Backups and attachments
It is ideal for audits, or for regular checks to ensure that organisations are not holding unauthorised data.
We live in a time where GDPR, personal identifiable information and sensitive data are much more than just buzz words. They are (or should be) very serious considerations for every company that uses and relies on IT systems... which is almost every company!
One security breach could leave your company vulnerable not only to loss of data and viruses, but also the embarrassing and possibly damaging need to explain to your customers/clients how their personal identifiable information came to be vulnerable. Especially if you thought that information had already been properly processed and removed from your systems.
However, with on-site and cloud systems that can run into gigabytes, terabytes or even more, plus the added complication of file attachments, how can you be sure that you have found and processed every item of PII? It is not unknown for Keys and Passwords to be included in Jira Issues and Confluence pages.
Not only can we find instances of PII within your system - including inside any attachments, and in your Jira and/or Confluence backups - we will show you the location of the the offending data and even categorize the data so that you can process the most serious items first.
Checking your systems for sensitive data and PII shouldn't be a one time deal. We recommend that you not only schedule regular PII Scans in order to keep on top of things, but also adding in extra scans before uploading/backing up to the Cloud or before transferring your data to another third party.
Regular scans can also help you identify patterns in how data is being used and saved by your employees. This can help Team Leaders and Managers discover weak links in the flow of PII within your company.
When migrating your internal Jira/Confluence server to the Atlassian Cloud, this a great time to check that your current instances don’t contain sensitive/inappropriate data, before they are moved outside of your organisation.
As we need to have access to your data, it's understandable that you may be concerned with how we handle and store your data during and after the process.
Our PII Service can be run on site, behind your own firewall. This may be the only option for businesses with the strictest security requirements or concerns.
All of your data is held securely on a dedicated AWS Cloud instance. The default region is UK as that is where we are based but we can also run in whichever region you require. Plus all your data is deleted once the process is complete and you are satisfied our part is finished. Lastly, you retain full, permanent control over deleting the results.
We take backups of your Jira and Confluence instances, scan them and give you the results. This can be done as a one-off, for example in advance of migrations, or it can be run on a regular basis to monitor for new PII being introduced.
Your data can remain on-premise, behind your firewall or can be processed in a secure AWS instance in a region of your choosing.
As Atlassian Solution partners, we often get asked how Atlassian approach PII, HIPAA, DGPR and sensitive data as a whole in products like Jira and Confluence. Atlassian do take security extremely seriously, to ensure that customer data is protected.
Below, we break down and give simple answers for those queries.
It is Atlassian’s customers who store data in Atlassian’s services, and it is therefore customers who must make sure that they abide by PII rules, and do not store inappropriate data.
At the time of writing, in terms of Cloud services, only Jira Enterprise, and Confluence Enterprise are HIPAA compliant, and a signed Business Associate Agreement (BAA) with Atlassian will be required. Apps are not currently HIPAA compliant.
The GDPR is really about protecting the data of EU residents. It is Atlassian’s customers who store data in Atlassian’s services, and it is therefore customers who must make sure that they abide by the GDPR’s rules, and do not store inappropriate data.