Sally Security Concerns - PSA

Related products: CS Other Features

Although I don’t agree that this should be an “Idea”, I was told to come over here by Support. I expect to hear from Gainsight security team about this. 

Given Gainsight Sally can be added to any Slack channel, we did some testing with our Slack Connect channel with Myranda, our Enterprise Support Analyst at Gainsight. We added Gainsight Sally to our channel, triggered a simple C360 Summary query, and asked whether Myranda can see the information - she can.

All of it.

In fact, she can see the other prompts but upon attempting to interact with it, she is thrown with an error as she is not a provisioned user. It even cleared out the original output when she interacted with a query with no threaded further information.

It seems that no matter what I query, Myranda as an external user to Slack, can see the information.

We need to be able to secure who can add Sally to which channel, as we have plenty of customer channels that users (CSMs) could easily provide extremely sensitive information to.

Should this be a reason for us to back out on Sally altogether, when we are planning to launch this to all employees in a month? The hype that we have created for Gainsight with Sally could easily kill our ability to use Gainsight altogether because of this massive security issue.

Makes sense, Bradley. We don’t want to add unnecessary overhead. Let me get some more details and also understand effort implications. If we have to preload external channels and maintain a block list, we have what we need at that point to automatically block all external channels. Step #2 adds the ability to selectively use Sally in external channels as and when it makes sense.

Team,

 

Here’s where we landed:

  • We are still good with this part: For channels that are not blocked, we are going to change the base interaction to include a warning message + consent before posting anything. We looked into showing full responses privately as well (called ephemeral messages), but are running into some text size limitations.”  We are adding an admin setting as well to decide whether this happens in all channels or just public ones (default behavior).
  • We will also allow blocking Sally entirely based on three options (multi-select, so can apply all three for tight control):
    1. Block in public channels
    2. Block in external channels (with connected external organizations)
    3. Block in channels with the following prefixes… (e.g., “cust_” based on naming best practices)

Let me know please if there are any questions. Appreciate your patience and partnership!

 

Thanks,

Manu

Team,

 

Here’s where we landed:

  • We are still good with this part: For channels that are not blocked, we are going to change the base interaction to include a warning message + consent before posting anything. We looked into showing full responses privately as well (called ephemeral messages), but are running into some text size limitations.”  We are adding an admin setting as well to decide whether this happens in all channels or just public ones (default behavior).
  • We will also allow blocking Sally entirely based on three options (multi-select, so can apply all three for tight control):
    1. Block in public channels
    2. Block in external channels (with connected external organizations)
    3. Block in channels with the following suffixes… (e.g., “cust_” based on naming best practices)

Let me know please if there are any questions. Appreciate your patience and partnership!

 

Thanks,

Manu

Thanks for this Manu - do you have an ETA on when these items will be deployed?

3-4 weeks roughly. Will keep this group posted.

AcknowledgedPlanned

@manu_mittal Thanks for the update. Two questions.

  1. What about existing public/external channels that have this bot?
  2. Also, that still seems like a workaround and not a real solution to the fundamental issue. The responses should initially only go to the requestor. The requestor doesn't have enough context to know what they're consenting to without seeing the response first, right?

Hey Gunjan - Please see below the responses to your queries:

  1. So Sally will have to be reauthorised (updated) from the Admin settings section to inherit the new changes and these will be reflected on all the existing Public/External channels
  2. The requestor will have two options through the warning message:  (a) to have the information sent as a direct message to self OR (b) post the information in the channel

Hope this helps.

@Abinash it does, thank you!

@Abinash will the Sally re-authorization send everyone a welcome message/email like it normally does when you turn it on? It would be great to just stealth turn it back on/reset it.

No Bradley, these changes are independent of the existing welcome emailer sent to first time users. Re-authorization will not send any additional email to existing users.

Hello Team,

Sharing the update on this request. We have released an enhancement for Sally bot in Slack that addresses the security concern raised in this post. This is now available for all customers to consume as part of the recent July 2023 product release. Quick pointers on this below:

  • Customers will have to re-authorise Sally from their Admin settings page to access the new changes
  • No change or impact for customers who do not re-authorise

Appreciate all the inputs and patience!

Regards

Abinash

PlannedImplemented
Terms & ConditionsCookie settings