Oktane18: Secure Collaboration with Slack



Ilan Frank: I've had a journey in collaboration actually that extended to over the last 20 years. From portals to wikis, to social at SAP and now to Slack. I'm really, really happy to be at Slack, because enterprise collaboration is near and dear to my heart. I already mentioned exactly what we are going to do so Let's jump in. First we're going to start with, just talking a little bit about how work is changing.

It used to be that the organizational chart was the most important chart and now it's really a network chart. We're moving from an industrial age to an information age, and the reason the organizational chart was so important and the reason why top down command and control was created in the first place, is really because we lacked the communication tools 100 years ago to easily communicate throughout a large organization. As companies were scaling they really needed that type of command and control for information to go up quickly and then down, and that was the best way to really disseminate information. When you think about it, that is exactly why the organizational chart was created, was to help organizations scale. Now as we move to an information age, and as we have projects where development happens in the Ukraine and support happens in Mexico and marketing happens in Silicon Valley, that type of communication and that type of org chart and that type of structure for organizations is no longer applicable. What's more, the companies that aren't transforming to a digital information first and connected organization, an agile organization, are the ones that are just simply not going to survive. It used to be that you had to have the organizational chart, and now it's actually something that hurts companies.

And what we're seeing is that the companies that are not moving quickly, to tools that are moving away from that organizational, chart into tools that are collaborative, those companies are seeing that their employees are doing it on their own. There is a recent survey that shows that 75 percent of knowledge workers are using consumer messaging apps to conduct business. I was just with a managing partner at a large, won't name the company, a large consulting firm, and they were basically saying how their business is conducted through iMessage. That's how they conduct their business. We'll talk a little bit more about the security features that my team has built over the last two years, but I will be completely humble in saying that the most important security feature that Slack has built, had nothing to do with me over the last two years. It's actually the usability of Slack. It's the fact that Slack is a usable tool, that people want to use it, that's the thing that makes it the most secure. Because, if they're not using a tool that they like to use, they're going to go and ,use something else that is completely out of your realm of ownership and imperium. Right?

It's more than that, as your moving from a hierarchal from the industrialist age to the information age, it's really easy to bring in tools that appear to be transformative, like instant messaging, and then what happens, because there is no channel, there is no structure for information exchange throughout the corporation, you end up getting basically people running around and not being in line. What McKenzie found is that these types of tools, that bring together people, that bring together information, and lead to transparency, actually lead to productivity and to reduced employee turnover. Right? There's many reasons why we want these tools around. It's not going to surprise you. I will say that Slack is that collaboration hub. It's not only about the fact that people like to use it and that it has the security features, but it's also the fact that it is that place that connects all those applications.

What I hear over and over, from customers, as I travel and meet with them, is that Slack is growing rapidly inside the organization, because it's connected to everything else, that they have inside the organization. Every other application. In the demo, in a second, I'll show you some of those use cases, but it started out a couple years ago, in tech. We were very tech heavy and I'll show you a GERA integration, a Jenkins integration, get hub, and those are great, but we're starting to see, with partners like, Troops, with Sales Force, with Work Day, with Concur, that these integrations are actually going well beyond tech and into another department. Sales, marketing and support, are three of the departments that I talk to most. We're seeing that adoption, obviously. This is from Okta and this is the growth of identity connected or linked apps, over the last couple years. They released this about six, seven months ago and this is something, obviously, that we're seeing as a very rapid trend.

Again, the adoption is based on the fact that the tool is extremely usable. It's very well connected, to everything that these employees are doing. It really is the place where they work and I think, the things that goes along with is, that supports all that, are of course, the security features and I will talk about them, because some people, in this room, I assume, are interested in those. Before I do though, administration. Security is important and over the last couple years, we've spent a lot of time, and I'll show you a list of features, right now. Developing features that are important, from a security perspective, but when we look at security, we're not just looking at check box features. We want to make sure that those security features enable you to roll out a tool, throughout your entire organization. When we think about Slack as, enterprise ready, we're not thinking of just check boxes of features, that you need to make sure that Slack is secure. It's also, how do you administer a messaging tool, like Slack, a collaboration hub, that connects to every single one of your applications, in a way that is actually scalable. Right?

