/
Security App for Confluence || Existing App Feature

Security App for Confluence || Existing App Feature

Owned by Naveen Kumar C
Last updated: Nov 26, 2024
2 min read

Overview

Sensitive information, such as access keys, passwords, and API keys, can inadvertently be stored in Confluence pages or blog posts, exposing organizations to significant security risks. Without built-in mechanisms for detection, sensitive credentials can fall into the wrong hands, leading to privilege escalation and severe consequences.

Security for Confluence addresses this critical gap by integrating seamlessly with Confluence to detect and manage sensitive information. It empowers organizations to protect their data by scanning spaces for sensitive content and providing tools to prevent its storage.

Key Features

1. Comprehensive Space Scanning

  • Trigger scans for:

    • Individual spaces.

    • All spaces (administrator access required).

  • Analyze pages, blog posts, and attachments for sensitive information.

  • Identify risks early to mitigate potential security breaches.

2. Built-In Detection Rules

  • Preconfigured patterns to identify common sensitive data types:

    • API keys (e.g., AWS, Azure, Google Cloud).

    • Access credentials (e.g., passwords, SSH keys).

    • Private keys and tokens.

  • Continuous updates to rules for emerging threats and new patterns.

3. Customizable Detection Rules

  • Create organization-specific scanning rules with regex patterns.

  • Apply rules globally or to specific spaces.

  • Test and validate custom rules to minimize false positives.

4. Security Dashboard

  • Centralized dashboard for managing and viewing scan results.

  • View detailed findings, including:

    • Identified sensitive content.

    • Locations (page, blog post).

    • Severity levels and remediation steps.

5. Compliance and Security Standards

  • Helps organizations demonstrate compliance with:

    • GDPR (General Data Protection Regulation).

    • HIPAA (Health Insurance Portability and Accountability Act).

    • ISO 27001 (Information Security Management).

  • Simplifies audits with documented detection and remediation activities.

 

 

image-20241126-060657.png

 

image-20241126-060715.png

 

Compliance Support

The tool aids compliance with major security standards by:

  • Proactively detecting and preventing sensitive data storage.

  • Maintaining logs and reports for regulatory audits.

  • Providing continuous security improvements through customizable rules.