Sign in / up

back to article Slack flaunts enterprise handcuffs

Slack, the four-year-old team chat service that owes its popularity to email's shortcomings and some smart design decisions, has rolled out a version of the service for large organizations. Slack Enterprise Grid offers the familiar team-focused chat features but with centralized controls and the ability to integrate with many …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Dancing With Mephisto
    Flame

    Yay for more fragementation and bloatware in the Enterprise

    Oh, fantastic. Yet another piece of crap process slowing down my already slow corporate laptop. It can barely function as it is with all the McCrappie/Windows Bloatware they've managed to cram on it.

    I work for a large retailer in the UK, and Slack has really taken off (for some reason) with some of the development teams/individuals. In my eyes, it just serves as yet another distraction and place to communicate potentially sensitive company information "off the grid". How use of it got past the higher-ups in the various security departments at this place is beyond my comprehension.

    Is anyone else just plain sick of the fragmentation of communication platforms these days, not only for home use but now creeping into the enterprise? Should we really just be jumping on the next shiny POC purely because it's fashionable despite having full O365 subscriptions available? Skype for Business and Outlook isn’t perfect, don’t get me wrong – but it’s at least tried, tested and true.

    Rant over :P

    4 4 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Yay for more fragementation and bloatware in the Enterprise

      "Yet another piece of crap process..."

      It's web based.

      "How use of it got past the higher-ups in the various security departments at this place.."

      Because it's web based, and it's pretty damned secure. Better than your emails, I'll tell you that for nothing.

      2 5 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Yay for more fragementation and bloatware in the Enterprise

        Because it's web based, and it's pretty damned secure. Better than your emails, I'll tell you that for nothing.

        Email is easy to secure if you know what you're doing (which, admittedly, few really do, but from a tech perspective it's not that hard). What you can NOT do, however, as an enterprise that has to be EU law compliant is hook your entire platform up to a US service provider cloud, irrespective of their wonderful marketing - Privacy Shield is but an excuse, and is about to be revisited. Given the recent development in Trumpland I suspect you'll be on the wrong side of compliance at that point and if you're a company that deals with confidential matters or inventions you can't use it anyway without getting serious flack from the IP lawyers.

        Notice that all the customers they list are US outfits where this can work as long as they don't hook up EU subsidiaries to the same platform.

        So, nice idea and wonderful puff piece but no thanks. Unless, of course, there's a version you can install on your own servers.

        3 0 Reply
      2. Dancing With Mephisto
        Reply Icon
        FAIL

        Re: Yay for more fragementation and bloatware in the Enterprise

        "It's web based."

        And because it's "web based" (which also apparently makes it "secure", according to your comment) that doesn't make it a process that you have to have open constantly in your browser?

        1 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Yay for more fragementation and bloatware in the Enterprise

          "Email is easy to secure if you know what you're doing..."

          No it isn't. It's relatively straightforward to encrypt, but to *secure* it is really really hard. Slack, and other products like it, are a walled garden with 2fa, audit and encryption built in from the ground up. When you switch to that model answering questions like "How do I stop users sending attachments out of the organisation?" or "How do I search the contents of attachments sent within my organisation?" become really easy. That's what today's announcement is about.

          "What you can NOT do, however, as an enterprise that has to be EU law compliant is hook your entire platform up to a US service provider cloud"

          They've opened an Irish HQ and will be opening a German data centre later this year. This problem (which almost everyone ignores anyway) will go away for the EU27 later this year. The UK will be shit out of luck, particularly given no one has any idea what post-brexit data protection legislation looks like.

          "And because it's "web based" ... that doesn't make it a process that you have to have open constantly in your browser?"

          Well, yes, but if you're worrying about the overhead of running a little chunk of javascript versus breaking out Microsoft Office Communicator For Skypified Businesses 2016 365 On The Azure Cloud then your priorities are a little different from their target market.

          "which also apparently makes it "secure", according to your comment"

          No, what makes it secure is its walled-garden, encrypted-everything model built to modern standards, versus the decades of cruft and non-compatible standards we've got for email.

          1 2 Reply
          1. Dancing With Mephisto
            Reply Icon

            Re: Yay for more fragementation and bloatware in the Enterprise

            "Well, yes, but if you're worrying about the overhead of running a little chunk of javascript versus breaking out Microsoft Office Communicator For Skypified Businesses 2016 365 On The Azure Cloud then your priorities are a little different from their target market."

            The point of the original comment was fragmentation; we have to use the O365 tools for the *rest* of the business and to talk to other people who are *not developers*. I don't work in a tech company, I work in retail; if you were to ask a Store Manager what Slack was, they'd look at you funny.

            Therefore, instead of just having one communication platform, I've suddenly got two. And two processes running instead of just one. And you say "little chunk of JavaScript" - it's basically doing the same thing as SfB, just in your browser instead. It's nothing revolutionary. It's unnecessary and a duplication of concerns.