For example, think about the admin approved apps. I talk to CIO's constantly, who are rolling out Slack and rolling out applications, and with hundreds of application requests coming in and people wanting to install different applications, that connect Slack to other systems, the security of that, is very important, but a command and control structure, is not enough, and so, with admin approved apps, what we're allowing them to do, is restrict the apps that they are very worried about, but still allow employees to be productive and to go in and install the apps, that are white listed, or allowed. In the near future, we're working on scope restrictions. Whereas an admin, you can restrict specific scopes that you're concerned about, but then allow your employee base to go and install apps that are within the allowed scopes. Right? We want to make you, not only, be able to check boxes of security, but actually manage a tool like this, day to day, and not be burdened by so any inbound requests, for applications. For channels and for work flow.

Without further ado. There are many security features that, like I said, we've added over the last couple years. When I joined two years ago, out of this lists that I see here, out of the ten that you see here, we had about four of them. We've added quite a few and there's actually another ten or so, that I can think of, that are not listed here. We've added a lot of the EMM enhancements like, blocking copy on mobile phone. Like, wiping the cache as soon as someone is deprovisioned from a mobile device. There are many more features that we're planning in the near future, but these are very important. It's not only that we've developed these security features. We don't want you to just trust that we have built this. We go out and we certify, of course, with the important agencies. We just got our ISO 27001 and 27018, a few months ago. Those are very important. These certifications, the HIPPA compliance, the FINRA compliance, is now making it so, in the last few months, most of my meetings are with finance, insurance and health care. Back two years ago, when I joined, it was really start ups within Silicon Valley, but that's really no longer the case.

We're really happy with that and we really could not have done it alone. We've developed and are very fortunate to be surrounded by partners in the security space. Obviously, we'll talk a little bit more about Okta, in a second, but we have everything from, IDP integration, to DLP and E-Discovery, that are all integrated. There are special API's that we've developed over that last couple of years, that make is that everything from, again, CASBs, to E-Discovery tools, that have to do legal hold, can work together with Slack.

To go into the most important of these partners here today. If you're using this integration, you probably know what is available, but if you haven't yet, I highly encourage you to use this integration. This is actually one of the cleanest integrations that I've seen and it provides some amazing functionality. Of course it has the provisioning and deprovisioning, that are important for any connected application into Okta. Like I said, recently whenever an account is deprovisioned, you'll see it here in a second, the cache on the desktop or mobile device, is actually completely wiped. It doesn't even exist. Beyond that, end users, right? Obviously are able to log in without having to remember their password, which is something that Okta provides and is extremely helpful, but think what is more important, what we're seeing specifically here over the last day, I've had a lot of conversations about, how do we manage Slack through Okta? I think that the IT management aspect, where you can take groups of users, the Okta groups, and you can map them directly to the workplaces, the workspaces in enterprise, or you can map them to channels through UserGroup management. This is really important.

You'll see this in the demo in a second, someone from sales, can start up and on day one, have the right channels, that their connected to. This is obviously important for management, but also for the end user. For the end user experience, of knowing exactly where I am, on day one, and having that information available to me. Rather than coming into it an empty Slack and having to go and search for that information. The latest thing that Okta has released with this integration, is the profile syncing, which is fantastic. Now, profile fields from Okta, including custom profile fields, so if you have your own, that you've developed inside your organization, can all come in to Slack. With Okta's integration into HRES systems like, Work Day and Success Factors, you can bring information all the way from your HRES system, through Okta, into Slack. And so now things like, think about your, you know location. Your office locations if you want to find someone by location. If you want to find someone by their skill sets, you can do all that by searching right in Slack and all that information is fed in, you know from Okta. So a really, really nice integration. And, I can show it to you know. So, let’s go into this scenario, I have Amy here. Who's a brand new employee to my company, she at this point has no access to any application. And I've got here the Okta administration council where I'm going to go in and give her some access. So what I'm going to do is, I'm going to go into groups, and I can search for growth; which is one of my ... The growth team, this is a new sales team that's formed. This will ... I'll add her to the growth team, and when I do that if I go back now to Amy and refresh, I will have access to Slack. Let me just double check that I did that right. Okay. And there I have access to Slack, and so now she can click on that and of course be, as you well know, single signed on right into Slack.

So no remembering username/passwords, it automatically comes in. Like I said, because I connected her to the growth team, and I've taken that growth team group, and I've taken that group and I've mapped it to default channels. When she comes in here, and I think we might have an issue a little bit with network. Maybe a big issue. I'm not sure. I don't think that Wi-Fi is going to be any better than Ethernet. Let me just give it a shot, otherwise we'll go right to the question and answer session. Try Wi-Fi. Okay. So I think that we have some technical difficulties. These are always fun with live demos. So what we're going to do is we'll move on to customer Q&A. Those of you who are interested in the demo and want to see it, later on we can do this at our booth. It just came up, of course. Never mind. Alright, I'm hoping that was temporary.

