Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Auditing a confluence page for privacy and security?

Maryam Zaidi
Maryam Zaidi November 16, 2024

Hi

 

I would like to audit confluence page and its spaces to make sure its in compliance and have adequate security. I have never done this below and would appreciate if someone guide me. Thank you!

 

Best Regards,

Marium

Answer
Watch
Like Be the first to like this
363 views

4 answers

2 accepted

4 votes
Answer accepted
Nikola Perisic
Nikola Perisic
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 16, 2024

Hi @Maryam Zaidi 

To add to @Rilwan Ahmed , you can check this page here: https://community.atlassian.com/t5/Confluence-questions/Audit-Confluence-pages-and-security/qaq-p/1312095

 

Also this one: https://www.atlassian.com/software/confluence/security

This is where Atlassian Guard comes into place. With audit logs, you can see who has created the pages, who has edit them and more. Premium version also allows for Atlassian guard to detect the sensitive data that has been added for your pages and imideately sends you the alerts.

View More Comments
Maryam Zaidi
Maryam Zaidi November 17, 2024

Hi Nikola,

Thank you for taking the time and responding to my queries. I wanted to make sure our there is no risks of data breach as I am trying to help my friend who owns a very small business. Appreciate your and Rizwan's guidance. Let me know if I should check anything else. Thank you!

 

Best Regards,

Maryam

Like
Nikola Perisic
Nikola Perisic
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 18, 2024

Hi @Maryam Zaidi 

In fact there is. I would also recommend verifying your domain so only the users from that domain are trusted. This would require Atlassian Guard. Also you would like to limit the API calls for your Confluence pages.

Like
Reply
2 votes
Answer accepted
Rilwan Ahmed
Rilwan Ahmed
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 16, 2024

Hi @Maryam Zaidi ,

Welcome to the community !!

If "adequate security" is restricting users from accessing any confluence space or page, then you need to apply changes in both sections. 

1. Go to your confluence space --> Space settings --> Space access
Grant access and access level to required users and groups only.

image.png

2. If you want to restrict only a particular page, then go to page --> restrictions and you can grant edit and view access.

image.png

View More Comments
Maryam Zaidi
Maryam Zaidi November 17, 2024

Good morning Rizwan,

I appreciate your response. I wanted to make sure our confluence pages do not have any sensitive information such as PII, CVS and passwords etc. I wanted to make sure there is no risks to data breach. I am new to confluence business and making sure our pages are protected. My friend has a small business and I am trying to help her. Appreciate your guidance. Thank you!

 

Best Regards,

Maryam

Like
Rilwan Ahmed
Rilwan Ahmed
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 18, 2024

@Maryam Zaidi ,

If you want to search the sensitive information in confluence instances, then you need to run the text search for keywords like 'password' etc. and go to each page and look if someone has shared the password or not. 

Sample screenshot: 

image.png

Like
Reply
5 votes
Andrei Pisklenov _Actonic_
Andrei Pisklenov _Actonic_
Atlassian Partner
November 20, 2024

Hi Community,

I’d like to share a quick checklist for ensuring space security in Confluence Cloud. This checklist addresses the latest features introduced over the past few years and aims to answer the question: “Is the data in my Confluence Cloud space secure?”

The items in this list are not ranked in any particular order - they’re all equally important. To review and implement these security measures, navigate to Space SettingsSpace Access and go through the following points step by step:

  1. Users
    Avoid assigning permissions directly to individual users unless absolutely necessary. This is a rare scenario, as most permissions can - and should - be assigned via groups. Ideally, aim to keep the "Users" list empty (except for app users that are required for specific functionalities).

  2. Groups
    Include only the groups that absolutely need access to the space. Follow the "principle of minimal privilege" by granting the minimum level of access necessary. For spaces with sensitive data, avoid using broad or uncontrolled groups like "all-company-users".

  3. Guests
    Refrain from granting individual access to external guests for the same reasons as with individual "Users." It’s best to manage access through controlled groups.

  4. Anonymous Access
    This should always be disabled - no exceptions. Allowing anonymous access poses significant security risks.

  5. Public Links
    Disable this feature as well. Even if you have carefully controlled access for users, groups, and guests, enabling public links allows any contributor to share your content with the entire internet. I recommend disabling public links for the entire instance to eliminate unnecessary risks and maintain full control over your data.

If you'd like to check for the presence of credit card numbers, SSNs, or other PII (Personally Identifiable Information) in your Confluence spaces, consider using a solution specifically designed for this purpose: https://marketplace.atlassian.com/apps/1219041/data-protection-security-toolkit-confluence-dlp 

Reply
0 votes
Barbara Szczesniak
Barbara Szczesniak
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 18, 2024

@Maryam Zaidi Your question made me remember a post related to PII. I did a little searching, and it turns out that it was related to a 3rd-party app. Not sure if it will help, but see this post: https://community.atlassian.com/t5/App-Central-discussions/Enhance-Your-Data-Security-with-Data-PII-Scanner-for-Confluence/td-p/2725144 

View More Comments
Maryam Zaidi
Maryam Zaidi November 22, 2024

Thank you so much!

 

Best Regards,

Maryam Zaidi

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events