Slack encryption will soon include enterprise key management

Slack will soon give businesses an additional level of security by letting them manage their encryption keys. The feature will appeal to a small number of large organizations for now, but it could help the startup expand its footprint in the enterprise market.

Slack already encrypts the messages and files that flow through its cloud-based team collaboration app. Now, the vendor plans to give control of the keys that unlock that encryption to businesses using Enterprise Grid, its premium platform for large organizations.

"Enterprise key management is another significant step that Slack needs to take to meet increasing security demands -- and according to their promise, without hurting speed or usability, [which are] common side effects of EKM," said Wayne Kurtzman, analyst at IDC.

Slack touted the forthcoming feature as providing "all the security of an on-premises solution, with all the benefits of a cloud tool." But the vendor clarified that the keys will be created and stored in Amazon's public cloud.

"In the future, we may expand this offering to support an on-prem or private cloud [hardware security module] key store," said Ilan Frank, director of Slack's enterprise products.

Cisco Webex Teams lets businesses manage encryption keys on premises or in the cloud. It also provides end-to-end encryption. In contrast, Slack only encrypts data in transit and at rest, which means the data may get decrypted at certain routing points in the cloud.

Slack has no plans to change its encryption model, Frank said, citing potential "usability drawbacks" related to search and advanced app and bot features.

Symphony also offers end-to-end encryption and enterprise key management. Its team collaboration app has found a niche among banks and other financial firms, which generally have strict compliance and regulatory standards.

"I think, from Slack's case, it's a good first step in allowing customers to control their own keys," said Zeus Kerravala, founder and principal analyst at ZK Research in Westminster, Mass. But Slack should also ensure businesses can store those keys in their own data centers and eventually pursue end-to-end encryption, he said.

Slack's enterprise key management feature will be particularly useful for external communications done through Slack, said Alan Lepofsky, a vice president and principal analyst at Constellation Research, based in Cupertino, Calif.

When partners communicate through a shared channel in Slack, the company that established the channel will have control over the encryption keys.

"I think this will be a very important use case, as it's that external communication where you really want to ensure security and privacy," Lepofsky said.

Slack expects to make enterprise key management available for purchase to Enterprise Grid customers sometime this winter.