Increase your Jira security and protect sensitive data with Encryption for Jira
Do you store sensitive data in your Jira instance? Increase your Jira security with Encryption for Jira.
Being responsible for your Jira’s data and information is no small task. Whether you’re a Jira Admin, Systems Admin, Database Admin, or another related role, you have a lot to consider when implementing data protection. From security to expense, there are many factors to think about when it comes to keeping one of your company's most valuable assets safe.
Encryption is one of the safest and most popular ways of protecting data. This process transforms information or data into an unreadable text to prevent unauthorised people from accessing it. This is highlighted in the EU’s GDPR legislation as an example of an appropriate security measure for protecting data.
Given the significance of GDPR and its recent impact on businesses, it’s safe to say that encryption is a powerful tool. Companies that fall short of GDPR measures can face very steep fines of up to 4% of annual global turnover - as British Airways very recently discovered, costing them over £183 million in fines given by the Information Commissioner’s Office (ICO) - so being GDPR compliant should still be a top priority for all businesses.
Commenting on the British Airways incident, Information Commissioner Elizabeth Denham said:
“People's personal data is just that - personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience. That's why the law is clear - when you are entrusted with personal data, you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."
Personal information is obviously a key concern, however there are other examples of sensitive data that could be stored in your Jira attachments or as a text field, such as: financial details, company secrets, company plans, details of upcoming mergers or acquisitions, medical records, and many more.
Encryption in Jira Server and Data Center
Jira Server and Data Center does not encrypt data at rest. This means that when data is stored in a database or filesystem, it is not encrypted beyond any additional security systems you have in place. So, if you are using Jira out of the box, you might be vulnerable to data attacks and breaches.
To help you secure your Jira data, we have developed Encryption for Jira (E4J), which encrypts Jira data stored in attachments and an encrypted custom text field, giving you another layer of security.
An example of an encrypted attachment
An encrypted custom field
How does E4J protect my data?
E4J uses AES (Advanced encryption Standard) encryption technology to protect sensitive information by converting it into a series of random, meaningless characters.
To see how this works in more detail please see our documentation or watch the video below:
As well as securing your data through encryption, E4J also provides a solution for restricting the visibility of your sensitive Jira information from the wrong people within your organisation, or even from certain clients.
With E4J’s visibility restrictions you have greater control over who can see your attachments and custom text fields from within Jira and you can restrict access based on users, groups, project roles and more (see image below). This allows you to share Jira issues more widely without the concern that any sensitive information stored within the issue (as an attachment or encrypted custom field) can be viewed.
For example, this feature would allow you to share previously solved support tickets with customers raising the same concern, without worrying that you have exposed any details about the customer who originally raised the ticket, such as screenshots attached to the issue. This can save your Support teams significant time from duplicating their efforts answering the same questions repeatedly.
For more information on visibility restrictions: