Confluence is different from other knowledge management software because it’s easy to operate, while being reliable. But no one can be 100% safe from a data leak or database attack. Therefore, it is worth paying increased attention to the security of both the entire infrastructure and separate elements of your Knowledge Base.
Main risk factors
Confluence is a highly reliable solution, and we help our clients to use it to the maximum. We provide Confluence Knowledge Base integration service, ensuring their reliability, and predicting possible risks.
Still, there are common factors that can make a knowledge base unreliable, for example:
- new data storage models are emerging, immediately falling into the risk zone;
- insufficient level of confidentiality, when important data may be publicly available;
- the human factor – software developers and administrators do not pay enough attention to security (only huge providers are seriously dealing with security problems);
- lack of information security culture in the company.
But there are general recommendations on how to secure data in Confluence, prevent possible data leaks and withstand attacks on the database.
Simple Tips for Improving Information Security in Confluence
We’ve prepared a small checklist, and want to share the best practices on information security in Confluence:
- Use the company’s existing Active Directory (AD) service and the LDAP with strong passwords with policies for changing them frequently. It’s also recommended not to use internal accounts in Confluence.
- Use 2-factor authorization, especially if you work more in spaces without anonymous access.
- Use different access levels for data and content by user groups: you can use already existing ones, and avoid granting individual permissions.
- Avoid storing critically important content (like passwords, access rights) on Confluence pages. There are special tools for this, for example, Lastpass or 1Password.
- The less Confluence admins you have, the better: 2-4 admins are enough.
- Perform content security audit on a regular basis. There is a good “What if? ” audit exercise. For example, “What is the worst thing that can happen if a user’s password was stolen while he was on vacation? How to minimize the damage?” It’s also better to know in advance who deals with all the issues in case of a security breach.
- Encourage information security culture in the company.
- Make sure that macros that allow you to insert raw HTML parts into Confluence are always disabled by default. To work with them, you will need the permission of the Confluence administrator or the system administrator.
- Integrate and use only reliable addons and plugins for Confluence.
- Disable anonymous remote API access.
- Keep track of the new versions of the product itself, as well as the Java version and the database. Update as soon as new versions are available.
A couple more additional, but simple recommendations that are often forgotten:
- Hide People directory;
- Hide users’ emails.
We believe that the corporate Knowledge Base can be the heart of your organization. Without the information and knowledge carefully collected in Confluence, it will be more difficult to provide services at the proper level and in accordance with the expectations of your customers, or to make important decisions for the company.
By following these simple guidelines, you will protect the company’s knowledge base and ensure the security and availability of data when it is needed most.
Want to implement a reliable knowledge base? Contact us, and in 30 mins we will discuss your project and offer the optimal solution for your specific case.