Blogs

3 min read

Mitigate Risk with Secure Content for Confluence

Jun 26, 2018 11:00:00 AM

Sensitive information and the security of that information is becoming increasingly critical for organizations across the globe. GDPR, PHI, HIPAA, PCI, and other sensitive information legislation has had a profound effect on what information can be stored where and who can access this information. At the same time, the need for centralization and collaboration for disparate teams has also increased. At Praecipio Consulting, we believe balancing the need for security with collaboration is a critical concept in content management. Secure Content for Confluence Server and Data Center helps users store and manage sensitive information while balancing Confluence's powerful content collaboration. 

As the number of users and amount of content begins to grow in Confluence, security becomes almost impossible to manage. As teams are encouraged to collaborate, the need to protect sensitive information such as passwords, data, reports, etc. also grows. While restricting pages can be a solution to protecting sensitive information, the ability to scale Space or Page content restrictions becomes impossible. Manual intervention from a Confluence or Space Administrator is required or, in the worst case scenario, sensitive information is unintentionally exposed putting the organization at risk. The more the users use Confluence, the more challenging content organization becomes. Without the use of the Secure Content macro, we've seen teams use page restrictions, complex page trees, page or excerpt include macros to manage confidential information. The downside to this approach is the lack of structure it creates inside of Confluence. If there are several restricted pages created separately from the page discussing the primary topic, not only does this make the content severely disorganized, it introduces an unnecessary risk of accidental exposure of sensitive information. In order to prevent clutter inside Confluence spaces and mitigate risk, Secure Content protects sensitive information inside the relevant page eliminating the need to create or reference additional pages. 

Secure Content for Confluence Server and Data Center can mitigate this risk with its inline content encryption and robust, yet flexible, permissions. To ensure content is only visible to authenticated users, Secure Content blocks are encrypted before being stored in the database and are only decrypted when an authorized user provides their Confluence credentials. The Secure Content block evaluates the password and if it matches the user's Confluence password, it will authorize the user to either read or read and edit the content inside the block. Additionally, Secure Content uses symmetric AES encryption with a key that is determined when the plugin is first installed. This key is inaccessible even if a user has access to the Confluence Database itself. 

In addition to the encryption functionality, assigning permissions for a Secure Content block helps the owner of the block manage the visibility of each user or user group. There are two conditions that must be met before content is decrypted and displayed for a user or group. First, the user/group must successfully be authenticated using their Confluence password to access the block. Second, the user/group must have permission to read/edit content in the block. Aside from the owner of the block, who will always have read/edit permissions, both conditions must be met to give users entry into the protected content. 

Every Secure Content block is assigned a key. A Secure Content key is a self-made unique identifier that allows users to add the block on different pages with the same properties as the original block. This is especially useful for organizations that have hand-offs between teams. For example, an operations team may provide 24/7 support for their internal or external customers. During an incident, credentials to access or reboot a system can be easily shared in a central location and perpetuated to both business-hours operations personnel and off-hours operations personnel. This prevents sharing of credentials through unencrypted channels such as text message or email. It also prevents duplication of effort, allowing users to spend more time troubleshooting and resolving the issue. 

Combining security and collaboration, Secure Content for Confluence Server and Data Center is the perfect solution to managing sensitive information while leveraging the powerful collaboration abilities in Confluence. It relieves the administrative burden of managing Space and Page restrictions and mitigates the risk of exposure of sensitive information. It allows organizations to maintain an organized content structure without compromising the security of critical systems or personnel. Secure Content makes managing sensitive content inside Confluence organized and protected. Try it free from the Atlassian Marketplace here

If you run into issues with your Secure Content macro, please contact support@praecipio.com for troubleshooting help or information on Secure Content. 

Upcoming Webinars

Past Webinars

Case Studies

Blog