AppOmni
AppOmni secures the applications that power the enterprise - including Slack - by giving your Security, Compliance, and IT teams instant visibility and management of your Slack security posture.Security Posture - Using AppOmni's simple deployment process and continuous monitoring capabilities, your teams will be able to understand potential risks broken down by criticality and develop security and compliance policies to manage the configuration of your Slack deployment:• Confirm that the configuration of your Slack organization and workspaces meets your expectations and your company's compliance requirements.• Understand at a glance and continuously monitor which users have been granted incorrect permissions or which external guests have erroneously been left active.• Quickly inventory and monitor which third party applications have been connected to your Slack environment and which permissions they have been granted - and immediately know if those change.Monitoring and Detection - AppOmni normalizes security and compliance-relevant audit and activity logs from Slack into an industry-standard format and evaluates them to alert you to abnormalities. AppOmni delivers the normalized logs and alerts to the SIEM your team already works out of - no new single panes of glass or ops stacks to support.Learn more or get a demo today!Please note that AppOmni for Slack is only available for Slack Enterprise Grid customers
Permissions
AppOmni will be able to view:
AppOmni will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
AppOmni, Inc.
Company headquarters location
United States
Terms of service
Privacy & data governance
Data retention policy
In the event a customer terminates its agreement with AppOmni, and provides written notice that to have their data removed from the AppOmni Platform, AppOmni will remove any customer-identifiable data from the production platform within 90 days of receiving the written notice. The data will be removed by either deletion or obfuscation to the extent that no customer-identifiable data remains. For any data we obfuscate, AppOmni can provide the customer with a copy of the final data that remains, so the customer can verify total anonymity.
However the original data will remain on the backups of production data, until those backups are rotated out according to the backup media rotation schedule stated in the table above.
Customers should also be aware that data pertaining to those of customer’s suppliers who have agreed to our Hosted Service Terms & Conditions will not be removed, as that supplier is now part of the AppOmni Platform.
Data archiving and removal policy
In the event a customer terminates its agreement with AppOmni, and provides written notice that to have their data removed from the AppOmni Platform, AppOmni will remove any customer-identifiable data from the production platform within 90 days of receiving the written notice. The data will be removed by either deletion or obfuscation to the extent that no customer-identifiable data remains. For any data we obfuscate, AppOmni can provide the customer with a copy of the final data that remains, so the customer can verify total anonymity.
However the original data will remain on the backups of production data, until those backups are rotated out according to the backup media rotation schedule stated in the table above.
Customers should also be aware that data pertaining to those of customer’s suppliers who have agreed to our Hosted Service Terms & Conditions will not be removed, as that supplier is now part of the AppOmni Platform.
Data storage policy
AppOmni is a SaaS Security Posture Management solution, focused on identifying risks
in SaaS security settings and data access. AppOmni secures your critical SaaS
applications by:
● Detecting misconfigurations that weaken security posture
● Monitoring which users have access to sensitive data
● Normalizing event streams across multiple SaaS platforms
● Applying detection capabilities against activity in SaaS applications
● Constantly validating your compliance posture
AppOmni collects metadata, such as SaaS configuration settings, data access models,
data access permissions etc. from the monitored SaaS applications. AppOmni does not
collect or store data from Salesforce records of customer tenants other than basic user
information within SaaS systems. In many customer configurations, this means
name/email information, metadata records, custom settings.
● AppOmni is a SaaS delivered solution hosted in certified GCP certified data
centers (US Central location: Council Bluffs, Iowa, USA). GCP certification
information can be found here: https://cloud.google.com/security/compliance.
● AppOmni is designed by security experts to require the absolute minimum
authentication scopes possible to meet the needs of our security modeling
engine and does not execute any state-changing operations.
● Optional: Additional SaaS application permissions can be assigned if
customers want to leverage AppOmni auto-remediate capabilities.
● AppOmni connects to the monitored SaaS application API's via TLS encrypted
connections
● AppOmni leverages AES encryption for data at rest.
Data center location(s)
United States
App/service has sub-processors
no
Certifications & compliance
Data deletion request procedure
In the event a customer terminates its agreement with AppOmni, and provides written notice that to have their data removed from the AppOmni Platform, AppOmni will remove any customer-identifiable data from the production platform within 90 days of receiving the written notice. The data will be removed by either deletion or obfuscation to the extent that no customer-identifiable data remains. For any data we obfuscate, AppOmni can provide the customer with a copy of the final data that remains, so the customer can verify total anonymity.
However the original data will remain on the backups of production data, until those backups are rotated out according to the backup media rotation schedule stated in the table above.
Customers should also be aware that data pertaining to those of customer’s suppliers who have agreed to our Hosted Service Terms & Conditions will not be removed, as that supplier is now part of the AppOmni Platform.
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2020-12-15
Executive summary is available to potential customers upon request
yes
Supports Single Sign On (SSO) with the following providers
Okta, Ping, Google, any SAML-supporting service
Supports Security Assertion Markup Language (SAML)
yes
Has a dedicated security team
yes
Contact for security issues
security@appomni.com
Has a vulnerability disclosure program
no
Vulnerability disclosure program covers Slack app
yes
Has a bug bounty program
no
Requires third party authorization/connections
yes
Uses token rotation
no