enhancement-hours

fixed-price-assessment

cloud-migration

devops

gdpr

test

    jira-itsm

    pii

    atlassian-solutions

    bdq-atlassiancare

    app4legal

    asana

      Solutions

      Expert consulting and managed services to help complex organisations to work flatter, faster and more dynamically.atlassian-gold-partner-300x150-1
      alm-partner-300x150
      app4legal-platinum-partner-300x150
      asana-partner-300x150
      qmetry-colour-logo-transparent-300x150

       

       
       
       
       
       
       
       
       
      SOLUTIONS HOME →

        BDQ Originals

        EEASD_for_mega_menu_150x175

        BDQMAJC_for_mega_menu_150x175

          Other products

          Atlassian-vertical-blue@2x-rgb

          Sonatype_stacked_logo_full_color_150x150


            asana-colour-clear-300x300

            app4legal-300x300

            zephyr-colour-clear-300x300

             

              Products

              Whether it's our own Atlassian Marketplace apps or the apps that we provide a value-added-reseller service for, you can trust BDQ for the best support, consultancy, training and implementation available.

              Products Home →

                Training

                • We provide high quality technology training to customers in the UK, EU and US.

                • Our customers range from small companies to multi-nationals. They all want to maximise employee productivity.

                • We listen to what our customers want to achieve, and take this into account when delivering the courses.

                home-icon-300x300Training Home →

                  Resources

                  From webinar recordings to whitepapers, case studies to blog posts. Help yourself to our free content that will hopefully inform and inspire.

                  Resources Home →
                    5 min read

                    How to find sensitive data in your Jira, Confluence & attachments

                    Featured Image

                    Have you checked Jira and Confluence for PII?

                    Sensitive data finds its way into Jira and Confluence. We are aware of passwords, AWS keys, personal identifiable information (PII), and other items finding their way into customer systems. Given that so many users in your organisation are creating tickets and writing pages, this is not surprising. Sometimes, companies have policies to prevent this - but these are on paper only. We now provide a way of checking your entire Confluence or Jira instance for sensitive data items.

                    In an age when almost everything is done or available online, collecting PII is an important part of business. Being able to identify, contact and classify customers in a reliable, repeatable way is essential to providing the kind of customer service that will keep people coming back time and again. From a legal stand point, the responsibility for protecting and processing PII does not solely fall on organisations.

                    In the European Union, directive 95/46/EC defines “personal data” as information which can identify person via an ID number, or factors specific to physical, physiological, mental, economic, cultural or social identity.

                    hacker-400x600

                    However, according to a study by Experian, 42% consumers believe that it is a company's duty to protect their personal data and 64% admitted they would be discouraged from using a company’s services following news of a data breach. Coupled with the fact that four in ten UK businesses (39%) reported having cyber security breaches or attacks in 2020 alone. This rises to almost two thirds (65%) of mid to large businesses. Experian have some great advice on how to be prepared (or as prepared as you can be) for the inevitable cyber attack, but prevention is better than cure and the more personal identifiable information you can remove from your internal systems, the fewer people you have to contact WHEN an attack happens. The alternative is - can you really afford to take a chance on loosing two thirds of your customer base over night?

                     

                    So, what can you do?

                    There are a range of options available for scanning for PII when performing security audits of your systems, but as good as they are, they can’t find sensitive data in Jira, Confluence or their associated attachments. These amazing products from Atlassian are great for work management and collaboration and are used by thousands of companies across the globe. However, there are currently ZERO services publicly available that can not only dive into your Jira and Confluence instances but their associated attachment files to locate that lost, forgotten or hidden sensitive data.

                    pii-logo-classic-300x300That’s where the BDQ PII Service steps up. As Atlassian Solution partners with Atlassian certified experts on staff, if any company was qualified to create a way to search Atlassian products for this kind of data, it’s BDQ. BDQ actually stands for “Business Data Quality” - our technical experts have a history in data quality profiling tools. This has allowed us to create proprietary technology that can not only help you identify and locate the PII in Jira and Confluence, including attachments, but it also prioritizes the results so that you can process the most critical items first.

                    As PII can not only be attained from external sources (customers) but also internal sources (employees) it is recommended that you conduct regular searches for sensitive data across your entire instance. This will help you stay on top of processing errant data and limit the scope of damage should you be the victim of a hacker. But the benefits of regular PII scans don’t stop there. It also helps to develop good habits within your company regarding regular preventative maintenance and may also assist you to identify patterns in how data is being accessed and saved by your employees leading you identify weak links in your data processing procedures.

                    In summary - we recommend repeated audits, as is it almost impossible to control what customers or users are adding into your system.

                    We also recommend that you conduct PII scans any time you transfer your data to a third party for any reason. This is especially important as you have no idea what that third party will do with your data or how their security will protect your data. Also a scan is a good idea anytime you have to perform a backup of your data or if you are planning on migrating to the Atlassian Cloud.

                     

                    cloud-migration-banner-1000x200

                    But, how does it work?

                    The service analyses the complete backup of your Jira or Confluence instance. This can be run on-prem behind your own firewall with all your own security in place or we provide your own dedicated AWS Cloud instance, hosted in the region of your choice (the default is UK). It analyses the data, logging PII items by location and severity. You can begin to eradicate the items we’ve found. You have complete control of the scan results and can choose to keep the information for further study (pattern analysis, infrastructure restructuring, etc) or you can choose to delete the results forever.

                    Our program is set up for a huge range of PII types including (but not limited to) credit card numbers, email addresses and passport numbers.

                    However, if there is a specific type of PII you would like included in your scan results, let us know and we will do our best to accommodate you.

                    Finally - if there is another source that needs checking e.g. folders and files, please get in touch.

                     


                    link-300x300

                    Useful Links:

                     
                    BDQ PII Services page
                    Atlassian Cloud Services page
                    BDQ Enhancement Hours page

                     


                     

                    Summary

                    We know that security in the digital world is a serious consideration. The other fantastic offerings out there go a long way in helping you control the level of Person Identifiable Information in your stored data. But the PII Service from BDQ is currently the ONLY solution that can scour your entire Jira or Confluence instance, on either Server or Cloud, including attachments. Plus, our service can be customized to meet your needs whether it be a variation on the type of PII or where you’d like us to search. And you get the peace of mind knowing that you are in complete control of the scan results whether they are on your own on site instance or hosted securely on a dedicated AWS Cloud instance.

                     

                    For more information, take a look at our PII Service page, or if you have further questions, please get in touch. Let’s talk about what you need.

                    Get in touch