The fast-moving collaboration space saw another significant development with the announcement of Slack Enterprise Grid, which allows companies to integrate disparate Slack accounts and centrally manage collaboration across the enterprise. Today, McAfee (formerly Skyhigh Networks) is announcing ‘McAfee MVISION Cloud for Slack’, an integration that provides companies with an additional layer of security, enabling them to gain visibility into user activity, enforce data loss prevention policies (DLP), protect against threats from insiders and compromised accounts, and secure corporate data as employees and teams across the company collaborate using Slack.
Enterprise Slack adoption has exploded
Since its launch, Slack has scripted a remarkable success story, going from 20,000 daily active users in February 2014 to 4 million users in October 2016. Slack’s user base covers over 28 of the Fortune 100 companies and continues to see strong growth in the enterprise space. McAfee’s analysis of cloud usage in over 600 enterprises shows that the number of Slack users at the average organization increased 349% from Q4 2015 to Q4 2016. Also, the number of companies having a critical mass of over 100 Slack users grew from 9% to 32% in the same time period. This represents a significant opportunity for Slack as it brings Slack Enterprise Grid to market.
McAfee provides additional layer of security to enterprise Slack usage
Slack has built robust security infrastructure and controls to protect enterprise usage and data. In fact, Slack is certified by the McAfee CloudTrust™ Program as ‘Enterprise-Ready’, a rating awarded to cloud services that fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.
McAfee MVISION Cloud for Slack complements Slack’s security by integrating with Slack via its API to enforce a comprehensive set of security and compliance controls that cover multiple user access modes including the browser and native app. McAfee MVISION Cloud for Slack has been adopted by Fortune 500 companies, enabling them to further protect their Slack deployments by addressing key enterprise security use cases:
1. Gain visibility into all employee activity on Slack
Using McAfee, IT teams get a detailed log of all activities performed by employees on Slack. This is an important security requirement as it enables IT Security to perform forensic investigations when an incident occurs. McAfee pulls raw activity data via the Slack API and enriches this information by mapping it with detailed activity types and providing IT with easily consumable information.
2. Enforce policies on data uploaded to Slack
18.1% of all documents uploaded to cloud-based file sharing and collaboration services contain sensitive data such as personally identifiable information (PII), personal health information (PHI) and confidential IP. To help companies to maintain compliance with industry regulations such as HIPAA, SOX, and PCI, McAfee enables customers to enforce granular DLP policies to detect sensitive data being uploaded to Slack via files or messages and remediate violations by alerting, blocking, or quarantining.
A real-world example includes a large healthcare organization that has deployed DLP policies to secure its Slack deployment and maintain HIPAA compliance. Using existing policy templates and defining custom policies, the company is able to inspect all documents and messages uploaded to Slack for a dictionary list of HIPAA terms and block or quarantine data that violate the policies.
3. Detect and remediate cloud threats
Using McAfee MVISION for Cloud, IT teams can proactively detect and remediate threats associated with insiders, privileged users, and compromised accounts. An average organization faces 23.2 such cloud-related threat incidents each month, and by using multiple threshold-based and algorithmic methods, McAfee helps detect these threats early so companies can limit their impact.
4. Extend existing security controls to Slack
McAfee provides out-of-the-box integration with security infrastructure components such as on-premises Data Loss Prevention (DLP) systems, SIEMs, and firewalls, allowing companies to seamlessly extend their controls to cover Slack usage. Many enterprises have made significant investments in protecting their on-premises data assets and can leverage McAfee’s integration to extend existing controls to the cloud.
5. Collaborate effectively by standardizing on Slack
The average organization uses 210 distinct collaboration services and the average employee uses nine collaboration services, most of which are not sanctioned by IT. By providing visibility into all the cloud services used by employees along with their risk ratings, McAfee allows IT to restrict access to high-risk services. McAfee also helps coach employees towards Slack by providing just-in-time pop-up messages that appear when they login to unsanctioned collaboration services. This helps companies reduce the risk associated with data exfiltration from shadow cloud services and enables more effective collaboration by consolidating employees onto a single collaboration platform.
Real-world Case Study: Fortune 500 Financial Services Company
A large financial services company uses McAfee to protect against shadow cloud services and sanctioned services such as Salesforce and ServiceNow. The visibility provided by McAfee for Shadow IT has helped them identify Slack as one of the top collaboration tools used in the company along with Skype, Google Hangouts, and HipChat. Given Slack’s popularity among the employees and its enterprise-grade security rating within McAfee’s Cloud Registry, the company decided to sanction its use for all employees. But they also wanted to restrict the upload of sensitive company data to minimize the risk of unauthorized access and exfiltration. So, they used McAfee MVISION Cloud for Slack as an added security layer to address key security requirements.
- Policy enforcement using existing solutions – The company wanted to enforce DLP policies to prevent the upload of sensitive content to Slack. But they had already defined the policies within their existing Symantec (Vontu) DLP solution, which they used for on-premises policy enforcement, and did not want to rewrite policies for cloud services. McAfee integrated with Symantec DLP via ICAP to extend existing policies to cover Slack usage. This reduced additional efforts in rewriting policies and allowed IT to build and maintain policies on a single platform.
- Monitoring user activity within Slack – The Security team used McAfee’s activity monitoring to gain visibility into user activity within Slack for audit and forensic investigations. McAfee provided visibility into a broad list of Slack activities and enabled for categorization and filtering in order to quickly extract the necessary information and insights.
- Broad coverage with multiple security solutions – The company has deployed a SIEM to visualize policy violations and security threats across the company. McAfee’s pre-configured integration with their SIEM allowed IT to push Slack activity data to the SIEM and get a holistic view of the threat landscape for the company.
Collaboration is a critical enterprise function, and one that is relevant to every employee and team within the company. Slack’s enterprise solution provides a wonderful solution for companies to boost collaboration between their employees and increase agility within their teams. The integration between McAfee and Slack enables companies to overcome security obstacles and unleash their collaboration potential while ensuring the security of their corporate assets.
About the Author
Categories: Cloud Security