Aright, so what's great is that Amy has default channels. So accounts, is one of our accounts channels we use for sales, and so she was placed right into that channel. And she can ... Oh, there we go! Advish has welcomed Amy to the team. Amy can start working here, she has access of course, as you know. Most of you have raised your hands, you know of Slack, this is one of use cases if you're not using Slack for sales today, this is one of the best use cases. We have account channels for just about every one of our accounts, and that is where our sales team, that is where product, that is where support, comes together and we share information. So if a sales person goes and presents some presentation, that's dropped in there. So when I come and meet with that customer, I can look back over the last two months and I can see what was discussed, what are feature requests that the customer has asked for? What are bugs that they've reported? All of that is available to me one central place, it's a very powerful use case. I highly recommend it. And so she can see all this information of course. Like I said, with the Troops integration, we have some great connectivity in the sales force. If you're not using that I would highly recommend that as well; where you can trigger events from sales force, automatically into the right channel into, you know, into Slack, and tag action on them like logging a call or editing information in sales forces right from Slack so you don't have to jump constantly between these different applications.

Amy is not only a sales person, she is also extremely technical, and has been automatically put into feature and engineering channels. We're going to show you some of the other integrations. For example, there is a Jira integration. Where if I launch a Jiar, we have a new, I'm not sure if you've done this integration, but we have dialogues that came out about a half a year ago; where you can launch a dialogue and take information from Slack, format it, and then bring it, push it back into whatever system you're connected to. So if we're talking about basically, some type of ... Crash of widgets. I submit this. This is going to go right into Jira, as an issues. What you're seeing is, this is obviously a demo bot, but what you can see if that in this case in Jira, if the task is now taken and assigned to someone, it's assigned to Sabim, and it's in progress, that is related back to the channel. So I can see that that's happening. Our engineers here at the Widget Company are very fast. You can see that there's a get hub commit already. So someone has already written a code to solve the widget crashing. And a Jenkins's build has been deployed. Right. Companies like Shopify have created a bot called Sky, that basically automates the entire process of building code, of testing it, of doing remote authentication and login. Of pulling information, log requests from machines. So all of this can be automated through these integrations. In this case, Jenkins has run a job to basically build this code. And then of course it's passed everything and so we've deployed it automatically from get hub. And all of that is available here, in the Feedtango channel so I can see exactly what's going on. Back in Feedtango, which is the channel where we are working on this feature, we see that the status is now complete and this has been shipped.

So these types of integrations are both, again, we saw sales integration. We're seeing one in Dev Ops right now. So back to Okta, if I go ... Amy, if she wants to find someone that knows something about no JS for example. And she goes to the workspace directory and she searched for node, she's going to find Vish here. And Vish is, you know, under skills, has no JS. So that is a profile field, that was brought in from Okta, and now makes finding people throughout the organization much more easy. Right? And finally, Amy has a very short tenure here at the Widget company. She's logged a call, she's submitted a bug, she found Vish, and now she's going to get fired. But, let's see how that happens. If I go here, and I deactivate Amy. Oh, not the network again. We were doing so well. There we go, okay. So she's been deactivated. And if I go here, within a second she is logged out, and everything is deleted. This is a web browser, so of course. But even on desktop or mobile, data is gone basically as far as her having access to anything. So that's extremely powerful of course to do. Okay, so that's it for the demo section. What I'd like to do next is actually the best part.

Over the last two years with these security features, with the Okta integration, with some of the administration controls with our certifications and HIPAA and FINRA, the logos that you've seen on these slides have been changing. We're getting into much larger organizations, that have the necessity for compliance for regulation, for administration, for security. One of my favorites is here today. So right in the center of this slide, 21st Century Fox. What I'd like to do now is welcome Christian Solsa to the stage. Christian is, thank you very much. Thank you very much for joining us.

Christian: Thank you for having me.

Ilan Frank: So Christian is the associate director of Cloud and SaaS, and maybe you can say a word about your experience with, at Fox. And I'm going to tease people, I'm actually completely jealous of this. I don't know if you can all see the thing on the left hand side. Maybe you can ... I won't steal your thunder.

