Slack Enterprise Key Management
Slack Enterprise Key Management (EKM) is a supplementary security feature designed for the Enterprise Grid and GovSlack subscription. It enables users to exercise control over and get insight into the manner in which their organization’s data is accessible inside the Slack platform.
What to expect
- Utilize proprietary encryption keys, which are securely maintained within Amazon’s Key Management Service, for the purpose of encrypting both communications and data.
- In order to mitigate potential disruptions for individuals inside your organization, it is possible to revoke fine-grained access to encryption keys.
- Members of the organization have the ability to utilize Slack in its usual manner, notwithstanding the presence of limited access to some data.
- The implementation of data residency for Slack allows newly onboarded Enterprise Key Management (EKM) clients the option to generate and retain encryption keys inside a designated data area.
How Slack EKM works
Data encrypted with customer-controlled keys
The client’s AWS account will keep encryption keys for the purpose of encrypting various types of customer data at rest.
- The communication medium, artistic surfaces, and brief excerpts
The files, such as photographs, documents, and video clips, that are posted to the Slack Service are indexed for the purpose of searching through client data. - The messages and files produced by applications or automated programs, with the exception of Slackbot.
- Custom sections in a sidebar
- All data obtained via the utilization of an application placed on Slack’s managed infrastructure, including the application’s datastores, developer secrets, and logs.
Data encrypted with Slack-controlled keys
Slack has the capability to encrypt several types of data at rest using keys that are both produced and retained by the platform.
- The profiles of members on the Slack platform encompass several features, one of which is the ability to set custom statuses.
- The elements that comprise a channel in the context of online platforms include channel names, themes, descriptions, and bookmarks. These components collectively contribute to the overall structure and organization of a channel, allowing users to easily navigate and access specific content. Channel names serve as unique identifiers, distinguishing one channel from
The nomenclature of files - Information on workspace and channel membership
- The content of the messages generated by Slackbot.
- The data employed for the purpose of quantifying seat count, utilization, and revenue.
- The data utilized for analytical purposes and to assess the quality of service, such as sanitized logs, is employed in this context.
- The identification numbers generated by the Slack platform on behalf of the user.
Please be aware that upon enrolling in EKM, all pre-existing data will undergo encryption using keys that are controlled by the client.
Slack Connect
When external organizations collaborate using Slack Connect, the shared contents are protected by Enterprise Key Management (EKM) in the following manners:
- If relevant, the messages of each organization will be encrypted using their own EKM keys.
- The search index pertaining to Slack Connect channels will undergo duplication and encryption using the EKM keys specific to each client.
- In the event that an organization is excluded from a Slack Connect channel, it will preserve an archived version provided it possesses the necessary permissions to engage in posting, inviting, and other related activities.