Biz jabber tool Slack realises it needs a Chief Security Officer

Slack has just hired a Chief Security Officer, with former Palantir CISO Geoff Belknap coming in to shore up the security of a cloud-based operation holding an awful lot of sensitive business communications.

Slack, the team collaboration tool masquerading as an unadventurous man's IRC, has seen huge adoption across the business world since its launch in August 2013. It is used by The Register and has even been adopted by the Australian cabinet.

We are delighted to have an opportunity to report that Business Insider also uses Slack, with channel names including, er, #fb-going-viral.

Belknap arrives from CIA-funded Palantir at a company which is quite transparent about its security practices.

“In the event of a security breach, Slack will promptly notify you of any unauthorized access to your Customer Data,” says the firm's website. “Slack has incident management policies and procedures in place to handle such an event.”

The company introduced 2FA back in March, when it revealed that attackers had successfully accessed a database containing account names, email addresses, phone numbers, Skype IDs and hashed passwords of Slack users.

For those who haven't bothered reading the privacy policy, it should be noted that even direct messages between employees' accounts are stored and accessible to the bosses of Slack Plus-subscribed teams.

While snooping managers may encourage some Samizdat-style behaviours for office gossips, it has enabled tightly regulated business (such as those in finance) to be able to meet their legal obligations, although it is unclear to what degree these businesses have also adopted the tool. ®