Last week, Slack became a public company in one of the year’s most highly anticipated tech stock offerings. Then, this weekend, GeekWire reported that Microsoft won’t allow its employees to use Slack for work. That’s probably not all that surprising, since Slack is a direct competitor to Microsoft’s Teams product, but it turns out that’s not the real reason. In fact, the real reason could have real implications for your business.
According to a list of software, obtained by GeekWire, that Microsoft doesn’t want its employees to use, Slack doesn’t “provide required controls to properly protect Microsoft intellectual property (IP).”
It’s an interesting issue considering the number of internal conversations that have moved to platforms like Slack, as well as the decentralized nature of most Slack implementations. Individuals and teams can easily set up their own Slack workspaces without necessarily involving the IT experts who can make sure they’re fully secure. Slack provides a variety of security tools, but that doesn’t prevent the second issue.
All of those Slack channels and conversations that now happen in quasi-public spaces are great for collaboration, but can be a nightmare as far as intellectual property is concerned. All it takes is one employee to copy and paste sensitive information that used to be buried in secure databases but is now available in casual Slack conversations.
In fact, when Slack went public last week, the brokers on the trading floor likely didn’t use Slack. They were most likely using a competing product called Symphony that has been backed and is used by Wall Street because it includes the data protection and reporting features that investment banks and traders require.
By the way, Slack isn’t the only software product that Microsoft frowns upon. Another big one is Grammarly, the popular spelling and grammar check plugin that, full disclosure, I use every day. Microsoft’s reason is that Grammarly is basically able to record every keystroke you make, since it has to know what you’re typing in order to offer corrections or suggestions.
According to Grammarly’s privacy policy, the company “has a set of policies and technical controls that prevent employees from accessing customer data that is stored or processed by Grammarly systems. Where appropriate, Grammarly uses private keys and restricts network access to particular employees.”
The company also says it uses standard encryption, but again, neither of those assurances were enough for Microsoft, since it isn’t entirely clear that a rogue employee couldn’t potentially disclose sensitive information that could be damaging to the company.
In fact, the more technology helps businesses be more productive, the greater the risk that that same technology could lead to damaging consequences when it fails. Businesses are pouring more and more data into platforms like Slack because it makes work easier, without always thinking through the long-term effects of having that much sensitive information in a largely uncontrolled environment.
Most of you probably aren’t quite as worried about a massive IP theft as Microsoft understandably would be, since it’s undoubtedly a target from outside attackers as well as leaky insiders.
That doesn’t mean that it’s not worth considering whether you are building best practices for your business that will protect you from having personal or business information shared where you’d rather it not be. Microsoft certainly is.
Post time: Jun-26-2019