Christian: Great. So, they were asking me how we've put out about Slack. Turns out, I was reading an article, I believe in TechCrunch, this new technology and this awesome communication tool called Slack. So I went in, and signed up for the beta, this is in 2013. We go approved and that's how our very first workspace came about. Sure enough, I recommended it, brought it up to our management, and they were a little bit ... I mean, this was 2013, right. Everybody, you know, our exchange server wasn't prim, we were running a communicator AKA link AKA Skype. So, yeah. People were very, still sketch about this whole cloud technologies right. So we kept it there on the side. Fast forward a couple years later, turns out that I wasn't the only one that read that article. It turned out to be like, I don't know like five or six other workspaces there. We had to take action and buy into a proper Slack workspace and environment. So now we have the grit, the enterprise addition, 155 workspaces later and 30000 people, here we are.

Ilan Frank: Yeah. I don't know if you have that letter framed, but I'm jealous of it myself. So you went to enterprise grid recently. Tell me a little bit or tell us a little bit about how you made the decision to go to enterprise grid, and what components there really convinced you to go that way.

Christian: Well, the enterprise grid basically made everything easier, especially with the Okta integration. Again, we have 155 workspaces, we have one Okta tenant for seven different active direction integration, different business units, that have no real connection. All of them, or parent company 21st Century Fox. I mean, we have Fox News, Fox TV, Bluesky Studios. So the management alone of all these workspaces and all these new technology was basically, sort of a nightmare. So with the grid basically, I mean everything you showed, imagine that times 155. The users logged into Okta, they automatically get placed in their workspaces. It's been working great so far for us.

Ilan Frank: That's great.

Christian: It's been working great so far for us.

Ilan Frank: That's great, that's great. You know what's fun, we've interacted a few times over the year on different use cases that you have at Fox, and this is not necessarily what that enterprise groups specifically but I love to hear these. Maybe you could share some of the things that you're doing with Slack at Fox.

Christian: I mean we have so many use cases completely random and different from each other. I mean I could mention a couple like Fox News uses Slack to coordinate their helicopters, speed chases, and things like that. They use also the police station's news slack to coordinate the content that goes on the Facebook pages, every single one of these stations. That's a lot of information. My favorite and this is talking about change in business, we started doing this AMAS, ask me anything sessions in Slack and we did it for Stacey Schneider our CEO basically, or the chairman of the studios, and basically it was people asking questions in terms of "okay, what are we doing?", "what's our next step?", and so it was something that. I mean I've been with Fox News for ten years, I've never, we've never seen anything like this, where management comes and asks questions, they were actually asking us questions, "what do you guys think?", "what should we do now?", "where should we go next?" So, it's the beginning of a big change for us.

Ilan Frank: Yeah, it's amazing to hear. Tell me a little bit about securing something like Slack, an organization that size.

Christian: Well that's where Okta comes into play. I mean we have our assignments posted, MFA for everybody, as soon as they come in they get set up with Okta, multifactor identification so if you use Slack obviously we're going to have to use MFA as well. We also have our policy for guests, right, so they are completely outside of Okta but if they log in directly to Slack they will get prompted to set up the multifactor factor.

Ilan Frank: I'd love to open it up for questions from the audience. We have about ten minutes left and so if anyone has questions, either for myself or for Christian, we'd love to answer those questions. Anything is allowed, Roadmap questions, anything like that. I just might not answer them but it's all allowed as far as asking them. Do we have a mic runner or someone? Thank you so much Megan. Appreciate it.

Speaker 1: Thank you. One of the challenges we've had in technologies like these, is legal getting very worried about what might be said and then our guidebook potentially leaked. Could you touch on that a little bit?

Ilan Frank: Yeah, that's a great question. I think that, with that, what we've done is create controls like customer retention policies, where some organizations have done so where they set things like DMs to different retention policies as channels you can now custom, potential policies for DMs, channels, workspaces, the entire organization, and so at different levels, and so that's basically what most have done. Of course, you have the integration with E-Discovery where everything is archived for legal hold purposes. You can't stop people from saying stupid stuff

Christian: That's why we have the overview channel.

Ilan Frank: Yeah, exactly. But you can at least, from a legal perspective, you can cover your whatever you want to put in the end of that. Good question.

Speaker 2: This question is for Christian. Can you share any other best practices around inviting external guests, other than multifactor authentication or also to share channels.

Christian: By default, guests, they get invited to, you have two options, there are single channel guests which is basically they log in and instead of all the lists of channels that you saw on there, they get one, and that's it, where they get invited. Right out of the bat, that means security is basically, they'll be able to see only what you're inviting them to. If you invite them as multichannel guest then you will give them the ability to see all their channels and all their conversations but again you control what you give them access to. In our case, we have the channel set up for requests of guests so people, not everybody can just go in and invite somebody. You have to go through a channel to request the invitation and then, or administrators will send them the invitation to those external people.

