Security Program Controls/Technologies

Balancing freedom of choice and security: the key to open platforms

Security and freedom of choice.

Large companies use nearly 200 apps per day to do everything from managing projects to storing and sharing files and submitting and tracking vacation time. These apps make jobs easier for employees, and they maximize the value of the CIO’s tech investments.

Employees and businesses have increasingly come to expect connected services that make working more efficient, aligned, and productive. And while open enterprise platforms can bring all of our favorite apps and software together into a single place, we have to accept the terms of an intangible – and very important – agreement: to connect and share data among our most valued, best-of-breed apps, we have to stay aware of the security considerations that come with them.

This means that providers, vendors, and customers have a shared responsibility to evaluate their platforms and the apps and software connected to them.

For open enterprise platforms, it's all about choice

Many open enterprise platforms start from a position of “freedom of choice,” recognizing that no organization and no team are the same. It’s critical to have the flexibility to tailor the interconnected tools that users need – when they need them.

For example, while a customer success manager may need to build a custom workflow to triage support tickets, a sales representative within that same company may need an out-of-the-box integration with their CRM to access real-time data to close deals faster. An open platform solves both of those needs and more – offering teams and individual employees the flexibility and space to make decisions that work best for them, while removing the friction created by switching between siloed systems.

Just as important, businesses that permit their teams and employees to integrate apps and workflows recognize the value that this freedom of choice brings. Integrated, best-of-breed apps let teams do their best work and slash time spent on tasks that software can automate.

Security: a constant and shared responsibility

The growing shift to open enterprise platforms echoes back to the shift from on-premise data infrastructure to the cloud. Businesses hesitated to move their data and software to a brand new infrastructure that delivered incredible benefits and opportunities, but was perceived as risky and insecure. Today, most organizations accept and understand the cloud’s benefits, and questions of cloud security have been answered through the industry’s collective investment in the maturation of that technology.

Working with a truly transformative enterprise platform that relies on integrations to maximize its value also requires collective investment. This has become more evident than ever from recent security incidents and cyberattacks affecting the industry. For customers, this starts with evaluating trust in a third-party app and the value that app provides compared to the company’s level of risk tolerance. For example, a financial services company may have a very low risk tolerance, so they really need high trust in and demonstrated value of the app to activate an integration. From there, companies should then have an ongoing review process (usually within their IT team) across their integrations to ensure usage and scope complies with their internal guidelines.

No one-size-fits-all approach to security

Every organization has its own unique security concerns and requirements – from healthcare companies adhering to patient privacy regulations, government entities processing sensitive data, to large businesses concerned about the preservation of personally identifiable information. To give businesses confidence in their freedom of choice, we need open platforms that are fully transparent with their customers about how an app plugging into it will behave, including what data and systems it has access to and what it does with that data. 

At Slack, we take both a proactive and reactive approach to ensure we remain a trusted environment for users to build, distribute, and install apps. All apps in our directory undergo a thorough review and approval process, followed by ongoing monitoring for any new functionality added after the fact. We’ve developed permissions so IT teams can create rule engines to automatically approve or reject apps so users can continue to move with freedom. And we aim to educate our customers about what security really means, while letting them make the decisions that make the most sense for their organization’s needs.

Security requires constant, collective re-evaluation, change, and collaboration. And just as the industry adopted the cloud, we’re going to see a similar effort to adopt truly transformative enterprise platforms. We will continue to see creative ways in which businesses embrace them to improve productivity and engagement for their employees.

We’re still in the early days of this transformation, and there are still questions about security and freedom of choice that we, as a collective industry, will have to evaluate and answer. It will take time to find the right balance between harnessing the opportunities offered by enterprise platforms and the unintended risks created by an open ecosystem, but the benefits and opportunities that lie ahead are worth the effort.

Steve Wood, senior vice president product, platform, Slack

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.