Slack Security: How to Detect PII & Prevent Data Exfiltration in Slack
In October 2019, Slack crossed the 12 million daily user mark, which is a testament to the app’s ease of use and effectiveness as a collaboration-enabling tool. Given the SaaS platform’s rapid growth in the past decade, it’s no exaggeration to say that Slack has become a fundamental part of corporate and enterprise environments. As such, securing Slack is as important as securing any other business-critical system.
Since Slack is a messaging platform, one of the most important steps necessary for securing Slack is to enforce policies about what cannot be shared in Slack channels and workspaces. This is because like other systems that store files and other sensitive data, unmonitored channels and workspaces pose an exfiltration risk. Someone, be they an insider or an outsider, can target Slack users, channels or workspaces to share, find, and use business-critical information. While there are different types of business-critical data, personally identifiable information (PII), as well as personal information (PI) more broadly, represents one of the most critical risks given the compliance and regulatory standards surrounding this type of data.
Addressing PII within Slack
Personally identifiable information refers to details that could be used to identify a particular individual. Your organization’s unique operating and regulatory obligations will broadly determine the types of personal information and PII that you’ll need to secure, but these generally include:
- Addresses and other geographic identifiers
- Credit card numbers and other financial account information
- Email addresses
- Full names
- Personal characteristics (i.e. age and ethnic group)
- Phone numbers
- Photo IDs
- Social security numbers
As companies adopt SaaS offerings like Slack, they find that it’s difficult to enforce their security, privacy, and data policies across these environments, leading to situations where employees and other collaborators inappropriately share or access PII. Failure to mitigate this problem could lead to audit failures and, potentially, compliance violations and security breaches.
While securing Slack and other SaaS applications can be challenging, maintaining visibility within the settings where PII mishandling can occur is a crucial part of the solution. Good Slack workspace management, especially within organizations with large collaborators can be helpful. This includes leveraging knowledgeable and engaged stakeholders to serve as admins within Slack to aid in policy enforcement. Realistically, though, these efforts are difficult to scale without the help of tools that can assist in the detection of abuse and PII spread across both public and private channels. Data loss prevention (DLP) solutions are among the most effective tools in this regard, which is why Slack partners with third-parties, like Nightfall, who specialize in providing this service.
How does Nightfall Work?
As a DLP platform, Nightfall is able to monitor Slack and cloud services and infrastructure for PII and other types of sensitive information. Nightfall is unique, though, in that it uses machine learning detectors built from the ground up, with each detector being individually trained to identify a specific type of PII as well as the contexts in which these PII are typically found.
In addition to detecting PII within Slack and other SaaS applications, Nightfall allows administrators to redact and delete content containing PII. In slack, administrators are notified of these occurrences and can choose to send a tailored message to the individual(s) who shared the offending content. This process can be completely automated via workflows.
Nightfall is capable of detecting both structured and unstructured types of data. PII in text, as well as PDFs, spreadsheets, images, and 100+ other file types can be discovered by our detectors.
Nightfall also provides analytical insights via the dashboard. This will help administrators get a sense of trends among users and Slack channels in order to help inform their policy enforcement.
SaaS security requires a different perspective
In addition to DLP remediation policies and workflows, Nightfall is designed to be a cloud native security application. This means it’s meant to interface directly with your cloud applications by reading data directly from APIs which provides far better, agentless data visibility into cloud environments than traditional endpoint or network level DLP. Altogether this makes Nightfall a comprehensive platform for gaining data visibility in the cloud and ensuring your data policies are maintained in SaaS systems like slack.
To learn more about our Slack DLP platform, take a quick look at our Slack Guide to DLP or schedule a demo with us below to see Nightfall in action.