Encryption Illustration 1
January 29, 2019

Is your Jira data as secure as you think?

DI
Dan Ivory 4 minute read

Encryption for Jira now available on the Atlassian marketplace.

Data security is becoming more and more prevalent in today's interconnected world. And we are more aware than ever of the volume of sensitive information that is held in databases, and devices across the world.  

As Gartner reports “Critical data breaches are in the news on a regular basis these days. A single breach can result in massive losses, both in money and reputation. Stock prices drop, customers become angry and business goals are jeopardised.”

In fact, data breaches and information security, both internal and external, are some of the top things keeping CIOs and CTOs awake at night, as reported by CIO.com.

Why you need Encryption for Jira

Encryption for Jira (E4J) allows your Systems, Database or Jira Admins to easily protect your Jira data, without affecting the user experience.

Jira is a prime example of an enterprise tool that over time can build up a significant amount of sensitive data about your company, customers, employees, and projects. While Jira provides a range of solutions for securing certain areas of Jira from users based on groups, permissions, and roles, it does not provide a way to prevent unauthorised people accessing it via the back-end. 

What is encryption?

Encryption is the process of transforming information or data into an unreadable text to prevent unauthorised people from accessing it.

Getting started with Encryption for Jira

E4J is designed to be user-friendly and simple to configure, giving you a vital layer of security for your data without costing your Admins significant set-up time. Once installed it takes just a few clicks to configure and generate a bespoke key which acts as a secure password. You have two options for key storage, database or memory, see here for more information about these. 

How to Configure Encryption for JiraConfiguring Encryption for Jira

What data can be encrypted?

E4J allows Admins to encrypt two significant Jira objects that are highly likely to contain sensitive information.  

The first is attachments, as they frequently contain highly sensitive information, perhaps a sales proposal, HR files, or a company acquisition plan.

Secondly, custom text fields (when using E4J’s ‘Encrypted Text Field - Single-line or Multi-line’). These are special text fields that a Jira Admin can configure to allow users to input and display additional information within a Jira issue. For example, a HR specific Jira instance might have employee salary or medical information stored there.

Encrypting Attachments 

As mentioned, attachments are often where sensitive information is stored. Perhaps you have a purchase order attached to a Jira issue that includes sensitive financial information, or have a PDF document with the minutes from a confidential meeting between an employee and their manager. These are the type of documents you wouldn't want to be easily accessed by the wrong people.

encrypting attachments file system
A file system displaying attachments 

Once encrypted, if these files are accessed in the backend file system (as shown above), they will display a random and meaningless set of characters rather than the actual document or image. Such as in the example below.

 encrypted attachement viewAn encrypted attachment

The attachments would still be accessible via Jira as usual, depending on what permission settings you have in place. However, crucially they can no longer be accessed by anyone who has access to the file system but shouldn’t have. 

Encrypting Custom Text Fields

Custom text fields can potentially contain sensitive information.

What is a custom text field?

A custom text field is a popular Jira object that is often added into a Jira system to allow the user to add in bespoke information and customise Jira to their specific needs.

While your Jira system will block those without the correct permissions from seeing the information via the front-end, some Database Admins may still be able to access this information via the database. 

Encryption for Jira provides you with a new custom field called an 'Encrypted Text Field - (Single line or Multi-line)'. This allows Admins to store information in the usual way however it becomes illegible when accessed by unauthorized employees or hackers. As seen in the example below: 

Encrypted custom text field exampleEncrypting custom text fields and the encrypted database view

Secure your sensitive data today with Encryption for Jira

CIOs and CTOs of the world, we can’t guarantee you a good night’s sleep, but with Encryption for Jira you’ll gain an extra layer of security for your Jira system, helping protect your organisation from falling victim to confidential data breaches and prevent any unintended financial and reputational risk.

To try out Encryption for Jira head over to the: Atlassian Marketplace now for your free trial.