That’s right! With the help of our app Compliance for Confluence, sensitive data detection is now available in Confluence Cloud.
Hey Community
It’s been many months in the making and I’m delighted to share that sensitive data detection is now available in the cloud version of Compliance for Confluence.
In this article, we’re going to explore what this feature does, how it can help you, and also give you a sneak peek into what's coming. But first, let’s start at the very beginning - why is sensitive data important?
Every organization has a duty to manage the data it possesses in an appropriate, ethical, and legal way. There are a lot of rules and regulations (some geography specific) that govern how data should be managed and organizations of all sizes and types must manage it appropriately.
Sensitive data is exactly what it says on the tin. It’s the higher risk, more sensitive information subject to many more rules and regulations that control its use. There are many different types of sensitive data (which we won’t go into detail about) and most organizations will have a plan, strategy, or range of policies and procedures in place to help manage this information appropriately.
For many of these plans and strategies to work, it’s important to be aware of the different types of sensitive data your organization may be handling (or creating), and visibility of sensitive data across all your tools and software is critical.
But, with an abundance of tools and software applications available to help us all work smarter and faster, how can you truly keep track of all your data?
Let’s take Confluence as an example…
How many Confluence pages are created, edited, or shared daily in your organization? What types of information are being stored on these pages? Who is responsible for monitoring this or ensuring you have the appropriate visibility?
The answers to these questions will likely vary from organization to organization but there is one common thread - awareness. And awareness is absolutely key.
Understanding the types of data that exist and where the data is located is one of the first steps to managing it effectively and this is as true for Confluence as it is for any other software application. If you are aware of the types of data being stored in Confluence, you can make informed decisions and take steps to safeguard it from loss or disclosure.
Whilst every employee is responsible for adhering to the rules and regulations that apply to their organization, data security teams and admins are often responsible for the monitoring and governance processes.
As illustrated above, it can be difficult to keep on top of the types of data being stored and shared in Confluence due to the volume of information.
The ultimate goal behind this new sensitive data detection feature is to help you identify different data types within your Confluence pages and reduce the burden for your admin and security teams by automating part of this process.
Disclaimer: using sensitive data detection will not make you compliant or solve all the challenges of managing sensitive data. It’s another tool at your disposal that can help make the data protection process more manageable and should save your admin and data security teams valuable time.
Sensitive data detection is an opt-in feature and can only be activated or configured by Confluence admins, like many of the other features in Compliance for Confluence.
Admins can easily control which types of data the detection will look for, the Spaces that sensitive data detection is active on, and whether any pages or types of data should be excluded from being detected (for example, an internal department/group email address).
Once activated and configured, sensitive data detection will scan all pages matching the chosen criteria and display any detected data to admins in the Sensitive Data Search. This is mission control for any sensitive data detected by Compliance for Confluence.
You’ll notice that each of the detections will display the data type (e.g. credit card number), the Confluence page and the space it was detected on (hyperlinked for easy access), the page author, and the date and time this data was detected.
The all-important question
This is the first version of sensitive data detection so we’re starting out small and will increase the number of available detection types over the coming months.
As of now, sensitive data detection can detect four different types of data:
Email addresses
Credit card numbers
Telephone numbers
Usernames
For more information on these data types and how to activate them in Compliance for Confluence, check out our Data Detection Types guide.
It’s worth noting that sensitive data detection has been designed to reduce the number of false positive detections so that you can be laser-focused on the real areas of risk. For example, only valid credit cards (matching recognized formats) will be detected. Simply adding a string of numbers that match the length of a credit card number to a Confluence page will not trigger the detection in Compliance.
You can also exclude specific phrases or data types from being detected, which should reduce the number of false positive results.
Aside from expanding the number of available data detection types, we will be introducing enhanced reporting, notifications, and automation capabilities to make the process of identifying and acting on any sensitive data in Confluence more efficient.
This is the first step in our journey with this exciting new feature and we are always keen to hear feedback, so please let us know your thoughts!
You can get a free 30-day trial of Compliance for Confluence via the Atlassian Marketplace or book a demo call with our team to see Compliance in action
Craig Willson (AppFox)
1 comment