Security critical in new work-from-home life
Security is a key challenge in getting used to the new normal of working across multiple locations and it's critical to working with third parties, according to the head of security at collaboration platform, Slack.
Collaboration services have proven their value in the disruption to office life triggered by the pandemic. Early adopters of platforms like Slack say they’ve been able to stay effective and even grow. Other firms, their offices unavailable, have been forced to get on to collaboration software to cope.
'Your email is the front door to the rest of the world, and there's no lock on that door.'
Larkin Ryder, Chief Security Officer (CSO) at Slack, who joined in 2016 from Twitter Inc., is a veteran in the business of trying to keep vital networks safe.
“Remote work, and the transformation to mastering this new work-from-home life, is the big rock that we're all trying to move right now,” she said in an interview.
If you’ve stayed with email you’re simply not as effective and may also be putting yourself and your business at greater risk, trying to run a secure operation from homes scattered across the country or across the globe. Then you’re faced with the challenge of trying to work with vendors, or engage meaningfully with clients - all who are in the same boat.
“Your email is the front door to the rest of the world, and there's no lock on that door," Ryder said. "Anybody can walk through it at any time and put a nefarious link in front of your unsuspecting employees. People are already under enough stress."
She says the dramatic increase in phishing email and other so-called ‘social engineering’ security threats – tricking employees through email or other means to give up security information – during Covid-19, is a wake-up call to organisations faced with a newly distributed workforce.
“Every CSO who I collaborate with, and the many Slack teams that I'm part of for security professionals, has seen a sincere and troubling uptick in the number of phishing messages related to Covid-19,” she said.
Google and other major technology providers have reported a dramatic increase in phishing attacks over email, Zoom and other tools during the COVID-19 crisis. With workers at home, often without the protection of corporate networks, the risks are clear, and it is equally clear that normal office life isn’t coming back any time soon.
“So with that in mind, you have to do everything possible to give your employees a chance to raise their awareness about phishing and the risks – but then, that's one more thing for them to worry about when they already have a whole army of things. Slack puts employees in a secure environment to have those business connections, without the worry,” Ryder said.
One of the challenges employees have faced in working from home, often unable to have physical meetings with colleagues, customers or third party vendors they work with, has been to establish trust in their communications.
“We can't show up when it's time to sign the next contract, for example, we have to do it over a digital mechanism. And so making sure that people don't feel like we're just throwing an invoice over the wall, but they feel like they're really connected to us at that very sensitive time, you can't put a price on that," Ryder said.
In terms of the Slack platform, the company has created Slack Connect to connect organisations to up to 20 external organisations. It creates a direct Slack relationship with them for collaboration or the exchange of vital information – all covered by the same security protocols, which prevail at either end. Partners, vendors, clients and customers can all connect with you as though they were in your network – because they effectively are.
Richard Clark, a co-founder and chief technology officer for Sharesies, explained how his staff compelled him to introduce Slack Connect so they could collaborate with vendors outside Sharesies.
“We've been in it every day,” Clark said in an earlier interview as part of this series on collaboration. “Overnight answers come back, and we re-engage with them....You get all the benefits of the history, the file-sharing, the trust, and that knowledge absorption.”
New Zealand accounting software firm Xero has also adopted Slack Connect to coordinate development projects with its vendors in a secure collaboration environment.
“Getting multiple app partners together isn’t easy,” said Grant Foster, Internal Applications Specialist at Xero. “Before Slack, we would have to send emails to multiple groups or try to get everyone into a room together.”
See below for a description of how Xero has adopted Slack Connect.
Ryder explained how she sees Slack Connect working to recreate some of what would have been physical connections between firms and their collaborators: “Slack Connect takes the entire Slack ethos and puts it into an environment where you can do the same level of collaboration you're doing internally. You can do it with up to 20 other organisations. So you're multiplying the speed at which you can move forward with your important external partners.”
'It's incredibly important to give people safety and comfort at a time like this.'
Ryder says security in Slack Connect is clear with each party knowing the other really is the person they say they are. Slack Connect accommodates criteria such as document and conversation retention – common in the finance and other regulated industries. It has tight security protocols compatible with potential counterparties. Each partner brings its own security standards to apply to its end of the channel with their Slack counterpart.
Ryder also describes Slack Connect as a way to establish the first level of trust in the Covid-19 era in which one might normally have met a partner face-to-face.
“Slack is making it incredibly easy for you to establish that trust because we're giving you things like verified organisations, so you can identify and collaborate with people who you already have established a trust boundary with. You can rely on that trust boundary to keep you safe from the world of hackers who would attempt to compromise your organisation. It's incredibly important to give people that safety and comfort at a time like this.”
A case study from Xero: Q&A with Grant Foster, Internal Applications Specialist
Q: Slack has opened up ways to draw external partners into your own collaboration areas, what’s the gain for you?
A: We have an ecosystem of more than 800 apps that integrate with Xero — that’s hundreds of partners we could potentially partner with on marketing or deeper integration initiatives. Getting multiple app partners together isn’t easy, however. Before Slack, we would have to send emails to multiple groups or try to get everyone into a room together, which isn’t always easy.
Earlier this year, we were able to use Slack Connect to work really closely with two of our app partners — PaySauce and Figured — on a wider marketing strategy around Xero for farming, ahead of the Fieldays event. Instead of long email threads or spending time coordinating meeting times, our marketing teams were able to work with them as if they were an extension of our own marketing team.
We see a lot of opportunity to work with our external partners through Slack in future. It’s made our collaborative decision-making faster and means we’re all working in the same context. It’s also improved visibility for everyone.
Q: Did you have security or other fears in opening up Slack that way?
A: Security is paramount to us — we have a world-class internal security team for our own platform, and data safety is a high priority across all of our work, including our ecosystem.
Adopting Slack Connect is a decision we made carefully, but one that ultimately helped us get the best of both worlds around collaborating with external partners and ensuring our own security protocols are maintained. Because Slack Connect remains in our workspace, access is still controlled by our tech teams and we’re able to keep a watch on who has access to which channels, on both Xero’s side and those of our partners.
Rather than worrying about an email accidentally getting sent to the wrong person, or phishing attempts, adopting Slack Connect has actually meant it’s a lot easier to understand how collaboration is happening, and in which contexts.
This is the final article in a sponsored content series with Slack.
Help us create a sustainable future for independent local journalism
As New Zealand moves from crisis to recovery mode the need to support local industry has been brought into sharp relief.
As our journalists work to ask the hard questions about our recovery, we also look to you, our readers for support. Reader donations are critical to what we do. If you can help us, please click the button to ensure we can continue to provide quality independent journalism you can trust.