Protecting data when migrating Confluence and Jira from on-prem to cloud

Chris Martinez
May 27, 2021
Protecting data when migrating Confluence and Jira from on-prem to cloudProtecting data when migrating Confluence and Jira from on-prem to cloud
Chris Martinez
May 27, 2021
On this page

Atlassian made a big splash in cloud SaaS news when they announced that the company would stop selling new on-prem server licenses as of February 1, 2021. Upgrades of existing server licenses will continue to be available through the third quarter of 2022. Impacted services include Jira Software Server, Jira Core Server, Jira Service Desk Service, Confluence Server, Bitbucket Server, Crowd Server, Bamboo Server, Atlassian-built apps, and Atlassian Marketplace server apps. These moves come ahead of Atlassian’s 2024 end of life for on-prem server support.

This means that now is the time to move your Atlassian services to the cloud. As you migrate your data from on-prem to cloud, data loss prevention (DLP) is essential to ensuring a safe transition and management of information and documents to Atlassian’s cloud infrastructure, by identifying and remediating sensitive information. Migrating from on-prem Atlassian servers to Atlassian’s cloud services without DLP can put information at risk of exposure or loss, which will cost your organization time, money, and trust from customers.

Get to know the risks that can threaten sensitive information when moving to the cloud, what’s at stake in an exfiltration event, and how Nightfall’s cloud-native DLP can protect your information during this cloud migration event.

Exfiltration risks rise as you move data to the cloud

Atlassian’s cloud-first solution for enterprises delivers unlimited instances for each customer. This can introduce a lot of risk for teams who want to implement instances for each different function or department. As adoption rises for cloud editions of Jira and Confluence, infosec teams must ensure safe and compliant data migration to each new instance. Then, each instance must be secured properly once the data makes it to its new home.

Two major problems that contribute to security incidents during cloud migration are haste and lack of oversight. Atlassian’s big announcement was driven by the company's focus to delivering a world-class cloud experience and also likely influenced by the rapid shift to remote work in the COVID era. As we all learned this past year, cloud adoption was necessary but not without its challenges. Every organization working with SaaS apps had to rapidly respond and plan for cloud security strategy, from individuals working from home to entire infosec teams suddenly tasked with prioritizing data protection for distributed workforces. Without much guidance on how to approach this the right way, and no time to learn, cloud adoption often left security knowingly exposed with an accepted level of risk (or implicitly trusted it to the cloud vendors).

Almost 60% of companies say they are more worried about security since moving to cloud-native technologies, and companies with high cloud adoption rates experience incidents with their cloud systems like failed audits 21% of the time and secrets leaks 18% of the time. Even a year into the new normal of remote work, security incidents in the cloud remain a problem. An information security approach with DLP for SaaS applications reduces the risk of sensitive data leakage. To see the value of DLP for Atlassian’s Confluence and Jira, it helps to understand what’s at stake in the unfortunate event of a data breach.

Atlassian's Confluence and Jira are treasure troves for sensitive data

The April 2021 Codecov hack is expected to have resulted in hundreds of networks being compromised. Atlassian is among the almost 30,000 Codecov customers potentially exposed in this attack. While Atlassian’s investigation of the incident has yet to find evidence that the company's servers were impacted, the hack has shaken up the infosec world. Anything in the cloud could be at risk when a hack hits, so it’s essential to have a strong security system in place that includes prevention and remediation to reduce harm and keep systems running safely.

Specific applications within the Atlassian suite can also be a vector for data loss. A Jira authorization misconfiguration exposed several Fortune 500 companies, leaving corporate data and personal information potentially exposed. A misconfiguration in Jira’s Global Permissions settings was the culprit. Always check your settings when creating and sharing information in Confluence and Jira — the settings for visibility are set to “all users” by default. In this case of the Jira exposure, private information meant to be shared internally instead was shared globally. 

Human error is likely the hardest problem to solve. The last year has been a stressful and trying time for everyone. As we try to make the best of things and retain some sense of normalcy, things will slip through the cracks. Mistakes will be made. That’s why an automated DLP solution is a great investment for companies to secure their Atlassian apps, especially when completing the mandated move to the cloud.

Nightfall is the only cloud-native data protection solution for Confluence and Jira 

DLP helps reduce data exposure risk in the Confluence and Jira by showing you what’s in your Confluence pages and spaces, as well as issues, attachments and comments in your Jira instance. It’s impossible to protect what you can’t see. Nightfall is the first and only cloud-native DLP solution for both Confluence and Jira that discovers, classifies, and protects sensitive data with unparalleled accuracy. Knowing your data exposure risk is the first step to protecting the essential data that lives there.

Nightfall DLP for Confluence and Jira will help you manage your risk as you complete the required Atlassian cloud migration. With Nightfall’s historical scanning, you can clean up your virtual house by identifying and removing sensitive data before you inadvertently keep it in the cloud.

Get to know what Nightfall can do for finding and protecting data in Confluence and Jira:

  • Detect 150+ types of PII, PHI, PCI, credentials & secrets, and more with Nightfall’s machine learning-trained detectors 
  • Scan 100+ attachment file types, including unstructured data via machine learning-based optical character recognition (OCR)
  • Discover sensitive data across your Confluence spaces (including personal spaces), pages, blog posts, attachments, comments and archived items
  • Find data that needs to be secured within Jira software apps
  • View context-rich scan results with direct links to the violations, for streamlined remediation efforts
  • Create flexible DLP policies for targeted scans that point to critical violations

Atlassian has a checklist to prepare for your cloud migration. It’s a great start and will help you understand what’s in your Confluence and Jira that needs to be secured during and after migration. As you migrate to the cloud, add Nightfall DLP for Confluence and Jira to make the journey smoother. Schedule a demo with us today to learn more.

Nightfall Mini Logo

Getting started is easy

Install in minutes to start protecting your sensitive data.

Get a demo