How To Balance Agility And Security, According To Slack

Our workplaces are becoming more complex. Ilan Frank, the Head of Enterprise Product at Slack says decision making is becoming more distributed – we have more apps and greater access to data. This is being further complicated by the increasing pace of change and the “Amazon effect” – a greater focus on service. So, how do you balance this need for greater agility while maintaining security?

The top-down management approach of the past where organisations operated like machines with one master at the control levers is being replaced with a more organic system where all the components work together, like the organs in a living organism. This was something the British psychoanalyst Wilfred Bion discussed in his books on organisational psychology.

With the proliferation of tools, Frank said, during a presentation at Oktane19 recently, we want to do two things.

“We don’t want to be the old IT that’s known as a cost centre that says ‘no’. We want to be known as enablers. At the same time, obviously we have to still be worried about security”.

That means today’s CIOs need change their focus from purely delivering technical services to delivering business outcomes.

Franks’ colleague, Pooja Mehta, who looks after product security at Slack says there are four building blocks the messaging platform uses to balance the security and compliance needs of businesses with delivering business outcomes. Those blocks are:

  • Compliance certificates
  • Identification and authentication
  • Access control
  • Audit and accountability

Those cover everything from enterprise key management as enterprise Slack users control their own keys through to full audit logs and many other tools to support maintaining a secure collaboration environment.

In the past, many of these things were centrally managed as businesses didn’t trust third parties to run their messaging platforms. But in the cloud age, we need ways to ensure that users are given the right access at the right time and that data is not leaked, either accidentally or intentionally. This was one of the challenges Workday faced with the teams woking on its platform.

Eric Hansen, a senior analyst in Workday’s enterprise architecture team, said getting the security and compliance side of things can actually make the user experience better. It’s an area of strategic importance he said.

“Slack became a shadow IT thing at Workday,” said Hansen. “Some people started using it and I was one of the early people to use it”.

That eventually led to broader use and the evolution of a Workday app that works within Slack.

The building blocks mentioned by Mehta allowed Workday to create hundreds of workspaces within their Slack implementation. The company uses Slack Enterprise Grid which allows an unlimited number of workspaces and the ability to connect workspaces to each other.

By baking the security into the fabric of the service, Slack provides the flexibility and agility that’s needed while delivering the security and audit services that are required.

The key lesson is that you can create an agile and flexible workplace for your teams without sacrificing security. It used to be said that security was the enemy of flexibility. But that no longer has to be the case.

When you design systems or processes, include security as a requirement from the start and look for how it can enhance the business outcomes rather than limit the service experience.

Anthony Caruana attended Oktane19 in San Francisco as a guest of Okta


Leave a Reply