ENTERPRISE KEY MANAGEMENT

Allowing enterprise customers complete control of their encryption keys can be a literal dealbreaker for security-conscious customers or those in highly-regulated industries. In the event of a subpoena or data breach, a customer with EKM can revoke Slack’s access to their data, which leaves Slack unable to display messages and files.

Our challenge as a design team was: how do we make an experience where Slack is potentially unusable feel okay?

Our initial engineering pilot was mostly reactive — a user would get an error when trying to send a message to a channel after EKM had been enabled, and existing messages would simply display as “Unable to decrypt message.”

 
 

EKM engineering pilot

 

Proactive + reassuring messaging

On the Enterprise design team, we had one principle that was paramount: give the admins the tools they need, without compromising the end-user’s experience or safety.

This is a tough thing to achieve in enterprise software, especially with security features. With EKM, it was important to us to avoid the “oh god I’ve been fired” feeling of waking up and losing access to your tools and data. This was accomplished by being super clear with users that this was initiated by their admins, and that it affected everybody, not just them.

 
 

Clear, proactive messaging both in-channel and, when needed, alongside a deactivated message input

In the event that an entire channel (or workspace) was revoked, we’d prevent users from viewing them at all so they wouldn’t be in a place that felt totally broken

 

adjusting to eng requirements

Together, my product design partner and I were really happy with our solutions! Unfortunately, we soon learned that Slack couldn’t actually know what was revoked until it tried and then failed to decrypt data. We couldn’t prevent users from sending messages, and if we tried to roll up existing messages, we could only chunk them as Slack fetched them…which ended up feeling confusing and arbitrary. So, we had to pivot from being proactive to doing the best we could with reactive messaging.

 
 

We were back to individual message and file tombstones, but we were still able to provide more context than we had in the pilot experience

 
 
 

We were also back to reactive messaging

 

KEY TAKEAWAYS

This was an exercise in being flexible with solutions while holding ourselves to our principles. In the end, despite the limitations, we delivered an EKM feature that respected not just admins, but users. Our customers agreed — we received stellar feedback from our enterprise customers and unlocked several new deals. And we launched on time. 🎉

All in all, I’d call that a win.