Confidential and personal content

I need to create some content which can be kept confidential as it contains highly personal information. I'd like to use Confluence OnDemand - because I use it for publishing company content and like it a lot.

I know that in theory I can use permissions to restrict some content to specific users. But I am afraid:

  • Making a mistake while posting and exposing personal information to the wrong users
  • Administrators being able to see the content. I don't think they would do it maliciously, but might stumble on the content while (say) trying to fix a permissions problem.

So, I am currently planning to set up a completely separate Atlassian account for the confidential content. Anyone have a better idea? Is anyone using Confluence with (for example) HR content which includes salaries and payroll data? (This is not the content I need to create, but it has similar sensitivity.)

Also, if I do set up a second Atlassian account will those users (including myself) using both the main company account and the separate confidential account have problems using the same email address for two accounts?

2 answers

1 accepted

This widget could not be displayed.

Even with restrictive permissions set, it's possible for your administrators to download a full site backup (which would include your data). I think creating your own OnDemand instance is the better option.

There's no problem using the same email address when creating your OnDemand instance (i.e. using your Atlassian ID account) as with a user profile on an existing OnDemand instance created from a different Atlassian ID account. Currently there is no connection between user profiles on an OnDemand instance and Atlassian ID accounts used to manage OnDemand subscriptions. (This may change in the future, but even if it does we'll be sure to support this.)

As Lucas mentioned, there's always an element of risk involved in putting sensitive data up online. Ultimately you need to use your own judgement on the convenience/security balance.

Thanks Michael. I had already created a trial instance and not encountered any problems with the same email accounts being used in different instances. With your reassurances I will go ahead and convert the trial to permanent.

As for the "risk of online". I disagree with Lucas about not storing data in any online system. Paper records kept at home or in the office are vulnerable. But paper records kept in a bank safe deposit box are much more secure/private. Electronic records kept at home or in corporate systems are vulnerable. But electronic records kept on some cloud systems are more secure/private. Banks maintain much better governance of their safe deposit boxes than most people have in their homes or in their corporate IT (fire protection, physical security, private and public physical keys both needed to open the box, no bank "administrator" who can open and look at all the contents of every box). By analogy, the best cloud services have far better governance than most people can create and maintain in their homes or offices (multi-layer backup/recovery, very high levels of encryption, service administrators unable to decrypt data, multi-level authentication which is enforced). I'm not saying many online services are this good today; but I do believe that we are already in an era where the best place to put your paper will is a bank safe deposit box and the best place to put your electronic will is a carefully chosen online service.

This widget could not be displayed.

Hi Keith,

Create a separeted OnDemand issue solves in part the confidentiality issue. However, didn't solve the fact that any privileged user can open the permissions or even copy the content and put it into another, exposed, place. If you have real concerns about security, simply don't store the delicate content in any on line system, even behind your own firewall.

Cheers,

Lucas

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

481 views 6 6
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you