Collaboration Security

CTO Confessions: I used email to roll out Slack Connect

Posted by

When Slack announced Slack Connect in June 2020, I was excited.

Making it easier to share a high-quality online work experience that I use every day? I love that!

My challenge: how should I roll it out at my workplace?

Opening up our Slack workspace to the mercy of external domains was a big concern. On the other hand, we wanted to leverage Slack Connect to communicate with various stakeholders - customers, partners, prospects, and more.

As a result, my priority was to de-risk our Slack Connect deployment by using trust signals from our email communications graph.

How did I do it? By evaluating these five factors:

  1. People. How many of our stakeholders would actually use and benefit from Slack Connect? I counted the number of addresses in our email traffic and estimated how many would use Slack Connect. This number varied for different stakeholders/domains.
  2. Function. Which departmental functions were affected? Was it Customer Success or Marketing or Engineering? What about senior executives and VIPs? I evaluated the upside and risk for each group's use of the feature.
  3. Interactivity. How much back-and-forth traffic would move to Slack Connect? I looked at our email traffic - specifically, our thread count - to estimate interactivity.
  4. Sensitivity. Would sensitive data likely be shared on Slack Connect? How would it be shared? I analyzed our email and file sharing channels (OneDrive, SharePoint, and Box) to determine the volume of file sharing. For each stakeholder, I considered whether their file sharing would likely involve PII (Personally Identifiable Information).
  5. Hygiene. What's the hygiene of our email communications with our key stakeholders? I looked at the SPF/DKIM/DMARC failure percentages and followed up with the InfoSec admins at those domains. Did they have MFA enabled for Slack? Any recent ATO incidents? Slack doesn't replace email - it complements it, and work often travels between the two. Consistent and effective security hygiene is important.

In the end, Slack is all about productivity, and productivity is driven by incremental improvements.

I opened our workspace up to Slack Connect with a low-risk, incremental approach: by opening the doors to trusted domains one by one.

Email communications and security data made this possible.

The types of data that I considered for each domain. I do this type of analysis directly in Clearedin.

People do business with people and brands that they trust. Channels like email, Slack, and Box ease the process of collaborating online, and each one contains its own set of trusted relationships.

By leveraging the trusted relationship signals from one channel to inform another - in this case, using email to de-risk Slack Connect - you can roll out new channels with precision and confidence. 🚀 🖥 🔒

Related Posts

Get Clearedin

Stop targeted attacks on email, Slack, Zoom, and Box with Clearedin’s active defense technology.
Let us show you