Care about security? We do too. Learn what Atlassian does and what you can do too.
Need to test security settings? Learn how with authentication policies.
Eager to configure? Read on about single sign-on.
Manage password policies for users? Set up two-step verification and idle session duration.
Stay on top of data across your organization with all the reports and tracking options we offer.
Learn about where your cloud product data is hosted and the types of data you can move.
Control how users and apps access your Atlassian cloud products.
Use classification levels to identify and categorize sensitive information in your organization.
Set up and manage BYOK encryption to add protection for your sensitive data.
Set up and manage data security policies to secure your organization’s data.
A data security policy helps you keep your organization’s data secure by letting you govern how users, apps, and people outside of your organization can interact with content such as Confluence pages and Jira issues.
Data security policies take a content-based approach to governing how your data in Atlassian products can be used. This is different to a user-based approach that relies on giving or revoking specific permissions that allow users or apps to perform certain actions.
Data security policies are only available with Atlassian Access. Learn more about Atlassian Access
What’s in a policy?
Policy name: Name of the policy.
Policy description: An optional description to help give context for the policy.
Policy author: Person who created the policy. Information about the person who updated the policy most recently is also shown (if different to the policy author).
Policy status: An indication of whether the policy is active or not.
Policy coverage: The scope of spaces or products that the policy applies to. Covering spaces in a data security policy is currently only available through our Early Access Program (EAP).
Policy rule: A security control that can be configured as part of a policy and thereby enforced on all spaces or products specified in the policy coverage.
There are two main elements of a data security policy: the policy coverage and policy rules.
The policy coverage is the scope of spaces or products that a policy applies to. If you have more than one space or product, you can choose to include as many spaces or products you like in a single policy. A space or product can be part of more than one policy.
Policy rules are security controls that are available to be configured as part of a policy. When a policy rule is added to a policy and the policy is activated, the security control is enforced on all spaces and products covered by the policy. Learn more about data security policy rules
This is an example of two different policies set up by Acme Inc.
In this example, Policy 1 covers Acme’s products that contain personally identifiable information (PII) and has the security requirements to not allow users to download content, not allow apps access to data, and not allow anyone the ability to enable anonymous access to these products.
Policy 2 covers Acme’s products that contain information not approved for public distribution and has the security requirements to not allow users to download content and not allow anyone the ability to enable anonymous access to these products.
Two of Acme’s products are covered by both Policy 1 and Policy 2. Data security policies are additive, which means any product that is included in more than one policy is subject to all the policy rules specified by all the policies that cover that product.
Was this helpful?