The post was originally written by Andre Kolodochka on June 23, 2015. It was last updated by Gretchen Pawloski on September 12, 2020.
Regardless of how much content you have in your Confluence (10 pages or 10,000 spaces), keeping sensitive data protected is vitally important to your business. In this blog, we’re going to get a bit more technical than usual to understand what encryption is, how it works, and why it is an essential part of your business to get right.
Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. You already use encryption everyday without even knowing it. Your computer never keeps your password, instead it stores an encrypted version of it. Each time you type a password in Windows/Linux, the computer uses a cryptographic function to encrypt whatever you typed and compares the result with stored encrypted password. If the lines are the same - it is assumed that you entered the correct password. The encryption used in this example is one-way, i.e. there is no way to get the original password if you have the encrypted string and, essentially, there is no way for anyone to steal such a password.
There is another, two-way type of encryption where it is possible to get back the original information out of the encrypted string. However, to decrypt the string and get the original information you would need a key that looks something like this:
Yes, gibberish, but you would never type it in, instead the encryption software usually handles it.
The bottom line: If you don't have that key - it is practically impossible to decrypt the original information. Security and Encryption for Confluence by ServiceRocket utilizes two-way encryption, giving Confluence admins both the access and security they need to manage sensitive data in their Confluence pages.
The main reason to use encryption is to avoid disclosure of confidential information in case of theft or unauthorized access. If the file or drive with confidential information on a stolen laptop is encrypted, the thieves will get the hard drive, but won't be able to get the data. Yes, you lose the laptop ($3k), but will avoid a potential penalty for disclosing customer's data ($10k-$1M+?). At ServiceRocket, customers large and small, and from around the globe, are telling us their privacy laws are quite strict and data security is an essential part of their business. Encrypting information in Confluence is a critical issue for organizations in today's world.
There are two types of encryptions for files stored on hard drives: file system level encryption and disk encryption (also called "full disk encryption" or "whole disk encryption"). The tools based on the first one will only encrypt a particular file or directory. You may have, say, "My Documents\Projects" directory where you store all data related to customer projects. You can encrypt just that directory and keep the rest of the drive with your own data unencrypted. Or you could encrypt "My Documents\Projects\Adobe", "My Documents\Projects\Walmart" and "My Documents\Projects\SoundCloud" with three different keys, just to make sure whoever gets access to one key still won't be able to access the other two folders. There are a few advantages to filesystem level encryption tools.
On another side full disk encryption is like a "main switch." It's all or nothing. Trusted Platform Module is becoming standard on most of computers these days; it matches drive to motherboard, making it even harder to break into. Full Drive encryption is also very easy to use. You simply can't, by mistake, copy file into unencrypted folder; the whole drive is encrypted, so copy the files wherever you want. You don't have to remember to do anything, you just use your computer as usual. Also, when customer comes and asks "are my data protected?" it's much easier to say "yes" if the whole-disk (rather than file system) encryption is used.
There are plenty of encryption tools out there, for both file system and disk encryption. Which one should you use? The choice will mainly depend on your OS and hardware. If you are on Windows (and have TPM on your PC) - BitLocker is one to consider. If you don't have TPM or on Linux/Mac - look into VeraCrypt. If you are on Mac - check out FileVault (especially the one with whole-disk encryption). And, if you're an OS X user, ZDNet recently produced a nice article with suggested encryption tools.
Not quite. Encryption tools take away the hassle or typing in your private encryption keys (yes, those 20 lines of unrecognisable text), but in order to somehow protect those you will need to set up a password. And your files are only as secure as your password is. If "123456" or "password" is your password - sorry, no encryption software will help you. Always set a good password. And if software generates an encryption key and tells you to store it in secure place - STORE IT IN SECURE PLACE! Without that key, even you won't be able to recover the data. And by "secure place" that doesn't mean the same laptop; instead, keep it on a USB key in your locker or upload to Box.
Security and Encryption for Confluence is a powerful app designed to safely store and share sensitive information. The Secure Macro encrypts sensitive data and displays it as a simple inline button for easy access. Admins can quickly generate audit trail reports that detail who has created, decrypted, and edited any secured data. That's encryption made easy!