Slashdot Mirror

← Back to Stories (view on slashdot.org)

Slack Hands Over Control of Encryption Keys To Regulated Customers (techcrunch.com)

Posted by msmash on from the interesting-moves dept.

Business communications and collaboration service Slack said today that it is launching Enterprise Key Management (EKM) for Slack, a new tool that enables customers to control their encryption keys in the enterprise version of the communications app. The keys are managed in the AWS KMS key management tool. From a report: Geoff Belknap, chief security officer (CSO) at Slack, says that the new tool should appeal to customers in regulated industries, who might need tighter control over security. "Markets like financial services, health care and government are typically underserved in terms of which collaboration tools they can use, so we wanted to design an experience that catered to their particular security needs," Belknap told TechCrunch. Slack currently encrypts data in transit and at rest, but the new tool augments this by giving customers greater control over the encryption keys that Slack uses to encrypt messages and files being shared inside the app.

He said that regulated industries in particular have been requesting the ability to control their own encryption keys including the ability to revoke them if it was required for security reasons. "EKM is a key requirement for growing enterprise companies of all sizes, and was a requested feature from many of our Enterprise Grid customers. We wanted to give these customers full control over their encryption keys, and when or if they want to revoke them," he said. Further reading: Slack Doesn't Have End-to-End Encryption Because Your Boss Doesn't Want It.

32 comments

  1. hand control to their dongers by Anonymous Coward · · Score: 0, Troll

    and send that splurt of keys into my boy-butthoals,

    1. Re: hand control to their dongers by Anonymous Coward · · Score: 1

      Foomp foomp foomp...here it comes foompfoompfoompfoomp...you ready? Foompfoompfoompfoompfoomp...
      Kreygasm

  2. Or just use your own secure IRC server by Anonymous Coward · · Score: 0

    Why pay these guys

    1. Re:Or just use your own secure IRC server by higuita · · Score: 1

      or riot.im and if you want even more, install your own server and federate it

      --
      Higuita
  3. BlackBerry had this years ago. by prunus.avium · · Score: 4, Informative

    It was one of the selling points for enterprise customers. The BlackBerry Enterprise Server (BES) maintained the keys and was owned by the customer.

    1. Re:BlackBerry had this years ago. by Anonymous Coward · · Score: 0

      The same company whose ceo shamed Apple for not handing over encryption keys to the FBI?

    2. Re:BlackBerry had this years ago. by Anonymous Coward · · Score: 0

      I'm just glad my name is not Geoff. That's some medieval weird shit.

    3. Re:BlackBerry had this years ago. by 93+Escort+Wagon · · Score: 1

      Heck, IRC had this years ago.

      --
      #DeleteChrome
    4. Re:BlackBerry had this years ago. by Anonymous Coward · · Score: 0

      It was one of the selling points for enterprise customers. The BlackBerry Enterprise Server (BES) maintained the keys and was owned by the customer.

      The half-life of a brain employed in IT is about five years if we're being generous.

  4. Is the keys are managed on Amazon Web Services... by Anonymous Coward · · Score: 0

    ... how is this providing better security?

    With the cross VM vulnerabilities in IT hardware this seems more a PR exercise than something that actually does the job (say, managing the keys in a client's on premises hardware).

    With all the illegal spying NSA Does/Did (... right) managing on any shared hosting solution seems to be not that much of an improvement - or am i missing something here?

  5. Not news by Anonymous Coward · · Score: 1

    Slack is used at work and the company SHOULD be in control of those keys.

    This has nothing to do with personal privacy of anyone working or not working there, and nothing to do with the government's shortsighted effort to get all our encryption keys.

  6. The keys are managed in the AWS KMS key management by Anonymous Coward · · Score: 1

    so amazon owns the keys?

    In my experience, keys are generated by a computer that has never been connected to the internet and transferred by sneakernet.

    How can a middleman possibly have your keys? Then they are you.?!?!

  7. Re:The keys are managed in the AWS KMS key managem by Anonymous Coward · · Score: 0

    You mean you don't give your car and house keys to the friendly Walmart employees when you go shopping?

  8. will corporate jobs allow slack now? by Micah+NC · · Score: 2

    I've only seen slack at smaller type shops.

    I wonder if this will scratch the security itches to get it approved at the larger firms.

    Wishful thinking?

