Slack Hardening

Aug 1, 2022

Halodoc is a fast-growing Health-Tech company and needs a collaboration tool that can make it easier for every user to collaborate on content creation anytime and anywhere. Collaboration tools must also be able to guarantee the security of every user on Halodoc. Halodoc choose Slack  as a tool to carry out all collaborative activities because it has high-security standards that can cover the needs of Halodoc users.

Slack is a messaging program designed specifically for the office, but has also been adopted for personal use, refer to this web site https://www.slack.com/, Slack offers many IRC-style features, including persistent chat rooms (channels) organized by topic, private groups, and direct messaging. In addition to these online communication features, Slack can also integrate with other software.

Slack workspace is made up of channels, where team members can communicate and work together. When  joining a workspace, we create an account using your email address. We  can use the same email address to join as many workspaces as we  like, but we will have separate Slack accounts for each one.

Halodoc uses Slack as one of the collaboration tools. Secure access to information and technology resources on demand is important. At the same time Halodoc must be prudent in reducing  attack vectors  and  maintain security controls that prevent unauthorized users from gaining access, as well as blocking legitimate users from exceeding their authorization.

Since the usage of slack is very extensive at Halodoc, this is what drives us to do Security hardening for this application.

Security Hardening

What is Security Hardening ?  Security hardening  is to reduce security risk by eliminating potential attack vectors and condensing the system's attack surface. Reducing attack vectors through hardening also involves system owners cutting unnecessary services or processes. Overall, a system that provides more services has a much broader attack surface than one performing just one function.

Slack Hardening

In order to straighten security on Halodoc Slack, this is what we do to achieve them :

  1. Setup SSO

Single sign-on is an authentication process that allows users to securely access multiple related applications or systems. We integrate Slack with Halodoc SSO IDP, so users do not need to remember passwords and this also reduces  attack surfaces because users only log in one set of credentials.

2. Limit who has access

Guest users allowed to join Halodoc Workspace from a specific company domain address need admin approval.

This process to verify that the guest is approved by the Halodoc team and we can control who can join our workspace.

3. File Public Sharing

Disable file public sharing, this is to prevent users accidentally share file to public

4. Deactivate members’ accounts who no longer need access

Change is constant, and people come and go. Constantly audit to deactivate a member’s account when they leave. We can make sure that only accounts that are still with our organization can access our workspace.

5. Use guest accounts and limit the channels they're invited to

Some members of Slack workspace (like contractors, interns, or clients) may only need access to certain channels. Guest accounts are a great way to manage who has access to the information they need in your workspace.

6. Limit number of  admin

Administrator is important but too many administrators on one app will put our apps at risk and uncontrolled. This is why we also regularly audit number of Admin

Conclusion

From what is written in this blog, Security Hardening can reduce the number of attack surfaces, Ease of Use, Transparency and Ease of Access. This is the reason why Halodoc implements Security Hardening for Slack

References :

https://slack.com/help/articles/115004155306-Security-tips-to-protect-your-workspace

https://slack.com/help/articles/203772216-SAML-single-sign-on

Join Us:

We are always looking out for top engineering talent across all roles for our tech team. If challenging problems that drive a big impact enthrall you, do reach out to us at careers.india@halodoc.com

About Halodoc

Halodoc is the number 1 all-around Healthcare application in Indonesia. Our mission is to simplify and bring quality healthcare across Indonesia, from Sabang to Merauke.

We connect 20,000+ doctors with patients in need through our Tele-consultation service. We partner with 1500+ pharmacies in 50 cities to bring medicine to your doorstep. We've also partnered with Indonesia's largest lab provider to provide lab home services, and to top it off we have recently launched a premium appointment service that partners with 500+ hospitals that allows patients to book a doctor appointment inside our application.

We are extremely fortunate to be trusted by our investors, such as the Bill & Melinda Gates Foundation, Singtel, UOB Ventures, Allianz, Gojek, and many more. We recently closed our Series B round and In total have raised USD$100million for our mission.

Our team works tirelessly to make sure that we create the best healthcare solution personalized for all of our patient's needs, and are continuously on a path to simplify healthcare for Indonesia.

.