Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Sensitive data detection has arrived for Confluence Cloud

That’s right! With the help of our app Compliance for Confluence, sensitive data detection is now available in Confluence Cloud.

Hey Community :wave:

It’s been many months in the making and I’m delighted to share that sensitive data detection is now available in the cloud version of Compliance for Confluence.

Sensitive Data Detection Confluence.png

In this article, we’re going to explore what this feature does, how it can help you, and also give you a sneak peek into what's coming. But first, let’s start at the very beginning - why is sensitive data important?

Visibility and awareness are key

Every organization has a duty to manage the data it possesses in an appropriate, ethical, and legal way. There are a lot of rules and regulations (some geography specific) that govern how data should be managed and organizations of all sizes and types must manage it appropriately.

Sensitive data is exactly what it says on the tin. It’s the higher risk, more sensitive information subject to many more rules and regulations that control its use. There are many different types of sensitive data (which we won’t go into detail about) and most organizations will have a plan, strategy, or range of policies and procedures in place to help manage this information appropriately.

For many of these plans and strategies to work, it’s important to be aware of the different types of sensitive data your organization may be handling (or creating), and visibility of sensitive data across all your tools and software is critical.

But, with an abundance of tools and software applications available to help us all work smarter and faster, how can you truly keep track of all your data?

Let’s take Confluence as an example…

How many Confluence pages are created, edited, or shared daily in your organization? What types of information are being stored on these pages? Who is responsible for monitoring this or ensuring you have the appropriate visibility?

The answers to these questions will likely vary from organization to organization but there is one common thread - awareness. And awareness is absolutely key.

Understanding the types of data that exist and where the data is located is one of the first steps to managing it effectively and this is as true for Confluence as it is for any other software application. If you are aware of the types of data being stored in Confluence, you can make informed decisions and take steps to safeguard it from loss or disclosure.

 

Reduce the manual burden on your admin and security teams

Whilst every employee is responsible for adhering to the rules and regulations that apply to their organization, data security teams and admins are often responsible for the monitoring and governance processes.

As illustrated above, it can be difficult to keep on top of the types of data being stored and shared in Confluence due to the volume of information.

The ultimate goal behind this new sensitive data detection feature is to help you identify different data types within your Confluence pages and reduce the burden for your admin and security teams by automating part of this process.

Sensitive Data Detected on Confluence page.png

Disclaimer: using sensitive data detection will not make you compliant or solve all the challenges of managing sensitive data. It’s another tool at your disposal that can help make the data protection process more manageable and should save your admin and data security teams valuable time.

 

Using Sensitive Data Detection

Sensitive data detection is an opt-in feature and can only be activated or configured by Confluence admins, like many of the other features in Compliance for Confluence.

Admins can easily control which types of data the detection will look for, the Spaces that sensitive data detection is active on, and whether any pages or types of data should be excluded from being detected (for example, an internal department/group email address).

Once activated and configured, sensitive data detection will scan all pages matching the chosen criteria and display any detected data to admins in the Sensitive Data Search. This is mission control for any sensitive data detected by Compliance for Confluence.

Sensitive Data Search (zoomed in).png

You’ll notice that each of the detections will display the data type (e.g. credit card number), the Confluence page and the space it was detected on (hyperlinked for easy access), the page author, and the date and time this data was detected.

 

What types of sensitive data can be detected?

The all-important question :wink:

This is the first version of sensitive data detection so we’re starting out small and will increase the number of available detection types over the coming months.

As of now, sensitive data detection can detect four different types of data:

  • Email addresses

  • Credit card numbers

  • Telephone numbers

  • Usernames

For more information on these data types and how to activate them in Compliance for Confluence, check out our Data Detection Types guide.

It’s worth noting that sensitive data detection has been designed to reduce the number of false positive detections so that you can be laser-focused on the real areas of risk. For example, only valid credit cards (matching recognized formats) will be detected. Simply adding a string of numbers that match the length of a credit card number to a Confluence page will not trigger the detection in Compliance.

You can also exclude specific phrases or data types from being detected, which should reduce the number of false positive results.

 

What does the future hold for sensitive data detection?

Aside from expanding the number of available data detection types, we will be introducing enhanced reporting, notifications, and automation capabilities to make the process of identifying and acting on any sensitive data in Confluence more efficient.

This is the first step in our journey with this exciting new feature and we are always keen to hear feedback, so please let us know your thoughts!

 

Want to see Compliance and sensitive data detection in action?

You can get a free 30-day trial of Compliance for Confluence via the Atlassian Marketplace or book a demo call with our team to see Compliance in action :v:

1 comment

Comment

Log in or Sign up to comment
Tim Eddelbüttel
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 23, 2023

I really like the idea of the app and for on-premise I wouldn't see any issues because "sensitive data" is processed locally. But for Cloud, as Connect app finding & reporting sensitive data means also storing them somewhere to output the values inside "detected data".

The use-case is totally valid, but the underlying app frameworks makes it complicated :/ 

TAGS
AUG Leaders

Atlassian Community Events