Keeper brings zero-trust access governance to Slack

Keeper Security has launched a Slack integration that extends its privileged access controls into the workplace messaging platform.

The company said the integration links Slack-based requests and approvals with Keeper's privileged access management products. Keeper said it keeps enforcement, encryption and audit records within its own system.

Slack has become a common place for operational coordination in many organisations. Teams use channels for approvals, incident response and day-to-day decisions. Keeper said this made Slack a practical interface for access governance activity.

How it works

The integration lets organisations request and approve access to resources held in Keeper Vault from within Slack. Keeper listed shared folders, service accounts, credentials and protected applications as examples of resources.

Keeper said it remains the system of record for access enforcement. It also remains responsible for encryption, auditing and compliance functions.

The company said customers host the Slack app and the Keeper Commander application containers. Keeper said this preserves its zero-knowledge architecture. It said customers keep control of the encryption and decryption of data.

"Security breaks down when people have to step outside governed systems. We designed this integration so that Slack functions as a workflow interface, not a security boundary," said Craig Lurey, CTO and Co-founder, Keeper Security.

Slack holds workplace communications and workflow activity for many teams. Keeper positioned its product as the enforcement point for access. "Slack is where work happens. Keeper is where access is enforced. Keeping those roles separate is what lets organisations move faster without creating new risk," said Lurey.

Policy controls

Keeper described the approach as a separation of responsibilities between workflow and security systems. It said workflow platforms initiate requests and approvals. It said Keeper enforces access policies and cryptographic controls.

The company linked the integration to common operational issues in access governance. It pointed to side channels such as email threads, direct messages and screenshots. It said bringing approvals into Slack reduced reliance on those channels.

Keeper said organisations can apply least-privilege access policies while using Slack as an interface. It also said customers can keep centralised governance across cloud, hybrid and on-premises environments.

Keeper said requests start in Slack. It said requests route automatically to the right approvers based on Keeper policies. It said it grants access on a Just-in-Time basis and it does not use standing privileges.

Keeper said it logs every request, approval and access event centrally. It said the records support audit and compliance requirements.

Strategy context

Keeper described the Slack integration as part of a wider platform strategy. It said it plans to extend zero-trust access governance into systems where work decisions occur.

The company also said it aims to avoid fragmenting security controls. It said it also aims to avoid introducing new attack surfaces as it adds workflow integrations.

"As organisations adopt more collaborative and distributed ways of working, security has to adapt without surrendering authority," said Lurey. "This launch reflects Keeper's long-term view of access governance as a wider platform capability, not a point integration."

Keeper said the Slack integration is available to existing Keeper customers.