skyhighsecurity_for_enterprise
SkyhighSecurity enforces DLP policies for files and messages across Slack channels to ensure compliance with regulations and internal policies. SkyhighSecurity supports DLP rules based on keywords, data identifiers, user groups, and regular expressions. Enforcement actions include coach users, notify administrator, block, encrypt, quarantine, and tombstone. Leverage pre-built industry templates, create custom policies in SkyhighSecurity, or leverage policies in an existing on-premises DLP solution.SkyhighSecurity also captures a complete record of all user activity in Slack and leverages machine learning to analyze activity across multiple heuristics and accurately detect threats. As a comprehensive cloud security platform, SkyhighSecurity can detect cross-cloud threats that involve usage across Slack and other cloud services. As threats are resolved, SkyhighSecurity automatically incorporates this data into its behavioural models to improve detection accuracy.
Permissions
skyhighsecurity_for_enterprise will be able to view:
skyhighsecurity_for_enterprise will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Skyhigh Security
Company headquarters location
United States
Privacy & data governance
Data retention policy
Controls to manage the disposal of data by classification are addressed in our Data Ownership, Classification & Handling Policy.
Our Acceptable Use Policy covers the appropriate use of removable media and the encryption level required to do so.
Physical and electronic media is destroyed using a 3rd party. A certificate of destruction is required accounting for the media destroyed. If the media is to be re-used it is wiped with a new image before release back into production.
Electronic storage media must be irretrievably erased using a secure data removal process (with a minimum of two pass data overwriting; first pass with random pattern and second pass with fixed pattern) prior to recycling, reusing, or donating of the storage media.
Obligations to return or destroy customer data are in accordance with negotiated contract terms.
Typically, the time to destroy customer data is 30 days.
Data archiving and removal policy
Controls to manage the disposal of data by classification are addressed in our Data Ownership, Classification & Handling Policy.
Our Acceptable Use Policy covers the appropriate use of removable media and the encryption level required to do so.
Physical and electronic media is destroyed using a 3rd party. A certificate of destruction is required accounting for the media destroyed. If the media is to be re-used it is wiped with a new image before release back into production.
Electronic storage media must be irretrievably erased using a secure data removal process (with a minimum of two pass data overwriting; first pass with random pattern and second pass with fixed pattern) prior to recycling, reusing, or donating of the storage media.
Obligations to return or destroy customer data are in accordance with negotiated contract terms.
Typically, the time to destroy customer data is 30 days.
Data storage policy
Controls to manage the disposal of data by classification are addressed in our Data Ownership, Classification & Handling Policy.
Our Acceptable Use Policy covers the appropriate use of removable media and the encryption level required to do so.
Physical and electronic media is destroyed using a 3rd party. A certificate of destruction is required accounting for the media destroyed. If the media is to be re-used it is wiped with a new image before release back into production.
Electronic storage media must be irretrievably erased using a secure data removal process (with a minimum of two pass data overwriting; first pass with random pattern and second pass with fixed pattern) prior to recycling, reusing, or donating of the storage media.
Obligations to return or destroy customer data are in accordance with negotiated contract terms.
Typically, the time to destroy customer data is 30 days.
App/service has sub-processors
no
App/service uses large language models (LLM)
no
Certifications & compliance
Data deletion request procedure
Controls to manage the disposal of data by classification are addressed in our Data Ownership, Classification & Handling Policy.
Our Acceptable Use Policy covers the appropriate use of removable media and the encryption level required to do so.
Physical and electronic media is destroyed using a 3rd party. A certificate of destruction is required accounting for the media destroyed. If the media is to be re-used it is wiped with a new image before release back into production.
Electronic storage media must be irretrievably erased using a secure data removal process (with a minimum of two pass data overwriting; first pass with random pattern and second pass with fixed pattern) prior to recycling, reusing, or donating of the storage media.
Obligations to return or destroy customer data are in accordance with negotiated contract terms.
Typically, the time to destroy customer data is 30 days.
HIPAA compliant
yes
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Supports Single Sign On (SSO) with the following providers
AWS IAM
Supports Security Assertion Markup Language (SAML)
yes
Has a dedicated security team
yes
Contact for security issues
secops@skyhighsecurity.com
Has a vulnerability disclosure program
no
Has a bug bounty program
no
Requires third party authorization/connections
no
Uses token rotation
no