Secure your Slack data with best practices, enhanced threat detection and alerting controls in Slack

Enterprise-grade security is woven into every aspect of how users collaborate and get work done in Slack.

By the team at Slack20th September 2024

Trust is the bedrock of our company. For over a decade, Slack has delivered industry-leading levels of security, performance and availability to organisations of all sizes – from non-profit organisations and large government agencies to the majority of the Fortune 100.

Slack operates with the highest security standards to protect our customers. Despite recent reports, we have no evidence of any existing vulnerabilities within the Slack platform. 

 

Cybersecurity is a shared responsibility. While Slack builds enterprise-grade security into everything that we do and provides the necessary tools and resources to protect your data, it is also up to you to implement security controls and best practices to further strengthen the security of your Slack Enterprise – especially when the majority of security breaches involve cybercriminals taking advantage of human error.

Enterprise-grade security is woven into every aspect of how users collaborate and get work done in Slack, including robust security and detection features built to give you the control, visibility and flexibility needed to manage security challenges. While we provide many controls within the Slack platform to ensure your workspace security, company data security is only as strong as the collective controls put in place by each organisation. Examples of such controls include endpoints (malware scanning), strong user access controls (MFA), user awareness (training) and restricting unmanaged device access to company resources (personal devices). Defence in depth provides security resilience for your enterprise.

We want to draw attention to features and best practices that will help to keep your organisation secure. While not exhaustive, we’ve included additional links to give you the insights needed to make informed decisions for your organisation and its security posture.

Set up two-factor authentication

Two-factor authentication (2FA) is an extra layer of sign-in security. With 2FA enabled, users enter a verification code from their mobile device in addition to their Slack password. Using 2FA ensures that even if a password is compromised, access to Slack won’t be granted unless the person signing in is verified from their device.

Users can choose to enable 2FA if they like, but workspace owners and workspace admins can make 2FA mandatory for members. If your company uses an identity provider, consider upgrading and configuring single sign-on for Slack.

Identity and device management

Slack allows you to manage users and groups, streamline authentication using your identity provider, and assign roles and permissions. We give you the solutions to help you ensure that only the right people and approved devices can access your company’s information in Slack.

Identity and access controls

  • SAML-based single sign-on
  • Session duration
  • Two-factor authentication
  • User and group provisioning via SCIM/JIT
  • Domain claiming

Device management 

  • Enterprise mobility management (EMM)
  • Secondary authentication
  • Session management
  • Block message copy and file download
  • Default browser control
  • Block jailbroken or rooted devices
  • Minimum app version

Data protection, detection and alerting

By default, Slack encrypts data at rest and data in transit as part of our foundational security controls. We also provide tools that give you even more visibility and control.

  • Enterprise Key Management (EKM)
  • Data loss prevention (DLP)
  • Native DLP for Slack Connect
  • Native audit logs
  • Audit logs API (more on this below)
  • Legal holds
  • Block file downloads and copying
  • Grid workspace discovery
  • App and integration management
  • Data residency

Information governance 

Slack offers governance and risk-management capabilities that are flexible enough to meet your organisation’s needs, no matter what they are.

  • Global retention policies
  • E-discovery
  • Data exports
  • Custom terms of service (TOS)

How our audit log API can help you to detect suspicious behaviour inside Slack

Slack’s Audit Logs API offers real-time access to audit events within Enterprise Grid organisations, allowing owners to monitor user actions and safeguard against inappropriate access. This API supports integration with tools such as security information and event management (SIEM) and security orchestration, automation and response (SOAR), providing visibility into security issues and suspicious user behaviour such as large-scale downloads of corporate data. Anomaly events are a special part of the Audit Logs API that help to surface unexpected app and user behaviours that may be considered risky in your environment.

It’s read-only, meaning it doesn’t write events or assess the appropriateness of actions. While it doesn’t monitor message content, it can feed access data for custom apps or compliance solutions such as e-discovery or data loss prevention.

Trust and security are our top priority. We care about protecting your data and building a service that you can trust. For more security tips to protect your workplace, see here. To learn more about Slack’s security features, please visit https://slack.com/trust/security.

Was this post useful?

0/600

Nice one!

Thanks a lot for your feedback!

Got it!

Thanks for your feedback.

Whoops! We’re having some problems. Please try again later.

Keep reading

News

Introducing Data Residency for Slack in Singapore

Collaboration

Security at Slack: How Slack Protects Your Data

Our number one value: Maintaining your trust. Learn how Slack keeps your organisation safe and productive.

News

How Slack protects your data when using machine learning and AI

News

Defence in depth: Three new security features to protect your digital HQ

Offering even more transparency, these enhancements empower teams to feel secure as they embrace the future of work