in Enterprise Grid as well as integrations with leading third-party DLP solutions can be used to prevent sensitive data from being shared in or leaving Slack.
  • Audit logs provide insights into user activity and potential security events.
  • Anomaly events are a special part of the Audit Logs API that help surface unexpected app and user behaviors that may be considered risky in your environment. The Audit Logs API allows easy integration with leading security information and event management (SIEM) and security orchestration, automation, and response (SOAR) tools so security teams can recognise indicators of compromise and quickly take action.

Information governance

  • Data retention policies and eDiscovery capabilities help you meet regulatory and legal requirements.
  • Customisable terms of service (TOS) ensure that users understand and adhere to your organisation’s security policies.

Slack AI: Secure by design

  • Slack AI, Slack’s generative AI capability, is built with a security-first mindset. Slack AI uses self-hosted large-language models (LLMs) that sit within a secure virtual private cloud (VPC) to ensure that your data never leaves Slack and cannot be used to train external models.
  • Slack AI uses Retrieval augmented generation (RAG) to append relevant Slack data to a prompt before running it through LLMs. This helps improve the quality of the LLM output without requiring additional training with customer data. RAG minimises hallucinations and allows the model to cite sources, a key tenant of our transparent design.

Proactive security measures

Slack also provides you with tools and resources to help you lead the way with proactive security measures at your organisation. You can:

  • Activate and integrate Slack’s Audit Logs API with your security tools
  • Set up two-factor authentication for all users
  • If your company uses an identity provider, consider upgrading and configuring single sign-on for Slack
  • Engage with the Salesforce Trailblazer community for more security resources and hands-on training that can further strengthen your security posture and minimise risks.
  • Take advantage of Slack Professional Services. We’ll work with you to assess your current security posture and workspace design, provide actionable recommendations for how you can better protect your Slack environment, and help you execute on the remediation plan.

Our number one value is maintaining your trust

At Slack, our number one value is maintaining your trust, and we are committed to providing a reliable, secure platform to help make your teams more productive. To learn more about Slack’s security features and best practices, download our new white paper, ‘Security at Slack,’ and talk to the Slack team.

Was this post useful?

0/600

Nice one!

Thanks a lot for your feedback!

Got it!

Thanks for your feedback.

Whoops! We’re having some problems. Please try again later.

Keep reading

News

Introducing Data Residency for Slack in Singapore

News

Secure your Slack data with best practices, enhanced threat detection and alerting controls in Slack

Enterprise-grade security is woven into every aspect of how users collaborate and get work done in Slack.

News

How Slack protects your data when using machine learning and AI

News

Defence in depth: Three new security features to protect your digital HQ

Offering even more transparency, these enhancements empower teams to feel secure as they embrace the future of work