
You’re Not Welcome Here: Microsoft Bans Slack Over Security Concerns
On the heels of Slack’s IPO, Microsoft announced that they are not allowing employees to use Slack while conducting work for the company. Slack is undoubtedly Microsoft’s biggest competitor, but the company claims the ban was due to growing security concerns.
As more employees are bringing their own collaboration tools to the office, IT experts aren’t always able to ensure the tech is set up securely. For a company as large and prominent as Microsoft, the concern is that sensitive information and intellectual property could potentially be leaked.
In a piece from Inc. on the Slack ban, columnist Jason Aten wrote, “The more technology helps businesses be more productive, the greater the risk that that same technology could lead to damaging consequences when it fails.”
Slack and other team collaboration platforms employ standard encryption, but at an enterprise level, that sometimes isn’t enough to combat the continuing trend toward BYOD (bring your own device) or BYOA (bring your own application). Implementing a formalized, universal policy with a specialty add-on software that helps alert IT to any improper or insecure usage can be a key step in the right direction, points out David Roe for CMSWire.
Another security concern not mentioned in any of these articles is around guest access. Many of the new team collaboration platforms such as Microsoft Teams or Slack include guest access, allowing anyone to invite an outside user (outside of a team or an organization) to join the platform and collaborate via chat, join channels, share files, and other functions.
After enabling guest access to external users, IT cannot control or dictate what security measures (such as password complexity, expiration, multi-factor authentication, etc.) external users will use to access their infrastructure. As a result, guest access can be risky.
Guest accounts can also cause end-user support issues when they do not work, increase the total cost of ownership, and create management challenges. We’ll be covering these issues more in-depth in an upcoming blog post about guest accounts: