Skip to main content
How to maximise your Jira security with Encryption for Jira
Share on socials

How to maximise your Jira security with Encryption for Jira

Georges Petrequin
Georges Petrequin
22 April 2024
13 min read
A padlock laid over a Jira board
Georges Petrequin
Georges Petrequin
22 April 2024
13 min read
Jump to section
3 reasons data security needs to be a priority for Jira admins
1. Reduce the cost of expensive data breaches
2. Eliminate the risk of internal breaches
3. Improve your company's regulatory compliance
The challenges with storing sensitive data in Jira
Encryption: the answer to your Jira security needs
3 steps to improving your data security with Encryption for Jira
1. Secure your custom fields on the front and back end
2. Encrypt sensitive attachments across your instance
3. Restrict sensitive fields with visibility permissions

Discover how Encryption for Jira can help you protect your company's most sensitive data with disk-level encryption in Jira.

Jira plays a critical part in your team’s workflows and you can’t put a price on the value of the data stored in your instance.
However, Jira Data Center and Jira Server don’t automatically encrypt your data at rest.
Luckily, there’s a simple solution to this security problem: using Encryption for Jira to automatically encrypt your most important data.
In this guide, you’ll learn why data security needs to be a priority for Jira admins, the problems with using Jira to store data, and how Encryption for Jira can help you add a vital layer of security to your Jira instance.
Let's dive in.

3 reasons data security needs to be a priority for Jira admins

1. Reduce the cost of expensive data breaches

IBM research puts the global average cost of a data breach in 2023 at $4.45 million. That cost to organisations has increased by 15% over the last 3 years and isn't slowing down.
There's also a direct correlation between company size and cost — the larger your company, the more expensive a data breach will be.
A bar chart showing the cost of a data breach by company headcount
Source: IBM. Cost measured in USD millions.
If you're using Jira to track new IT projects, store information about your team, or manage your client workflow, you need to make security a priority if you want to ensure your data doesn't end up in the hands of bad actors.
The chances are that at some point, a bad actor will try to access your systems, and having the right Jira security measures in place ensures that even if a breach does happen, the cost to your business and team is minimised.

2. Eliminate the risk of internal breaches

There's an ever-present danger to your company from internal threats.
Even with the best intentions, every team member at your company is always at risk of being targeted by tactics like spear phishing or social engineering attacks.
If the wrong person gets access to sensitive files in your Jira through any of the above methods, your company risks losing important data that could compromise everything from project success, to client trust, and even the safety of your team.
Putting the right IT security measures in place including encryption and managing visibility permissions for important files ensures your company's data won't be endangered, even if an unsuspecting team member does fall victim to a data breach.

3. Improve your company's regulatory compliance

Regulatory compliance is a key priority for all companies today. The significance of regulations like the GDPR can't be underestimated — fines of up to 4% of annual global turnover for non-compliance means the costs of a data breach are multiplied significantly.
2023 saw a record high for data protection fines, and companies like Meta have famously been fined over a billion euros for breaches.
As a Jira admin, some of the responsibility for ensuring compliance falls on your shoulders. A compliant Jira instance compliant not only ensures you're safe against fines for non-compliance, but puts the right safeguards in place to protect your business-critical data from leaks or breaches.
Luckily, staying compliant doesn’t need to be a monumental task — all you need is the right processes and tools in place.

The challenges with storing sensitive data in Jira

Jira isn't made for storing sensitive data.
Here's why:
The out-of-the-box permissions protect your information on the front end, but neither Jira Server nor Jira Data Center encrypt your data at rest.
Content you store in Jira issues isn’t encrypted, and attachments are stored in the Jira filesystem, but these aren't encrypted either.
In short, if the wrong person gets access to your Jira, there’s nothing safeguarding your data from being accessed.
Furthermore, there's a lack of effective visibility permissions. This matters because if you share a Jira issue with someone, you may not necessarily want them to see all of the information stored within it.
For example, let’s imagine you have a Jira issue that stores personally identifiable information (PII) for new hires, including:
  • Social security number.
  • Banking details.
  • A home address.
You may need to share this issue with a junior member of your HR team for a number of reasons.
However, you don’t want your team member to have access to the sensitive data stored in the issue because it’s not relevant to their task. If you wanted to hide the data from them, Jira’s native visibility settings don’t make it easy.
Instead, you’d need to find a tricky workaround or create a custom solution every time you run into this problem.
Sounds pretty bleak, right? Luckily, there’s a solution.

