On Monday, Slack launched Enterprise Key Management (EKM), an add-on feature to Enterprise Grid allowing customers to add their own encryption keys to the communication platform for increased data visibility and control.

Slack EKM meant to provide an additional layer of security for companies in regulated industries to share conversations, data, and files on Slack while meeting risk mitigation requirements and without disrupting their work, according to a blog post from Slack CSO Geoff Belknap. The company first announced the feature last year, but it is now generally available.

SEE: Electronic communication policy (Tech Pro Research)

The feature allows Slack users to bring their own encryption keys to offer more control and visibility over sensitive data, the post noted. The keys are then managed in Amazon Web Services (AWS) KMS. If a security incident does occur, administrators can use the tool to revoke access in a highly targeted way, instead of for the entire product. This will help teams continue working while risks are being investigated, Belknap wrote.

“You, the customer, are in full control over your own encryption keys and when or if you want to revoke them,” Belknap wrote. “And, apart from being able to control access very granularly, you can also see how your data is being used. Detailed activity logs in Amazon’s AWS KMS tell you exactly when and where your data is being accessed.”

The tool will be particularly useful for organizations in highly regulated industries such as financial services, health care, and government, according to the post. It marks another move for Slack in its pursuance of more business customers on the platform. As of January 2018, more than 150 enterprises including Target, Capital One, and IBM were using Slack Enterprise Grid.

Slack security tips

Organizations in any industry and of any size should follow these security basics on the platform, Belknap wrote:

1. Always know who you’re inviting to your Slack workspace

2. Make smart decisions about which apps you use and who has permission to add them

3. Always review your Audit Logs API so that you can look out for any inappropriate behaviors. For example, Slack will notify you if one of your API keys has been exposed. Slack will also tell you when your users log in from new IP addresses. Use that information to protect your users and make good decisions about security.

To learn more about how to get the most out of Slack, check out this TechRepublic cheat sheet.