Latest Slack security updates widen gap between Grid, Plus plans

Slack plans to provide several security and compliance tools to its largest enterprise customers. The move widens the gap between the vendor's premium offering, Enterprise Grid, and its lower subscription tiers, even though customers of all plans have been seeking better security. 

Two new mobile security features are available today for Enterprise Grid. IT administrators can now block users from downloading sensitive files or copying confidential messages on mobile devices. Businesses can also require facial recognition, fingerprint scans or passcodes to access the Slack mobile app.

Another new security tool benefits both Enterprise Grid and Slack Plus customers. It lets administrators prevent access to unauthorized Slack workspaces on their corporate networks by whitelisting preapproved Slack instances.

In the coming weeks, Slack will give Enterprise Grid customers the ability to remotely delete the contents of a user's mobile or desktop app if a device is lost or stolen, a power currently available only through third-party software.  

Later this year, Slack will let Enterprise Grid administrators require users to open web links in specific mobile browsers and to upgrade the mobile app every time Slack updates its software. By early 2020, those customers will be able to block file downloads to the desktop when someone accesses Slack from a suspicious IP address.

The updates make native to the Slack platform security tools previously obtainable only through the purchase of third-party software, such as a mobile device management (MDM) system. The vendor is also going beyond what those products can provide by giving customers more control over the Slack app.

Application-level security tools are often essential because sometimes employees resist installing MDM software on their personal smartphones. Also, companies can use such tools to protect their data when collaborating with external partners through Slack.

"I can't force my partner to load my MDM solution, but they are going to load my Slack app, so I can control what happens within Slack," said Larry Cannell, analyst at Gartner.

Microsoft has a robust set of mobile device and application management tools called Microsoft Intune, which businesses can use in connection with rival app Microsoft Teams. Although not an apples-to-apples comparison, Slack is arguably playing catch-up with Microsoft in that regard, Cannell said.

But Slack is once again mostly leaving behind Standard and Plus subscribers as it boosts security for its enterprise accounts.

The most glaring discrepancy among the plans is the inability to integrate Standard and Plus with E-discovery and data loss prevention software. Enterprise Grid also supports more advanced features such as enterprise key management and HIPAA compliance.

"I cannot comment on their product strategy," Cannell said, saying the subject was outside his research coverage area. "However, I can confirm that clients are frustrated about the notable gap between Plus and Grid."

In an interview at the Slack Frontiers conference in April, Slack's enterprise product director, Ilan Frank, acknowledged that businesses subscribing to the lower tiers wanted better security controls, too.

"We are hearing demand for security features in other SKUs, and so we're thinking about how we provide answers for that," Frank said previously. "There are all kinds of features that we could take and move to the regular plan, but then we'd have one plan."

In a statement Thursday, Slack pointed out that Plus integrates with single sign-on software and gives businesses a self-service tool for exporting files and messages for compliance purposes.

"Enterprise Grid is our dedicated product for large or complex organizations that, often for regulatory requirements, require our most advanced security features," Slack said. "We work closely with customers to find the right solution for their needs, and are always open to customer feedback."