Speaker 3: Another one for Christian, so you said you were up to about 30,000 users now?

Christian: 34

Speaker 3: 34? Alright, yeah so, how much of that was actually scoped and then how much of it was more organic growth?

Christian: Well, it's funny cause the scope sort of came before we even planned it, like again, we basically discovered that we had all these Slack channels already in use, and already these small Workspaces and different teams and departments. That's when we decided to sort of explore the tool and give it to people and see how it'll go, or POC, I mean basically went sort of viral within like the first couple months and in our first enterprise, Workspace, I mean we have like 500 active users. It gave us a clue of, okay, maybe this is needed, this is new technology that people adopt and can use and put in place in their different work divisions or routines.

Ilan Frank: We recommend general, not to have an announcement from the CIOs saying go start using Slack. In general, we work with customers, like with Fox, and we think about, where does it make sense to use Slack. So there's initially always some kind of groundswell, of adoption, of people finding it and bringing it in and maybe that's 10% or 20% or 50% of the company and then the rest of the company we're really thinking, okay, what are the use cases, what are the work flows that people want, that is going to make them productive. Let's not just push it out with an email that says go, go now and use Slack.

Speaker 4: Hi, I was wondering how Slack thinks about non-corporate groups and if that's an important part of how you're planning to grow? Like, you know, make it a social Slack group and things like that.

Ilan Frank: Yeah, so we like social teams but I don't think that from a product management perspective or a feature perspective, we're going and developing features specifically for social teams. I have three social teams myself that I'm on that use Slack and it's fantastic but for, as an example, a typical feature request that a social team will ask for is to be able to block a certain abusive user or something like that. That's something that really a consumer tool is best for and something that is just not natural for a work based tool, so at the end of the day, we're a work based tool but we have absolutely nothing against social teams and we make our tool available for free for them.

Speaker 5: Hi, I actually have a couple more for you. You mention push groups, are push groups from Okta editable in Slack, and if they are, is there anything in the Roadmap that's going to disallow that?

Ilan Frank: Sorry, I missed one thing. Are push groups what?

Speaker 5: Editable in Slack?

Ilan Frank: Oh, editable in Slack. By that do you mean two way? Like you edit them in Slack and then that group gets synced back into Okta and the Okta membership in that group changes, is that what you mean?

Speaker 5: Sure, yeah, or it could just be that somebody's either able to be removed or added directly in Slack with no sync back.

Ilan Frank: Sounds like a fantastic feature request but not one that I believe we support today with the Okta integration but that sounds great.

Speaker 5: Cool, yeah, my second question is, you mentioned this around the security of Slack and it being a secure tool already because people want to use it, how would you suggest that folks handle, kind of along the lines of shadow ID where people don't want to abide by the Enterprise, by the policies that you've spun up and they go out and start a free instance?

Ilan Frank: We thought about that actually with Enterprise, we provide a feature called domain claiming where you can specify all the domains that you own and then when they go to Slack.com and they try to spin off one of those groups with any of those domains, it'll bring them back into the Enterprise. What it'll do is say, okay you can have a Workspace. Just speaking with a customer earlier today, locking it down and saying you don't get a Workspace doesn't make sense. Then they're going to go and use their Gmail address to open up, just doesn't make sense.

What you want to do is you want to be a consultant in that process. They want a Workspace for a specific reason and with Enterprise Grid we created especially so the notion of a Workspace remains. You have unlimited number of Workspaces and each one can have its own administration and control, and its own applications so you feel like you own your place of work and that's what these teams are telling us. They want to own the place where they work but these Workspaces have to abide by the corporate policies. So if you've set a global retention policy, they can change it to something more restrictive but they can't change it to something less restrictive. So that's what happens with domain claiming, is that they come back in Enterprise and they get the Workspace inside Enterprise. Any other questions? If not, I have this. So please fill in your survey and we have a booth here, G3 I think it is but I don't know the number really matters. You go to the expo hall and you'll find us and look forward to having these conversations later on. Christian, thank you so much for joining us today. I really appreciate it.

Christian: Thank you for having me.

Learn how employees can be empowered with a transparent and easy flow of information. Watch as Slack and Okta customers balance employee access with centralized control for administrator visibility with integration to SSO.