Locking and Security - Lockpoint Cloud
Lockpoint Cloud is designed as a workflow tool to help teams collaborate on documents.
While Lockpoint Cloud was designed to prevent the inadvertent modification of attachments by other users, Lockpoint is not intended to be a security product (for either the Cloud or the Server/DC edition).
Lockpoint has adopted leading industry-standard security practices for persisting information, including the creation and validation of digital signatures on all metadata, but due to the Confluence permission model, it is possible in some circumstances for malicious users to interfere with the locking state of an attachment.
In specific, a malicious and motivated user could, by bypassing the Lockpoint Cloud user interface, manipulate metadata so as to unlock an attachment that was locked by a different user. Such a malicious user must already have sufficient Confluence permissions to modify the underlying attachment.
As part of our security and privacy model, Lockpoint Cloud stores almost all of its information directly in the Atlassian Cloud infrastructure, which provides a high level of trust. The principal trade-off of using this storage mechanism is that users with sufficiently-high permissions would be able to remove locking metadata for existing locks, as described above.
We have judged this trade-off as being acceptable for the following reasons:
- Since the goal of Lockpoint is to allow teams to collaborate, we believe that any such inadvertent unlocking would be easily visible, as well as something that is likely to be discovered by the original user when they attempt to unlock the attachment.
- To interfere with lock status, a malicious user would already need to have permission to modify the underlying attachment content. If a malicious user already had such permissions, we believe that the malicious user's potential to make unwanted changes to the attachment itself poses a much larger security risk.
- The benefits of storing all of Lockpoint's critical data in the Atlassian Cloud are difficult to overstate, since this model comes with extremely high levels of trust and security. Customers already count on Atlassian to treat their core Confluence data with the utmost integrity, and by placing all critical Lockpoint data within the Atlassian Cloud, we ensure that Lockpoint's data is treated just as well as Atlassian's data.