Several People Are Typing

Information Technology

Security Update: Everything’s Good, And Getting Better

Our first Chief Security Officer, Geoff Belknap, joins Slack, plus additional updates to our security program

emoji
Giving you the confidence to know your data is safe with us has always been top priority at Slack, and quietly, confidently, we’ve been building a world-class security team here at Slack HQ, with a diverse set of experts from across the industry. Happy days, that team is getting better all the time — as reported in Fortune, re/code, TechCrunch and the Wall Street Journal, the team has just expanded with the hire of our first Chief Security Officer, Geoff Belknap.

Geoff will be building upon our existing security controls and practices and addressing security policy, regulatory, and compliance issues, so that everyone at every level of your team can continue to be confident about what Slack is doing to keep your data safe. Previously, Geoff was the Chief Information Security Officer at Palantir. In his downtime, apparently, Geoff enjoys being an advisor to a number of start-ups, non-profits, and think tanks on cybersecurity and policy issues. In retrospect, we’re not sure that we phrased our question about “downtime” to Geoff very well.

And we couldn’t be in a better place for Geoff to join. 2015 was a busy and transformational year for security at Slack. Here are a few of the highlights:

We revised and expanded our security documentation, with a new Security Practices page that goes into more detail about how we do security at Slack. We’ll keep these pages updated as we continue to develop future compliance and security programs.

Through our bug bounty program, we routinely collaborate with an international community of security researchers to keep Slack secure. We’ve rewarded researchers with over $117,000 in bounties for their efforts, and have recently updated our program to broaden the scope and increase reward amounts.

Finally, we’re happy to share that Slack has undergone a rigorous, grueling, but ultimately satisfying Service Organization Controls audit (Type II). This audit, known as the SOC2 report, highlights our ability to provide a mature and reliable service, going beyond security and covering a number of system controls recommended by the American Institute of Certified Public Accountants (AICPA) Guide. It reports on the work we do as a service organization relating to availability, process integrity, confidentiality, and privacy — all important parts of keeping your data safe. If you’re in a team with an account manager, and would like to obtain a copy of our SOC2 audit report, please contact your account manager. If you’re not, but would still like one, contact the address below.

 

For any other security concerns or questions, or anything else at all, as ever, please write to us at feedback@slack.com. If you’re interested in helping make Slack safer and joining Geoff and the crew of ne’er do wrongs, our security team is also hiring!

Slack is the collaboration hub, where the right people are always in the loop and key information is always at their fingertips. Teamwork in Slack happens in channels — searchable conversations that keep work organized and teams better connected.