Security and Compliance in Data Center

Hey there, Government Community, do you feel like your programs are scaling, but your security isn’t? We know that security and compliance are some of the most important features your software can offer, which is why we purpose-built our Data Center offerings to ensure your teams have the tools they need to reach your security goals. To help you take full advantage of these features, I’m going to share a few posts here in the Government Community highlighting Data Center-specific features that your team can leverage to enhance your security and compliance.

Check back in a bit to learn more about advanced auditing, which helps you securely store and analyze your team’s data. Later, I’ll cover other topics like rate limiting, allowlist blocklisting, and user management capabilities, so be sure you’ve joined this Government Community group (click here and click the blue join button if you haven’t already!) to get updates about new posts.

What questions would you like to see answered about Data Center’s security and compliance features? Do you have a favorite Atlassian tool for strengthening security you’d like to share? Drop your questions below and I’ll wrap up this series with a Q&A post answering your queries!

5 comments

Comment

Log in or Sign up to comment
Mark Thomas January 24, 2022

I'll bite. My current compliance headache is Records Management. Will there ever be records management features built into Atlassian products, particularly Confluence? Our records manager currently rates Confluence as poor with respect to this capability. For example, identifying/labeling content as a record, managing records retention periods, disposition reviews, proof of record deletion, etc. My agency has been hesitant to bring in Confluence because of the difficulty of meeting NARA requirements. 

Like # people like this
Mel Policicchio
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 26, 2022

Hi there, @Mark Thomas thanks for your question and apologies for the delayed response. I've taken your question to our team and they'll share any available insight here!

Ken Urban
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 27, 2022

Hi @Mark Thomas ,

Thats a great question. Have you submitted a feature request? While NARA is government specific I bet other industries may also find such tooling interesting. 

In my experience (10 years in DoD as a civilian) we had to take a varied approach. For example one set of spaces were IT system records and those were only to be retained for two years post a system being shut off. For that we archived the spaces related to those systems and retained them until the date has expired.

Thats just one example out of many. Custom user macros that automatically create labels can help in labeling content - of course you will want to have a well defined lexicon of labels.  Think something like this:  https://docs.servicerocket.com/scaffolding/user-guide/intermediate-tutorials/adding-labels-to-pages-automatically. If you are a scriptrunner user you can manage labels in bulk as well.

Something like https://marketplace.atlassian.com/apps/123/better-content-archiving-for-confluence?hosting=datacenter&tab=overview could help with automatically expiring pages or flagging them for review etc. And if you want a workflow for pages https://marketplace.atlassian.com/apps/142/comala-document-management?hosting=datacenter&tab=overview is very popular.

Also analytics for confluence can help you identify old/out of date or unused pages. 

Oh also:  Proof of deletion can be found in the audit log. 

I hope that helps give you some ideas.

Like # people like this
Mark Thomas February 15, 2022

Thanks @Ken Urban , this is useful information. The better content archiving add-on would be helpful. It reduces the value proposition though. We have to go with Data Center and so the minimum for Confluence and add-ons is 500 users, even though that's way more than we need as a small agency. The price per user gets quite high.

Ken Urban
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 15, 2022

@Mark Thomas I understand completely - is your agency working with one of our Enterprise Advocates (EA) yet? It might be worth having a conversation with the EA around that topic. 

TAGS
AUG Leaders

Atlassian Community Events