Confidential and personal content

Keith Manning November 7, 2013

I need to create some content which can be kept confidential as it contains highly personal information. I'd like to use Confluence OnDemand - because I use it for publishing company content and like it a lot.

I know that in theory I can use permissions to restrict some content to specific users. But I am afraid:

  • Making a mistake while posting and exposing personal information to the wrong users
  • Administrators being able to see the content. I don't think they would do it maliciously, but might stumble on the content while (say) trying to fix a permissions problem.

So, I am currently planning to set up a completely separate Atlassian account for the confidential content. Anyone have a better idea? Is anyone using Confluence with (for example) HR content which includes salaries and payroll data? (This is not the content I need to create, but it has similar sensitivity.)

Also, if I do set up a second Atlassian account will those users (including myself) using both the main company account and the separate confidential account have problems using the same email address for two accounts?

2 answers

1 accepted

2 votes
Answer accepted
Michael Knight
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 11, 2013

Even with restrictive permissions set, it's possible for your administrators to download a full site backup (which would include your data). I think creating your own OnDemand instance is the better option.

There's no problem using the same email address when creating your OnDemand instance (i.e. using your Atlassian ID account) as with a user profile on an existing OnDemand instance created from a different Atlassian ID account. Currently there is no connection between user profiles on an OnDemand instance and Atlassian ID accounts used to manage OnDemand subscriptions. (This may change in the future, but even if it does we'll be sure to support this.)

As Lucas mentioned, there's always an element of risk involved in putting sensitive data up online. Ultimately you need to use your own judgement on the convenience/security balance.

Keith Manning November 12, 2013

Thanks Michael. I had already created a trial instance and not encountered any problems with the same email accounts being used in different instances. With your reassurances I will go ahead and convert the trial to permanent.

As for the "risk of online". I disagree with Lucas about not storing data in any online system. Paper records kept at home or in the office are vulnerable. But paper records kept in a bank safe deposit box are much more secure/private. Electronic records kept at home or in corporate systems are vulnerable. But electronic records kept on some cloud systems are more secure/private. Banks maintain much better governance of their safe deposit boxes than most people have in their homes or in their corporate IT (fire protection, physical security, private and public physical keys both needed to open the box, no bank "administrator" who can open and look at all the contents of every box). By analogy, the best cloud services have far better governance than most people can create and maintain in their homes or offices (multi-layer backup/recovery, very high levels of encryption, service administrators unable to decrypt data, multi-level authentication which is enforced). I'm not saying many online services are this good today; but I do believe that we are already in an era where the best place to put your paper will is a bank safe deposit box and the best place to put your electronic will is a carefully chosen online service.

0 votes
LucasA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 7, 2013

Hi Keith,

Create a separeted OnDemand issue solves in part the confidentiality issue. However, didn't solve the fact that any privileged user can open the permissions or even copy the content and put it into another, exposed, place. If you have real concerns about security, simply don't store the delicate content in any on line system, even behind your own firewall.

Cheers,

Lucas

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events