Obsidian Security
Obsidian connects to your Slack Enterprise Grid environment and pulls security-relevant data into the Obsidian Platform. Obsidian detects malicious actors trying to hack into your Slack environment and surfaces them as alerts within the Obsidian platform. It detects the configuration of Slack to ensure that it is correctly configured, e.g., local users have MFA configured. As well as giving an overview of the permissions of administrators and other users within your Slack instance. Obsidian also shows what other applications are connected to your Slack instance and assesses their access, risk, and behavior.
Permissions
Obsidian Security will be able to view:
Obsidian Security will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Obsidian Security
Company headquarters location
United States
Terms of service
Privacy & data governance
Data retention policy
We apply a general rule of keeping data only for so long as is required to fulfill the purpose for which it was collected. However, in some circumstances, we will retain your personal data for longer periods of time. We will retain personal data for the following purposes: (i) as long as it is necessary and relevant for our operations, business needs and to provide the Websites and/or Platform, e.g. so that we have an accurate record of your dealings with us in the event of any complaints or challenge; and (ii) in relation to personal data from closed accounts (e.g., due to contract termination) to comply with applicable laws, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce the Websites' and/or Platform's terms and take other actions as permitted by law.
Data archiving and removal policy
The raw data pulled from the customer's SaaS services has a default of 30 days of retention. The raw data is mainly used as a backup in case data needs to be reprocessed. Processed data (the data that is presented to the user via the Obsidian UI) is retained for 90 days. Longer retention is available upon request via a data retention contract. Customers can request that their data be removed at anytime.
Data storage policy
All customer data is stored encrypted at rest and in transit in accordance with our encryption policy. Backups are taken daily and stored for 7 days. Our disaster recovery and business continuity plans are tested annually.
Data center location(s)
United States, Germany
Data hosting details
Cloud hosted
Data hosting company
AWS, GCP
App/service has sub-processors
yes
Guidelines for sub-processors
Certifications & compliance
SOC attestation
ISO/IEC-27001 certification
ISO/IEC-27017 attestation
ISO/IEC-27018 attestation
GDPR commitment
Data deletion request procedure
Contact Obsidian support and ask to submit a Data Subject Request with the Privacy Team. The Privacy Team will vet the DSR and process it accordingly.
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2024-05-14
Executive summary is available to potential customers upon request
yes
Supports Single Sign On (SSO) with the following providers
Okta, OneLogin, Ping, Google, Entra MS, SAML
Supports Security Assertion Markup Language (SAML)
yes
Has a dedicated security team
yes
Contact for security issues
security@obsidiansecurity.com
Has a vulnerability disclosure program
yes
Vulnerability disclosure program URL
Vulnerability disclosure program covers Slack app
yes
Has a bug bounty program
no
Requires third party authorization/connections
yes
Third party services used by this app
Uses token rotation
no