Slack launches encryption keys so businesses can protect their data

Slack today introduced enterprise key management (EKM), a tool that allows businesses to create their own security keys and control encryption and decryption of conversations, files, and data they share in Slack.

The security measure was first previewed last fall at the Slack developer conference Frontiers and described at the time by head of product April Underwood as a tool that delivers the promise of on-premise security with the benefits of the cloud.

Work on enterprise key management started 15 months ago, Slack head of enterprise product Ilan Frank told VentureBeat in a phone interview.

The EKM was built internally but relies on Amazon’s KMS to manage encryption and decryption keys. Organizations can control an additional layer of encryption without interfering with the operation of Slack apps.

“So today all data in Slack is encrypted at rest and in transit — but in rest, specifically. We, of course, have keys to those, and this now puts that control in the customer’s hands,” Frank said. “It’s a feature that our large customers have been asking for for a very long time.”

EKM is likely to appeal to privacy-conscious organizations such as banks, companies that deal with large amounts of intellectual property, and professional services that must maintain high privacy restrictions to protect sensitive customer data.

Encryption is carried out in a layer that sits between the Slack database and Slack client and is only available for Enterprise Grid customers.

With some EKM services, a customer gets one root key to encrypt their data and if they want to revoke access they have to kill access to all data, Frank said. Slack’s EKM can revoke keys and limit access to data down to a specific channel or time of day and avoid that kind of interruption.

“So it’s really at the end of the day that EKM comes with a promise that it really can’t fulfill. So what we did instead is … use key parts in order to create a key, and that key part is created from an organization ID, a workspace ID, a channel ID, and an hour ID,” he said. “That granularity now makes EKM something that provides utility rather than just an empty promise.”

This is the latest feature upgrade on the Slack product development roadmap, following the introduction last month of Slack’s Block Kit to simplify the Slack app design process and add rich features like photos and video.

Also last month: Slack confidentially filed for an initial public offering.