Encryption: the answer to your Jira security needs

Encryption is one of the most secure ways of protecting your data.
In a nutshell, encryption transforms your data into an unreadable string of text. To access the data, you need an encryption key.
If someone unauthorised — that is, without the key — views your data, it'll be unreadable to them.
Encryption is a powerful tool in your organisational security arsenal, and we believe it's a security measure that every company using Jira needs to have in place.

Introducing Encryption for Jira: The best way to protect your most sensitive data

Encryption for Jira is the best way to secure your most important data in Jira.
After installing the app, you can immediately start encrypting and permission-gating your company's sensitive files and attachments.
Once installed, it becomes significantly more difficult for any unauthorised user to access that confidential data, safeguarding your company against cyberattacks and internal security threats.

3 steps to improving your data security with Encryption for Jira

1. Secure your custom fields on the front and back end

A custom text field is a commonly used Jira object to add custom information to an Issue. If your company relies on Jira to do your work, then you're almost certainly using custom fields.
If you’ve correctly implemented your visibility settings, Jira will block people without the right permissions from seeing your custom text fields on the front end.
an image of a jira database
However, it's still possible for Database Admins to access the information stored in your custom text fields via the database. If you're storing sensitive company data or employee PII in custom fields, this isn't something you can leave to chance.
Encryption for Jira provides you with a new custom field called an 'Encrypted Text Field - (Single line or Multi-line)'.
You can continue using your custom fields as you currently do, but any information in your encrypted custom field will be unreadable when accessed by anyone without the encryption key.
These custom fields can be configured as needed. For example, if you have a HR-specific Jira instance, you can use your encrypted custom fields to store employee salary or medical information.
By encrypting your custom text fields, you’ll be safe in the knowledge that your confidential company, client, or employee data is safe from being accessed by anyone who doesn’t need to see it, both internally and externally.

2. Encrypt sensitive attachments across your instance

Attachments frequently contain highly sensitive information, as they're commonly used for things like:
  • HR files on team members containing PII, such as their tax information.
  • Purchase orders with confidential financial information.
  • Sensitive company data, such as financial reports.
These are all the types of documents you can't allow to be accessed by the wrong people — whether it's someone internal or external.
Encryption for Jira lets you instantly encrypt your attachments across individual projects or all projects at once.
a screenshot of the Encryption for Jira app showing the toggle button for encrypting attachments
If someone who isn't authorised views the project, all they'll see is a random and meaningless set of characters rather than the actual attachment.
This ensures that you never need to worry about uploading an attachment into Jira and having it accessed by the wrong person.

3. Share issues and restrict sensitive fields with visibility permissions

As well as securing your data through encryption, Encryption for Jira makes it easy to set visibility permissions.
Visibility permissions give you granular control over who can see your attachments and custom fields in Jira.
You can restrict access based on selected criteria such as:
  • Users.
  • Groups.
  • Project roles.
With your visibility permissions in place, you can share Jira issues with anyone in your organisation with confidence, knowing that any sensitive information in those issues is only viewable, editable, or downloadable by individuals who you have specifically granted access to.
a screenshot of the Encryption for Jira app showing visibility permissions settings
As a practical example, imagine that a customer reaches out with a problem that other customers have faced in the past. A member of your support team wants to share a previously resolved support ticket with them to save time and save them doing repetitive work.
If you have the right visibility permissions in place, your support team member can share the issue in the new ticket, but hide any sensitive information about the previous interaction.
The customer facing the issue will have all of the information they need to solve their problem, but won't see any details about the customer who was previously involved in the ticket.
This cuts down repetitive work and means your team can share issues quickly, rather than having to duplicate them or create new ones to share with specific groups of people who don't have the right permissions.

Get started with Encryption for Jira

Encryption for Jira gives you a vital layer of security for your data without costing your admins hours of set-up time.
Once installed from the Atlassian Marketplace, you can configure the app in just a few clicks.
Once your bespoke encryption key is ready, you'll be able to start encrypting your data and protecting your organisation from cyber threats straight away
There's a free 30-day trial available for teams of all sizes, so head to the Atlassian Marketplace and get started with Encryption for Jira today.
Written by
Georges Petrequin
Georges Petrequin
Content Marketing Manager
Georges is a Content Marketing Manager at Upscale with a focus on our Jira apps. He spends his time crafting content that helps our customers solve their everyday work pain points and get more out of their Atlassian tools.
Jira
InfoSec & Compliance