There are 2 main functionalities provided by the Compliance for Confluence Server/Data Center App, which both help companies understand the data they store.
Data classification requires tagging data being stored to make it easily searchable, trackable and more efficiently protected.
At a basic level, this involves defining a number of classification levels and assigning these to pages, clearly displaying the level on the page.
In order to secure the data, your organisation should also restrict who can access pages of a certain level (or clearance).
Compliance for Confluence lets administrators customize each level's name, description and color.
The App can either operate in an ad-hoc or forced mode for the users:
- Ad-Hoc - Users can set a pages' classification at their leisure from the top of any page.
- Forced - Users must set the classification level on creating or updating a page (if it doesn't already have a level).
When a page has been classified as a certain level, it is clearly displayed on the top of the page (or a macro), alerting anyone viewing the page about data handling procedures with the particular content (e.g. whether it is public or internal only).
The App, depending on the Space-level configuration allows Space administrators to set which users/groups can view pages of a certain level.
The following diagram shows an example of a government security classification policy showing varying amounts of levels:
Compliance for Confluence displays these levels clearly at the top of the page and also contains descriptions whenever setting the level:
Setting these levels can be done from the top of the page:
Sensitive Data Detection and Automation
Your organisation should also be aware of what data is being stored within these pages, to ensure that the security policy is being followed.
This includes data such as credit card numbers, national identity numbers, email addresses, IP addresses or other data like Sort Codes.
Using an automated sensitive data detection system lets you identify sensitive data in the data library with a high level of confidence.
In large Confluence instances it is difficult to track if/where this data is being stored.
Companies who leak sensitive data can be fined by regulators and so it is essential that you have an effective data detection system on your enterprise systems.
Compliance for Confluence provides a mechanism of detecting sensitive data using regular expressions, which can detect text which conforms to a certain pattern. The App comes with several pre-installed patterns ready to be enabled and scanned for on pages as well as the ability to create your own patterns.
The process followed is as follows:
Page Created or Updated (Real Time Scan)
On Demand Scan
Create Searchable Records
Perform Automation Rules (Beta)
This gives the tool the flexibility to analyze the content on your system and respond appropriately, as well as making it easy to find pages with particular types of data on them.
The Automation feature allows you to set the Classification Level of a page based on the data found in the page, get an email when particular data is detected, label the page or redact the text in question, across all page versions or across the entire system, or Space.
Automation is a beta feature that is not included in the initial version of the product.
Viewing Sensitive data, depending on the settings defined by the administrators can be done from the Page, Space and Admin level:
Browsing is also supported, as well bulk changing on pages containing certain information: