The Atlassian suite makes remote collaboration easy and efficient for distributed teams. Confluence, one of Atlassian’s best known and widely used apps, is a flexible and customizable wiki solution that can host almost anything for a company. From software documentation and process docs to hosting meeting notes and project plans, the possibilities for what your team can do in Confluence are endless.
Unfortunately, collaborative editing capabilities and always-on availability introduces data security vulnerabilities in cloud apps. Confluence carries a high risk of data exposure — and it’s not easy to tell where the risk occurs or how to approach a solution. Data loss prevention (DLP) is the best way to find and protect sensitive information in Confluence. Currently, Atlassian does not offer a native DLP solution, so Confluence users must find other ways to protect their data within the platform.
Nightfall created DLP for Confluence to help security leaders find the data that’s at risk of loss or exposure and provide solutions for protecting that data while maintaining the freedom to collaborate and create in the space. Here’s what you should know about protecting your data in Confluence with Nightfall.
Complex use cases require a customizable solution
One of the biggest challenges for protecting data in Confluence is the myriad use cases for the platform. Since teams can do almost anything in Confluence, like hosting internal customer information databases or serving as a documentation hub for IT teams, securing content is not a “one size fits all” solution.
Data security begins with detecting and classifying the data at risk within Confluence. Security leaders looking to add DLP to Confluence should know that specific requirements will vary per industry. Nightfall DLP for Confluence excels in protecting data across multiple industries with our 150+ machine-learning trained detectors. Here are a few example use cases of how Nightfall DLP protects industry specific data with our detectors:
- For Confluence users in the hospitality industry, customers’ personally identifiable information (PII) can be exposed without proper security measures in place. information like rewards numbers, email addresses, and phone numbers are at risk of exposure if a hotel uses Confluence spaces and pages to host that information for internal use and sharing. Hospitality industry leaders should take note of what’s at stake for this type of breach: In 2020, Marriott had to pay a £18.4 million fine for a data breach that exposed seven million guest records in the UK.
- Healthcare data security often requires that SaaS platforms adhere to HIPAA compliance in sharing, transmitting, and storing patient data. Nightfall DLP provides HIPAA compliance in Confluence by safeguarding against the inadvertent storage of protected health information (PHI) within the app. Our detector set includes data like ICD10 codes and FDA drug names, which when combined with other PHI like patient names and email addresses, can lead to a serious HIPAA violation if the data were to leak outside Confluence.
- The financial services sector is another highly regulated industry that benefits greatly from using DLP for compliance. Bank routing numbers can easily be exposed within Confluence spaces or pages, even with proper permissions settings in place. Without DLP to secure financial PII in Confluence, organizations are at risk of falling out of compliance and exposing customer data. Nightfall DLP for Confluence protects this data with our detectors specifically built for the financial services industry, like SWIFT and IBAN codes.
- Confluence is a popular platform for hosting documentation and other important information for product and engineering teams. Just like any other SaaS platform these teams use, it’s important to identify and secure credentials & secrets in Confluence. API keys, randomly generated tokens, and other sensitive information that could appear in communications, onboarding info, or test data among the engineering team in your organization must be protected via DLP. Nightfall allows you to configure detectors to find secrets and keys anywhere in Confluence, so you can identify and remove secrets or test data that pose a DLP risk.
Managing data protection amidst strategic company events
Some use cases for adding DLP to Confluence are more general than industry-specific needs. When making large changes that impact the entire company, like merging or splitting business units, it’s important to consider how the data will be shared, separated, or otherwise managed differently in the new business structure. How you move, add, and delete content in Confluence between spaces and pages as you restructure the business directly impacts the data that lives in the platform. DLP is imperative for a smooth, safe transition with data security in mind.
Another major reason for including DLP in your Confluence data protection strategy is ensuring that data stays secure when migrating from on-prem to the cloud. Taking your entire data stores from one source to another is a big job, especially when it comes to keeping the data secure from leaks or landing in improper channels. Moving into the cloud without a plan to secure data can cost your business a lot: potential fines, lost revenues, time and resources spent to resolve the problem, and loss of trust from customers.
DLP helps security leaders find potential data exposure events much earlier in the process of sharing, moving, or collaborating on information and data. Keeping Confluence secure with Nightfall DLP is the first step to safer overall cloud operations.
Fully customizable DLP in Confluence with Nightfall
DLP is essential for protecting data in Confluence. Nightfall offers the most configurable and robust DLP solution for Confluence, enabling infosec teams at companies of any type and size to flexibly scan Confluence content for DLP risk in a way that suits their business’s unique needs. With Nightfall DLP for Confluence, you can:
- Apply different DLP policies to different spaces and pages. Prioritize critical violations to find the data you need most, and make your scans much easier to manage.
- Scan for unstructured data in Confluence with optical character recognition (OCR). It’s impossible to tell what unstructured data is hiding in images and other file types without DLP scanning everything that lives in Confluence. Companies trying Nightfall for the first time have been surprised by some of the unexpected findings from these OCR scans.
- Connect detectors to create more focused reporting. Get more accurate results with the power of “and” scans — as mentioned above, one piece of PII or PHI on its own may not be a concern. But piecing a name, an address, and a bank routing number together in one scan adds much more value to a security team looking for critical gaps in their cloud data protection.
- Implement compliance coverage across the entire platform. Nightfall supports many of the most common compliance regimes like HIPAA, PCI-DSS, and more.
- Look for anything you need, from any time, in any corner of Confluence with fully customizable settings within the Nightfall dashboard. Run time-bound historical scans to manage the Confluence content you’ve amassed, and view context-rich results with links to violations to target remediation efforts. Prioritize and phase your DLP clean up process by specifying date ranges, choosing detectors, and setting confidence and minimum findings thresholds.
Content exposure risk no longer has to be a mystery for Confluence users. DLP allows you to keep the flexible collaboration your teams need while maintaining the highest levels of data security. With Nightfall AI, you can protect sensitive data in Confluence without sacrificing the speed and ease of use that made the platform a must-have for distributed workforces around the world.