Skip to main content
Build the future with Agentforce at TDX in San Francisco or on Salesforce+ on March 5–6. Register now.

Use the Discovery API for Data Security Integrations

Learning Objectives

After completing this unit, you’ll be able to:

  • Describe the Slack Discovery API.
  • Explain the use of a data loss prevention (DLP) solution.
  • Explain the use of an eDiscovery solution.

Explore Enterprise Data Security Integrations

In this module, you explore options that help you remain secure and compliant while using Slack. No matter if you’re working in a small or enterprise-size company, a growing or heavily regulated industry—you have the tools to configure Slack to meet a range of internal and external compliance requirements.

This starts with the Slack Discovery API.

Say "Hello" to the Discovery API

Think of the Slack Discovery API as a log of the data in Slack that can be pushed to third-party security apps. The Discovery API itself can handle many types of data discovery requests, but the difference comes from the class of apps pulling the data. The solutions fall into two categories.

  • Data loss prevention (DLP)—Solutions that prevent users from inappropriately sharing sensitive data, data breaches, and unwanted data destruction.
  • eDiscovery—Solutions that enable the retrieval of specific data to help in legal proceedings.

Note that DLP and eDiscovery integrations with Slack are only available on the Enterprise Grid plan.

Why Use DLP and eDiscovery?

For any kind of business, a single data leak can have catastrophic repercussions for your organization.

  • Damage to your credibility and trust
  • Violation of laws and regulations
  • Financial loss
  • Increased likelihood of lawsuits

The above list highlights just a few issues that a company may face when its data is leaked, stolen, or otherwise inappropriately shared. Integrating a DLP or eDiscovery solution can help organizations protect valuable information without needing to sacrifice the convenience and continuity Slack brings.

Let’s take a closer look at DLP.

Make Information Sharing Safe with DLP

Your organization might already be using a data loss prevention (DLP) solution for email and other company products. The Discovery API enables you to integrate with the same DLP. Or if you need to, the platform makes it easy to find and integrate with another for your specific needs.

DLP apps ensure confidential information, like credit card information, isn’t shared within Slack. DLP apps scan for content within messages and files that break predefined company policies. For highly regulated industries, such as finance and healthcare, a strong DLP solution is key to meeting compliance obligations. 

Implement the Right DLP Solution

In Slack, DLP is the combination of the Discovery API and a cloud access security broker (CASB).

Slack integrates with the third-party CASB of your choice to read, isolate, and quarantine messages that share sensitive information or violate company policies. This means your organization can communicate freely without worrying that sensitive data might make its way in front of the wrong eyes. 

Diagram of how the Discovery API and CASB work together, as described in the content

Let’s review how the Discovery API and CASB work together.

  1. A user posts a message in Slack.
  2. The Discovery API records this information and shares it with the CASB as a JSON file.
  3. The CASB reads the message or file.
  4. If the message or file matches the criteria you set up—the message contains a credit card number, for example—the CASB takes action. Based on your configuration, the message may be deleted and a notification sent to the user as to why their message was removed.

In most instances, an organization will integrate an existing CASB provider into their account. Slack works with a number of recognized CASB partners to create a DLP solution.

Once you've chosen your CASB and your DLP solution has been integrated into Slack, DLP apps:  

  • Allow authorized personnel to manage workspace activity and enforce predefined policies on messages and files shared in Slack.
  • Allow quarantined messages and files to be reviewed or removed from within the CASB.

Who Can Access DLP Information?

Only an Organization Owner or Organization Primary Owner can access a DLP app. Organization Admins and workspace-level Owners and Admins will not be able to set policies, access DLP data, or act on information that has been flagged. 

What Is eDiscovery?

eDiscovery is often used for legally defensible evidence, and data pulled from eDiscovery apps is admissible in court. However, eDiscovery solutions work well for other scenarios, such as internal investigations or HR needs, as they enable the user to search, document, and retain data with ease. 

eDiscovery apps work in conjunction with Slack's Discovery API to pull messages and files from Slack, and store the information in third-party data warehouses. From the data warehouses, messages and files can be searched, archived, or retrieved. 

The Discovery API exports the data in JSON format. Your app converts it to an easily readable and searchable text format. 

Slack’s eDiscovery solution means organizations can identify, preserve, and collect key data directly from Slack itself, saving time and money over manual investigation. 

What Can an eDiscovery App Do in Slack?

By default, eDiscovery apps installed in Slack can:

  • Archive all Slack public channel messages, private channel messages and direct messages.
  • Archive copies of files shared in Slack.
  • Run eDiscovery queries.
  • Place query results on Legal/Litigation Hold if needed.

Unlike a DLP solution, eDiscovery apps do not actively search Slack data. Instead: 

  1. The user posts in Slack.
  2. The Discovery API packages the post in JSON.
  3. Slack sends the data to the eDiscovery provider's third-party data warehouse. From this warehouse, messages and files from Slack are stored to meet compliance requirements.

Diagram of how the Discovery API and eDiscovery solution works together as described in the steps above

Within the warehouse, data is searched and isolated by sender, recipient, or date. This helps organizations meet compliance obligations and streamline their investigation process. 

Implement the Right eDiscovery Solution

To set up the integration between Slack Discovery APIs and your eDiscovery vendor, your primary resource will be the implementation guides from your selected eDiscovery solution. That said, regardless of which vendor you choose, here are some high-level steps you need to take to set up the integration. 

  1. Choose a third-party eDiscovery provider from our partners. If your organization is particularly API and tech savvy, it is also possible to create your own fully custom integration, but this is outside the scope of what we cover in this badge.
  2. Your Organization Primary Owner should request that Slack enable the Discovery APIs for your instance. They can do this by emailing exports@slack.com. 
  3. Configure provisioning with your eDiscovery vendor to ensure that user accounts provisioned with Slack are also created within the eDiscovery solution
  4. The Primary Owner will authorize the eDiscovery app and install it in your Slack instance. To do this, follow the guidance provided by your eDiscovery vendor.
  5. For more information on the APIs themselves, work with your Slack CSM to obtain access to our technical documentation and guides.

Discovery Self-Service Tools on Slack

You should now have a working knowledge of what DLP and eDiscovery solutions are and how they can be integrated into Slack. Next, you take a look at native tools in Slack to export your data.

Resource

Partagez vos commentaires sur Trailhead dans l'aide Salesforce.

Nous aimerions connaître votre expérience avec Trailhead. Vous pouvez désormais accéder au nouveau formulaire de commentaires à tout moment depuis le site d'aide Salesforce.

En savoir plus Continuer à partager vos commentaires