Slack offers tools to address these risks, giving administrators ways to limit and control access to the channels they manage.
For instance, administrators have long been able to create private channels which are only accessible to employees who are specifically invited. They also have the ability to revoke access when an employee leaves or is reassigned.
In March, Slack introduced a feature called “enterprise key management,” which adds a layer of security by letting administrators see exactly who’s sharing what in the app, and revoke access at a very granular level. Administrators can block specific users from accessing certain channels during certain times of day, for example.
Slack also supports data loss prevention tools from companies including Cisco, McAfee, Netskope, Palo Alto Networks and Symantec, designed mostly to protect information from leaking to outsiders, according to a company spokesperson.
It also works with third-party e-discovery tools, which allow customers to have searchable access to the data being quickly exchanged back and forth over Slack, since many organizations have legal and regulatory obligations to keep track of this information. Slack partners with e-discovery companies including Bloomberg Vault, Global Relay, Onna and Smarsh, the spokesperson said.
Even so, all of these tools only work if companies use them. In many organizations, cloud-based tools like Slack enter from the “bottom up,” meaning that normal employees start using them for work productivity without drawing IT into the loop. As a result, the people administering Slack channels may have no idea that these tools are available or know how to use them — they may not even be aware of the risks.
And even with all these tools, there’s little to stop an employee from leaking a sensitive conversation, according to the security company CEO mentioned earlier. That’s where his company does its own training.
“We continually try to explain the importance of knowing what is appropriate to talk about on the channel and what you should reserve for more secure methods or even just for your coffee break,” the executive said.
WATCH: An in-depth interview with Slack CEO Stewart Butterfield