Although I don’t agree that this should be an “Idea”, I was told to come over here by Support. I expect to hear from Gainsight security team about this.
Given Gainsight Sally can be added to any Slack channel, we did some testing with our Slack Connect channel with Myranda, our Enterprise Support Analyst at Gainsight. We added Gainsight Sally to our channel, triggered a simple C360 Summary query, and asked whether Myranda can see the information - she can.
All of it.
In fact, she can see the other prompts but upon attempting to interact with it, she is thrown with an error as she is not a provisioned user. It even cleared out the original output when she interacted with a query with no threaded further information.
It seems that no matter what I query, Myranda as an external user to Slack, can see the information.
We need to be able to secure who can add Sally to which channel, as we have plenty of customer channels that users (CSMs) could easily provide extremely sensitive information to.
Should this be a reason for us to back out on Sally altogether, when we are planning to launch this to all employees in a month? The hype that we have created for Gainsight with Sally could easily kill our ability to use Gainsight altogether because of this massive security issue.
Makes sense, Bradley. We don’t want to add unnecessary overhead. Let me get some more details and also understand effort implications. If we have to preload external channels and maintain a block list, we have what we need at that point to automatically block all external channels. Step #2 adds the ability to selectively use Sally in external channels as and when it makes sense.
Team,
Here’s where we landed:
Let me know please if there are any questions. Appreciate your patience and partnership!
Thanks,
Manu
Team,
Here’s where we landed:
Let me know please if there are any questions. Appreciate your patience and partnership!
Thanks,
Manu
Thanks for this Manu - do you have an ETA on when these items will be deployed?
3-4 weeks roughly. Will keep this group posted.
Hey Gunjan - Please see below the responses to your queries:
Hope this helps.
No Bradley, these changes are independent of the existing welcome emailer sent to first time users. Re-authorization will not send any additional email to existing users.
Hello Team,
Sharing the update on this request. We have released an enhancement for Sally bot in Slack that addresses the security concern raised in this post. This is now available for all customers to consume as part of the recent July 2023 product release. Quick pointers on this below:
Appreciate all the inputs and patience!
Regards
Abinash