Need Setting to NOT Show Content Updates IN Email Notifications

I can’t find any relevant tags for this, but… We have the need to configure most of our projects to STOP sending the full updates via e-mail. This is because anything typed into the UI ends up in the e-mail, and this content can include anything… Even usernames and passwords. The typical end-user doesn’t know the implications of these kind of actions. They assume that they’re logged in, so everything they do is now secured. This is obviously not the case.

This is a hard requirement for any organization that wishes to be part of or use Asana as part of a security certified solution/vendor under many known web security standards. For example, FedRAMP would prohibit us from continuing to use Asana in any way, despite it being everyone’s favorite tool. The transmission of government data would flow freely through the internet to everyone’s inboxes without any security applied at all.

Related to this observation/request is the attachments. Currently, I can consistently open the URL to a task attachment and open it in any other computer or browser without logging in. This is a major security issue for us. Combined, this means that Asana is potentially exposing all kinds of PII.

Can these two concerns be addressed by the Asana product team? We love Asana and would hate for something like this to be the reason we’re unable to use it in the future. :frowning:

1 Like

There are other benefits in doing this… People are forced to visit the site again. People are forced to re-authenticate to interact with the project.