What IT Leaders Need to Know About Risk Management in Slack
Slack provides massive value to the modern company, but its siloed datasets also present new risks
Collaboration platforms like Slack have revolutionized the modern enterprise. They break down siloes between teams, cut through outdated policies and procedures, and help people work faster and more effectively. Slack says it reduces email use by 60% and meetings by 36%, while delivering 49% more productivity. Few workplace tools can compete with that!
The numbers speak for themselves:
- 77% of the Fortune 500 use Slack
- 12 million+ daily users
- 1B+ Slack messages sent each week
- 2400+ app integrations
As an IT leader, Slack’s popularity with end users and business executives alike is great news. You get to roll out a new tool that delivers high adoption and tangible value. But have you considered the risks that collaboration tools like Slack introduce to the organization?
Slack datasets are a tangled mess
Slack data is stored in a tangled mess of siloed public and private channels and direct messages. File attachments, code, gifs and emoji reactions complicate the dataset. And Slack Connect and guest users invite outsiders into your organization’s collaboration network. The same features that make Slack so user-friendly also make it near impossible to surface all relevant messages and context with Slack’s native search functionality alone. That makes eDiscovery in Slack a unique challenge that today’s IT leaders are struggling to address.
If you’ve been burying your head about the blind spots Slack creates in your collaboration ecosystem, you’re not alone. But ignorance of risk is no longer an acceptable excuse for courts, regulators or investors. Even threat actors understand the value of the information that Slack contains.
- Regulatory fines for failing to control collaboration have exceeded $1.8B since December 2021
- The Twitter lawsuit against Elon Musk saw Musk demanding Slack discovery from 42 different custodians
- Prior court rulings determined that the high cost of collaboration eDiscovery does not constitute an “undue burden”
- A spate of recent cybersecurity threats have led to the FTC announcing it is considering strengthening consent decree regulations
- The hacker who breached Uber in September 2022 targeted and exfiltrated company Slack messages
Slack retains all data by default. That means unless you’ve actively established retention policies or the content is manually deleted, everything your employees have ever typed into Slack is still there. Aware research from analyzing over a million collaboration messages shows that 1:166 contains sensitive information. Over 18 months, one organization used Aware to surface 32,000 PCI shares on Slack.
Even if you’re certain there are no risky messages within your Slack environment, could you prove it? How long would it take you to search Slack to demonstrate a negative result? Can you access all the messages your Slack data contains?
Imagine these scenarios…
- During litigation, your company is required to produce a complete record of relevant communications from two members of your team
- A HR complaint alleges several employees have created a private Slack channel where they discuss their coworkers in harassing and discriminatory ways
- A data subject access request reveals customer PII within your Slack messages. Now your legal team want assurances it was a one-off incident
- An employee uses Slack to share sensitive files with a colleague who is leaving for your company’s top competitor
How would you currently handle those eDiscovery requests? Where would you start looking for insider threats, unauthorized information sharing, harassment or noncompliance in Slack?
For many organizations, the current options are expensive and time consuming. Outsourcing Slack eDiscovery costs around $18,000 per GB, and can take months to complete. However, assigning the job internally can be equally slow and less effective.
Did you know that without Slack Enterprise Grid the only way to immediately search a user’s Slack messages is to log into their account? Or that Slack will only provide businesses with copies of their employees’ messages after reviewing the request for legality and necessity?
Simply accessing all the siloes within your Slack dataset can be extraordinarily complex, making eDiscovery and risk management an expensive and laborious process.
Aware simplifies risk management in Slack
Aware is a collaboration intelligence platform that identifies and reduces risk, strengthens security and compliance, and uncovers real-time business insights from digital conversations at scale. Using Aware, IT leaders can instantly unlock comprehensive search and discovery across all Slack channels and message types, quickly surfacing relevant data — including revisions and deletions.
- Search by message author/custodian, keyword or regex
- Refine results by date/time, message type, attachments and more
- Get complete, holistic oversight with contextualized results
Aware’s federated search capabilities reduce time-to-discovery from weeks or days to hours or minutes. Industry-leading natural language processing (NLP) and AI/ML infused workflows proactively monitor the entire Slack ecosystem and flag new risk hazards in real time.
Aware empowers organizations to perform eDiscovery, early case assessment and root cause analysis quickly and effectively in Slack, without outsourcing and without extensive training requirements.
Other risk management tools treat collaboration messages like email threads, often losing critical context in the process. Aware normalizes collaboration data while preserving context, then deploys artificial intelligence and machine learning enhancements that speed up compliance monitoring and federate search while increasing the relevancy of results.
Aware is your one-stop solution to faster, better and more cost-effective risk management in Slack.
Download the Risk Management in Slack whitepaper to learn more.