Disney To Stop Using Salesforce-Owned Slack After Hack Exposed Company Data (reuters.com) 9
Disney plans to transition away from using Slack as its companywide collaboration tool after a hacking group leaked over a terabyte of data from the platform. Many teams at Disney have already begun moving to other enterprise-wide tools, with the full transition expected later this year. Reuters reports: Hacking group NullBulge had published data from thousands of Slack channels at the entertainment giant, including computer code and details about unreleased projects, the Journal reported in July. The data spans more than 44 million messages from Disney's Slack workplace communications tool, WSJ reported earlier this month. The company had said in August it was investigating an unauthorized release of over a terabyte of data from one of its communication systems.
Time for an on-prem messaging tool? (Score:2)
Whatever happened to on-prem messaging tools? Ages ago, ircd would be good enough, but one needs to be able to have attachments stored somewhere, and some places have documentation for long term reference.
If someone came up with something like Slack or Teams, except 100% on-prem and used interfaces to the server or load balancer, I'm sure it would be useful. Maybe even offer cloud-brokered redirection so people outside the firewall can still communicate, but all data still remains on the physical servers,
Re:Time for an on-prem messaging tool? (Score:5, Insightful)
Where I'm at we assiduously assail every cloudification effort, we're even more paranoid than our own infosec peeps. If cloud's the only way, then we do it.
We also have some infrastructure in the cloud, as a last-resort lifeboat kinda thing for email and AD and such. But it's all built by us, not some 3rd party consultant thing. We're even more paranoid than our own infosec is. They love cloud =o/
Too many people are drinking Flavor-Aid (tm) and falling for AI buzzwords. Clownstrike is an example -- we called it out something like 4 years ago and we also nixed many others.
Buying things based on marketing is retarded but that's how most managers (most, not all) do it. Directors nearly always do it. You don't buy the shiniest and prettiest, you buy the one that does the job best.
Re: (Score:2)
Re: (Score:2)
I am going to go out on a limb and say that a lot of the cloud services can be put on-prem, with something that can do cloud brokering. For example, something like RealVNC never needs to jump a firewall in, because both machines are connecting to the cloud broker, and creating a connection from that.
If we can do this with internal file sharing and other apps, the crown jewels can remain in a secure area, while people have access without needing a VPN. Best of all worlds.
Re: (Score:2)
This isn't Slack's fault. Disney failed to secure it, not Slack. The only two real alternatives are Slack and Teams. Maybe if Discord went professional version they'd be a contender.
Yes, there are other chat applications out there, but they are no where near as powerful as Slack. This is a stupid move on Disney's part.
They can always run Spark for internal messaging or roll their own (even make it open source! tha
Matrix open standard protocol (Score:2)
Whatever happened to on-prem messaging tools? Ages ago, ircd would be good enough, but one needs to be able to have attachments stored somewhere, and some places have documentation for long term reference.
If someone came up with something like Slack or Teams, except 100% on-prem and used interfaces to the server or load balancer, I'm sure it would be useful. Maybe even offer cloud-brokered redirection so people outside the firewall can still communicate, but all data still remains on the physical servers, or something like AWS GovCloud with a guarentee of physical custody.
Matrix open standard protocol then? https://matrix.org/ [matrix.org]
Re:Time for an on-prem messaging tool? (Score:4, Insightful)
What on earth makes you think on-prem would be more secure than in the cloud? Are your company's IT staff better trained in security than Microsoft or AWS? Most places I've worked, there were a few guys on the IT team, and they had to juggle security concerns with a long list of other IT demands. Security issues often took a back seat, because they weren't "urgent." For Microsoft and Amazon, security is critical to their success, it's what they do, and they have the money to do it. I'd personally trust them far sooner than my own company's often inept IT department.
Re: (Score:2)
Three reasons:
1: Physical security and control of data. I know where the data is at all times. I can throw it to tape without huge egress fees, and since WORM tape is relatively cheap, having an attacker destroy those tapes is a lot harder than the cloud where it just takes a delete command. Yes, there is object locking, but nuking other stuff is easy. Data exfiltration is a lot easier to protect against when you can air gap it, and know it won't be exiting that network, barring a Stuxnet type of attac
Re: (Score:3)
I'd rather pay for what I know
THIS is the key. You know on-prem systems better than you know cloud systems. This makes it a good choice for you, but it doesn't make on-prem inherently safer.
If you know your cloud systems, you can manage your systems with lower cost and higher security than on-prem. How many on-prem systems employ geo-redundant real-time backups?
Cloud systems are rapidly making it much, much harder to leave your stuff open to the world. Security settings like encryption at rest and encryption in transit are enabled by de