Blog post

Confluence information security guide

Home    —    Blog    —    Confluence information security guide
Alex Kisliak
Posted by Alex Kisliak
September 22, 2021

Confluence is different from other knowledge management software because it’s easy to operate, while being reliable. But no one can be 100% safe from a data leak or database attack. Therefore, it is worth paying increased attention to the security of both the entire infrastructure and separate elements of your Knowledge Base.

Main risk factors

Confluence is a highly reliable solution, and we help our clients to use it to the maximum. We provide Confluence Knowledge Base integration service, ensuring their reliability, and predicting possible risks.

Still, there are common factors that can make a knowledge base unreliable, for example:

  • new data storage models are emerging, immediately falling into the risk zone;
  • insufficient level of confidentiality, when important data may be publicly available;
  • the human factor –  software developers and administrators do not pay enough attention to security (only huge providers are seriously dealing with security problems);
  • lack of information security culture in the company.

But there are general recommendations on how to secure data in Confluence, prevent possible data leaks and withstand attacks on the database.

Simple Tips for Improving Information Security in Confluence

We’ve prepared a small checklist, and want to share the best practices on information security in Confluence:

  1. Use the company’s existing Active Directory (AD) service and the LDAP with strong passwords with policies for changing them frequently. It’s also recommended not to use internal accounts in Confluence.
  2. Use 2-factor authorization, especially if you work more in spaces without anonymous access.
  3. Use different access levels for data and content by user groups: you can use already existing ones, and avoid granting individual permissions.
  4. Avoid storing critically important content (like passwords, access rights) on Confluence pages. There are special tools for this, for example, Lastpass or 1Password.
  5. The less Confluence admins you have, the better: 2-4 admins are enough.
  6. Perform content security audit on a regular basis. There is a good “What if? ” audit exercise. For example, “What is the worst thing that can happen if a user’s password was stolen while he was on vacation? How to minimize the damage?” It’s also better to know in advance who deals with all the issues  in case of a security breach.
  7. Encourage information security culture in the company.
  8. Make sure that macros that allow you to insert raw HTML parts into Confluence are always disabled by default. To work with them, you will need the permission of the Confluence administrator or the system administrator.
  9. Integrate and use only reliable addons and plugins for Confluence.
  10. Disable anonymous remote API access.
  11. Keep track of the new versions of the product itself, as well as the Java version and the database. Update as soon as new versions are available. 

A couple more additional, but simple recommendations that are often forgotten:

  1. Hide People directory;
  2. Hide users’ emails.

We believe that the corporate Knowledge Base can be the heart of your organization. Without the information and knowledge carefully collected in Confluence, it will be more difficult to provide services at the proper level and in accordance with the expectations of your customers, or to make important decisions for the company.

By following these simple guidelines, you will protect the company’s knowledge base and ensure the security and availability of data when it is needed most.

Want to implement a reliable knowledge base? Contact us, and in 30 mins we will discuss your project and offer the optimal solution for your specific case.

Other services by Polontech

Atlassian Migration Service-img-1

Atlassian migration

To Server. To Cloud. To Data Center. Server to Server. Cloud to Cloud. To Atlassian.
go to page
Atlassian Products Configuration Service-img-1

Atlassian configuration

Jira Software. Confluence. Jira Service Desk. Atlassian addons. Custom scripting.
go to page
Agile Training-img-1


Fast start. Agile. ITSM. Atlassian.
go to page
Atlassian Support Service-img-1


Technical support 24/7. Health check. Upgrade. Data protection. Managed Services.
go to page
Atlassian Installation Service-img-1


Choosing Atlassian products. Atlassian product at your service. Installing Atlassian in the cloud or server...
go to page
Agile Consulting Service-img-1


Audit. Jira Add-ons. Agile. ITIL/ITSM. User management. Team collaboration. Asset management...
go to page
Cloud Migration Service-img-1


Migration to Atlassian Cloud. Private cloud. Public cloud.
go to page
Agile Portfolio Management Service-img-1

Portfolio management

Audit. Design. Launch. Support.
go to page
Atlassian Products Licensing Services-img-1


Buying. Renewal. Managed licenses.
go to page
CI/CD Devops-img-1

CI/CD + DevOps

DevOps strategy. Commit. Build. Test. Deploy.
go to page

Use form to contact us