            1 1 Reply
            1. Triggerfish
              Reply Icon

              Re: Yay for more fragementation and bloatware in the Enterprise

              He has a point there's so many comms channels going on depending on who looked at something and thought thats cool we will use that, its a bit like the proliferation of dropbox, google drive, onedrive etc. They are all handy, but can we just stick to one of them in a business please? Or even just a couple.

              1 0 Reply
          2. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: Yay for more fragementation and bloatware in the Enterprise

            "Email is easy to secure if you know what you're doing..."

            No it isn't. It's relatively straightforward to encrypt, but to *secure* it is really really hard.

            I wasn't talking about theory. I was talking from a perspective of having actually done it many times, and one of the platforms has close to 120k users now.

            That said, my first email address was on FidoNet and I was setting up email facilities well before the Internet arrived so I may know a little bit more about the fundamentals than most people.

            BTW, I would not use Exchange for anything that has to be really secure because it's hard to audit unless you have government level source code access (which is worth exactly zilch because it will been patched beyond recognition by the time the code review of the version you have has finished).

            0 0 Reply
          3. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: Yay for more fragementation and bloatware in the Enterprise

            No, what makes it secure is its walled-garden, encrypted-everything model built to modern standards, versus the decades of cruft and non-compatible standards we've got for email.

            .. which means you cannot use standard resources but must have apps for everything, whereas email is indeed based on standards that work with everything. And who is going to review those apps? What firewall proxies can correctly analyse Slack traffic and ensure nothing nasty slips in (or out - confidentiality is quite important for a lot of companies)?

            How does it interoperate with other platforms? Oh wait, it doesn't.

            I'm sure that Slack has good uses, but your arguments still need some work :)

            0 0 Reply
      3. Jim Mitchell
        Reply Icon

        Re: Yay for more fragementation and bloatware in the Enterprise

        @ oxrwhowk

        There is also a stand alone Slack application for Windows, Mac, Linux, etc. I'm told it is really Chrome under the covers, and some actions will result in a web browser opening. So it is not perfect.

        Regarding Slack itself, my opinion is that is the best IRC client I have ever seen. It is not a email replacement, for most uses of email.

        1 0 Reply
      4. Ilsa Loving
        Reply Icon

        Re: Yay for more fragementation and bloatware in the Enterprise

        You're obviously not a sysadmin, otherwise you would realize how wrong your assumptions are.

        We use Slack at our company, primarily because it's just SO easy to get up and running with. Offsite, onsite, at home, using PC, Mac, Android, iOS... doesn't matter. Slack lets you get connected in minutes. That's the beauty of it.

        That being said, we have a firm policy to not discuss *any* confidential information on Slack. It's an external service outside our control, therefore it cannot be fully trusted. Period. End of discussion. Doesn't matter how many certifications they get when someone can just as easily tap into their upstream trunks and siphon data without them even knowing (eg: like the NSA did with google).

        0 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Yay for more fragementation and bloatware in the Enterprise

          We use Slack at our company, primarily because it's just SO easy to get up and running with. Offsite, onsite, at home, using PC, Mac, Android, iOS... doesn't matter. Slack lets you get connected in minutes. That's the beauty of it.

          That would worry the crap out of our people, not because they like complication to stay in a job but because the information we handle means ANY means of communication must be scrutinised, authorised and monitored.

          I suspect this is where the gap lies between the for and against: some people just want to communicate, which is fine with Slack. If you want to bolt things down and keep them actually secure and auditable, I fear Slack wouldn't not yet get a look in. Email is an understood process which can beset up and secured by relative simple means if you know what you're doing (even across insecure lines of communication), whereas Slack is new and as yet not supported by enough tools to assure confidentiality and containment.

          Its US origin doesn't exactly help either with the whole trust thing either, but that could maybe be fixed with an independent review by non-Americans :).

          0 0 Reply
  2. lxndr82

    Secure by design

    Slack encryption is not enterprise grade. Let alone designed with 'encryption from the ground up'.

    Data is only encrypted in transit (aka TLS) and at rest (aka AWS encrypted EBS) (reason according to Slack: "otherwise you cannot search") and their technical staff has access to client data, but only if needed. 'Secure Development Lifecycle' quotes OWASP as basis for risk analysis... But those SOC logo's look cool.

    https://slack.com/security-practices

    https://a.slack-edge.com/4c1ae/img/security_ent/Security_White_Paper.pdf

    Given developers copy pasting secrets in their searchable chat for convenience I would say anything not running 'on-premise' will not pass off as enterprise-grade...

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Secure by design

      Slack encryption is not enterprise grade. Let alone designed with 'encryption from the ground up'.

      Not to worry, I suspect it was a marketing troll who was spouting these alternative facts :)

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like