Strengthening platform security becomes crucial during rapid growth and increased risk for Slack.
In a blog post published on Tuesday, Slack announced three updates aimed at bolstering the security of its platform. These updates come in response to customer feedback and requests from companies like Okta, and are designed to address recent vulnerabilities and meet the evolving needs of businesses in the new hybrid work environment.
Multi-Identity Providers and No-Code Audit Log Capability
Earlier this year, Slack introduced multi-security assertion markup language (SAML) identity, allowing users to sign into Slack from up to 12 different identity providers. In addition, a no-code audit log capability for users will be launched in September. This tool is intended to help companies without the ability to conduct continuous auditing or pay for security information and event management tools. Previously, the no-code audit log capability was only available via API.
Addressing a Long-Standing Vulnerability
A vulnerability called "invite link" had been allowing hashed passwords to be shared with other members. As a result, Slack recently reset the passwords of 0.5% of its customers. This issue has been a concern for some time, with the vulnerability estimated to have been present for about five years.
Session Anomaly Events for Improved Security
Another security upgrade, called session anomaly events, allows Slack to flag irregular events to corporate audit logs. Examples of such events include session-switching networks or cloning fingerprints from a token. This tool will enable administrators to quickly review unusual events and take necessary action to maintain the security of their organisation's Slack account.
Collaboration with Okta
Okta was part of Slack's audit UI pilot and has had ongoing conversations with Slack about anomaly events. Eric Karlinsky, Okta's group product manager on its Zero Trust team, stated that defending against modern attacks requires active participation from all technology vendors and adopting a shared-fate mindset with customers.
The Future of Work and Security Concerns
The rapid transition to remote work during the pandemic led to a surge in Slack adoption. In the new environment, where major companies are shifting to permanently hybrid environments, some workers split time between the workplace, a home office, and working remotely on extended business trips. This shift has led to major concerns about how companies can secure an expanded perimeter while maintaining the privacy of customers who do almost all their work messaging via Slack.
As of the current search results, there is no available information regarding the release date for Slack's new no-code audit log capacity for users. However, Slack is continuing to roll out additional tools to enhance the security of its platform and meet the needs of its customers in the evolving work landscape.
Read also:
- Understanding Hemorrhagic Gastroenteritis: Key Facts
- Trump's Policies: Tariffs, AI, Surveillance, and Possible Martial Law
- Expanded Community Health Involvement by CK Birla Hospitals, Jaipur, Maintained Through Consistent Outreach Programs Across Rajasthan
- Abdominal Fat Accumulation: Causes and Strategies for Reduction
