[yeukhon]

A lot of enterprise claim to run their own services, but in reality, they outsource to third party to host them, for example, centurylink for active directory or some vendor for managed exchange servers. Heck, a lot of companies bought 365 and Box. People use Skype for communication, passwords are being thrown all over emails and chats. Code are on GitHub. While there is auditing in place, the reality is, a lot of enterprise data aren't really controlled and stored on-premise servers, and auditor cares mostly whether access are limited, logs are available for tractability, and whether there is enough risk assessment done prior to signing the contract.

[nrjames]

Yep, I'm well aware of all of that because I sit on our "Cloud Technology Advisory Committee," which feels like a scene from Brazil. However, many here work with sensitive PHI and various types of classified data, so the concerns are bound to contractual agreements with clients and our ability to win work is contingent upon standing up to audits that verify our claims regarding data ownership, security, etc. I wouldn't argue that makes it more secure, but it's the reality of the business.

[yeukhon]

Certainly. Another option is HipChat, which you can host on-premise. I actually prefer HipChat because of the simplistic UI. Now both Slack and HipChat support video call is a great plus because I don't have to switch between tools. Slack UI is noisy to me, but the growing ecosystem is fantastic. Ugh.