The Latest

28 June 2022: Messaging program app Slack, will launch GovSlack in July 2022 for public sector customers. Salesforce, its parent company, secured the app’s security and operational certifications from the Federal Risk and Authorization Management Program (FedRAMP), Department of Defense Impact Level 4 (DoD IL 4), and the International Traffic in Arms Regulations (ITAR). GovSlack will be released as a complementary tool with Salesforce’s Government Cloud Plus, a dedicated instance for U.S. government customers.

Why it’s Important

Slack joins a long list of FedRAMP-certified vendors such as Google, Oracle, Cisco, Nintex, and MongoDB, that have met the stringent security standards of the U.S. government. Salesforce’s approach to offering complementary government-compliant products is strategically similar to what is provided by DocuSign, Microsoft, IBM and Snowflake, to ensure consistency in cyber security of Cloud service.

Since the majority of government agencies deal with sensitive data, meeting major public office standards and regulations can bolster a Cloud service provider’s (CSP) reputation in the industry, and expand their market to federal agencies, state and local public offices, and government-affiliated agencies. Furthermore, vendors need to expand their compliance to other countries standards such as the hosting certification framework provided by the Australian Government Digital Transformation Agency, which certifies service providers, Cloud services, and data centre facilities.

Who’s Impacted

  • CEO
  • Procurement teams
  • IT teams

What’s Next?

When considering Cloud management tools, security certifications and assessments are a sign that the vendor has best practices in place, but are not a panacea for mitigating risk. Treat them accordingly. 

Related IBRS Advisory

  1. VENDORiQ: It’s An IRAP! VMware on AWS Gets Assessed for Aussie Protected Status
  2. IBRSiQ: Sovereign Cloud Providers