    1. Re: will corporate jobs allow slack now? by Anonymous Coward · · Score: 1

      Just what I need, yet another communication and "productivity" application to allow people to pester me incessantly and waste bandwidth with cat pictures.

      But it has persistent conversations! Ya, so does fucking email.

    2. Re:will corporate jobs allow slack now? by brunes69 · · Score: 1

      Thats far from true. A number of Fortune 100 companies use Slack. In fact I know of a Fortune 50 company with over 300,000 employees who uses Slack company-wide.

    3. Re:will corporate jobs allow slack now? by Anonymous Coward · · Score: 0

      Slack is officially in-use at some of the largest companies in the world.

    4. Re:will corporate jobs allow slack now? by Actually,+I+do+RTFA · · Score: 2

      Why would that excite you. I don't know why people get so excited by slack, can you sell me?

      --
      Your ad here. Ask me how!
    5. Re: will corporate jobs allow slack now? by Anonymous Coward · · Score: 0

      Anecdotes are like assholes...

    6. Re:will corporate jobs allow slack now? by Anonymous Coward · · Score: 0

      Using slack in any kind of enterprise is retarded. Slack is a huge backdoor trojan running with root. Or any other electron bulshit for that matter.

    7. Re: will corporate jobs allow slack now? by jon3k · · Score: 1

      You only need one example to disprove an absolute. If only there were some way we could find out who was using it...

      (Spoiler: IBM, NASA JPL, BBC, Lyft, PayPal, Capital One, etc.)

  9. Blackberry vs RCMP by future+assassin · · Score: 2

    The RCMP have backdoor access to Blackberry. https://www.ctvnews.ca/canada/...

    --
    by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
    1. Re:Blackberry vs RCMP by Anonymous Coward · · Score: 0

      BIS or BES?

    2. Re:Blackberry vs RCMP by prunus.avium · · Score: 2

      From TFA:

      All three experts pointed out that the key could not be used on the BlackBerry Enterprise Server phones which are typically used by corporations and governments.

      The BlackBerry Internet Service (BIS) ran through BB's own server so they had to have the keys. The BES keys were never held by BB.

    3. Re:Blackberry vs RCMP by Octorian · · Score: 1

      Everyone praising BlackBerry's security was only speaking truths about BES.
      Everyone mocking BlackBerry's security was only speaking truths about BIS.

      This was extra amusing and/or annoying when people only using BIS would talk about how they had all this security on the platform (that really only existed with BES).

  10. Had Slack at 2 different jobs and not at 1 job by Anonymous Coward · · Score: 0

    Had slack at 2 different large companies for teams outside of Financials.
    Couldn't get Slack or any cloud based equivalent for large company when working for a team in the financials area.

    Did not need mobile version of Slack at one of the three jobs - manager said it was an interrupt based productivity killing machine.

    1. Re:Had Slack at 2 different jobs and not at 1 job by nitehawk214 · · Score: 2

      While I agree that it is a "interrupt based productivity killing machine", most managers can't figure that out. I get a regular email that might take some time, then a manager showing up to as "did you see my email. Cool." With no further discussion.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    2. Re:Had Slack at 2 different jobs and not at 1 job by Anonymous Coward · · Score: 0

      Politely asking how much time would it take to read 200 emails a day and respond to half of them works well.

      Favorite multitasking response is from a book:

      Time how long it takes to write "Multitasking is a lie" on a marker board where between each pair of letters, you write one letter in the alphabet in order from A to Z on a line below where you are writing "Multitasking is a lie".

      Time how long it takes to write Multitasking is a line" on one line and then write A to Z on the line below.

      Switching between two apparently simple tasks for #1 takes 5x to 10x longer.

      Same goes for jobs where your productive work tasks take longer than 30 minutes to complete.

  11. REGULATED? by Anonymous Coward · · Score: 0

    Regulated by whom?

    This is yet another reason never to give personal information to any corporation. Eventually they trade it or sell it off to people not so honorable.

  12. This doesn't make sense to me because by golgotha007 · · Score: 1

    If it's not your keys, then it's not your content. In other words, unless you created the keys yourself using your own gear and method, then you cannot guarantee that Slack cannot decrypt your communications without your knowledge. Having Slack generate your keys is ridiculous and is akin to security theater.

    What you're getting with this "announcement" is security for data in transit and in storage, but there's no guarantee of confidentiality.