Introducing Data Governance in our Standard draw.io plan for Confluence Cloud

By |2023-03-01T12:35:24+01:00March 11th, 2021|Atlassian, draw.io, news, security|
Reading Time: 2 min

draw.io is a security-first diagramming app for Atlassian products. Diagram data only lives in your computer memory, or as an attachment to a Confluence page or Jira issue.

Data residency

Atlassian has implemented data residency options for Confluence Cloud and Jira Cloud. This means that all of the primary data stored in your Confluence and/or Jira instance will reside on servers in your chosen region. Set your data residency region in your Atlassian Cloud product to choose where your data or in-scope product content resides. The primary content of your instance will be stored on servers in that region when it is at rest. When you set the location for data residency for Confluence and Jira, draw.io automatically follows that selection with the location of diagram data that is stored within the host product. In short, draw.io matches the data residency settings and compliance of Confluence and Jira Cloud. You don’t have to do anything additional for draw.io once it is set for the host product.

Data Governance

While your diagram data is only ever stored in your browser or in your Confluence or Jira instance, a few extended features, such as PDF generation, cannot be performed within your browser. When using these features, the data is sent securely to the draw.io server endpoints. Once it has been successfully returned, all data is deleted from our servers, nothing is persisted. These functions include:

  • Import from .vsd, .vss, and .vsx diagram files, including embedded EMF images.
  • Generation of diagram images from PlantUML.
  • Import of Gliffy diagrams

Note: Data is encrypted during all network transmission to and from the endpoint. You can still export your diagrams as a PDF file, as we use the browser’s built-in print dialog to print to PDF.

Only EU endpoints

As mentioned, we match Atlassian’s data data residency location in all our cloud products. We also locate all of our endpoints in the EU, in Germany, specifically. This means that if you are located in the EU, processing of data sent externally only occurs within the EU. If you have requirements for processing data in other regions, please let us know via our standard support process.

Data transmission lockdown

In Confluence Cloud, using the draw.io lockdown option, you can additionally restrict data transmission to only between your browser and your Confluence Cloud instance (and effectively disable the features described above).

  • Add the following JSON string to the draw.io app configuration: "lockdown": true. Note the dataGovernance value is ignored with lockdown set to true.
  • Additionally, you can disable the export of all editable diagram formats (.xml, .png, .svg, and exporting the diagram as URL) by adding the JSON string "restrictExport": true to the draw.io app configuration

Did you know that our efforts in enterprise security, reliability and support have been verified by Atlassian? Have a look at the Cloud Fortified program.

Share This Story, Choose Your Platform!

About the Author: