Symphony Blog

Why Slack’s Customers Really Do Need End-to-End Encryption

Lawrence Miller

Earlier this month, Slack’s CSO made public comments stating that its customers aren’t interested in end-to-end encryption, so it’s not a priority for the company. For a company which claims to be the platform "where work happens,” this decision to dismiss such a powerful tool to protect their customer data is concerning, especially when it comes from their top security executive.

Let’s consider the facts. In 2017 alone 2.6 billion records were stolen, lost or exposed. In addition, many major digital platforms, including Slack, have been hacked. How can enterprises feel comfortable conducting all of their work on a platform if they know that their conversations and data have the very real potential of becoming exposed to competitors and the public?

At Symphony, we take these threats extremely seriously, so much so that security is core to our DNA. As you might imagine, Slack’s dismissive comment is puzzling to us, particularly when considering what is at stake when a company considers the possibility of exposing its proprietary business intelligence and data.

Our service is trusted by hundreds of thousands of users from the world’s most competitive companies who use Symphony to keep the world’s economy humming. We wouldn’t be at the heart of this ecosystem if we were slack about our customers’ information security, no pun intended.

To deserve such trust, we invested on Day One to build our entire platform upon true end-to-end encryption. In fact, when Symphony was created by a consortium of 15 leading financial institutions, the idea of putting data on the cloud was simply unthinkable to these organizations. It wasn’t until after Symphony’s security model was designed with end-to-end encryption that storing data on the cloud became an option. And many organizations - such as the EFF and Apple - are universally aligned and outspoken advocates about the merits of encryption. Edward Snowden made this point unequivocally, saying: “The only way to protect to communicate using a service that provides end-to-end encryption.”

Symphony’s implementation of enterprise-grade end-to-end encryption, with zero gaps between the origin of a message and its destination, while still maintaining the ability for a company to access and archive its own data and perform all the required compliance controls in real time, is unique in the market today.

It’s this encryption model, and the trust it engenders, that provides the core protection every enterprise should demand - and the SEC has warned that weak cybersecurity could violate federal laws. While it’s simple in principle, this architecture is rarely implemented in cloud services. If the Symphony Enterprise service ever gets breached, this architecture ensures that the content remains encrypted, and attackers won’t be able to read it. What’s more, the FBI recently cited Symphony’s model as a way to help Americans approach cyber security in the age of digital transformation.

At the end of the day, Slack’s customers may not be asking for end-to-end encryption because these security risks are often downplayed. Don’t fall into this trap. If your organization is interested in learning more, feel free to reach out to me on Symphony or to the team at

Share This