By 2025, 55% of large enterprises will successfully implement an all-in cloud SaaS strategy – Gartner, Cloud Strategy Leadership Report.
As enterprises realize the numerous ways in which they can benefit from the cloud to streamline (and augment) day-to-day business processes, Atlassian Cloud is fast becoming an extremely sought-after option.
Atlassian Cloud, with its capabilities across flexibility, scalability, and agility is enjoying immense popularity across various industries, sectors, geographies, and sizes. Atlassian’s investments in building cloud-first future mean teams can reduce overhead, simplify user management, increase security, collaborate better, and prepare for the future.
Yet, many organizations still have concerns about the security of the cloud, causing them to delay (or even dismiss) their cloud migration initiative. 40% of IT managers surveyed said security and compliance are two of the greatest challenges of an on-prem to cloud migration. But given the continued efforts Atlassian puts towards maintaining and upgrading cloud security, it is about time organizations stopped worrying about cloud security. Read on to find out more!
Atlassian’s Commitment to Cloud Security
At Atlassian, security is built into the foundation of its cloud products. Today, the company offers the best cloud hosting infrastructure with compliance, security, and performance at its core – without the need to prioritize resources, upgrade servers, enable security, make manual updates, or maintain encryption standards.
Here’s looking at Atlassian’s commitment to Cloud Security:
• Security controls: Every Atlassian Cloud product is built with an array of modern security controls that keep the product as well as the data in it safe.
- The customer data that is stored within Atlassian cloud products are encrypted in transit via Transport Layer Security. Such encryption helps protect customer data from unauthorized disclosure or modification.
- Atlassian constantly works towards reducing the number of vulnerabilities in cloud products through efficient product vulnerability and quality management. Developers are constantly empowered to test their features against quality standards while the bug bounty partnership makes it lucrative for users to find vulnerabilities while making it difficult for hackers to exploit vulnerabilities.
- Atlassian runs several Product security testing programs to ensure their products comply with the required security standards: while internal testing is done by the development and security engineering teams during the planning, development, and testing phases, external testing is done when the product moves to production.
• Infrastructure security and reliability: Atlassian cloud infrastructure is designed for dependability and optimal performance, with redundancy and failover options around the world. In addition to product-specific security practices, data stored on the infrastructure is automatically encrypted in transit and distributed for availability and reliability, thus, guarding against unauthorized access, and service interruptions. And because the cloud platform optimizes upon sign-up where customer data is located based on the origin of access, it ensures more reliable performance and reduced latency.
• Network security: Atlassian constantly works towards implementing controls at each layer of the stack and limiting access via zones (office, data center, platform), environments (production, development), as well as services. Using virtual private cloud (VPC) routing, firewall rules, and software-defined networking, it controls access to sensitive networks while ensuring all connectivity is encrypted by default. Intrusion detection and prevention systems are always in place to identify potential security issues. In addition, users who require sensitive network access need device certificates, multi-factor authentication, and the use of proxies. Access to customer data requires explicit review and approval.
• Compliance with security standards: Today, Atlassian adheres to several information security standards including:
- ISO/IEC 27001 ensures the development and implementation of a rigorous security management program.
- ISO/IEC 27018 focuses on the protection of personal data in the cloud.
- PCI-DSS to ensure the right controls are always in place around cardholder data and to reduce credit card fraud.
- CSA CCM/STAR that documents the security controls provided by Atlassian, so customers can assess the security of the products they currently use or are considering contracting with.
- SOC2/SOC3 to ensure Atlassian carries out regular audits to securely manage customer data to protect their interests as well as the privacy of their clients.
- FedRAMP (for Trello) ensures a standardized approach to security assessment, authorization, and continuous monitoring.
- For HIPAA, Atlassian is yet to sign a Business Associate agreement for its cloud products and recommends embracing Data Center for those who need to ensure compliance.
Cloud security best practices
For organizations looking to ensure round-the-clock security of their products, users, and data, embracing certain cloud security best practices is important.
- Begin by understanding your Atlassian cloud landscape: this means having good knowledge of the products your company is currently using and the risk profile of the information stored within those products – so you can ensure they have the right security policies in place.
- Leverage an identity provider to configure single sign-on and/or set up automated user provisioning (and de-provisioning). With an identity provider, you can efficiently manage account access, ensure a consistent login experience for your users, and mitigate security risks.
- At the same time, it is also critical you implement good security protocols. This includes setting appropriate security policies, routinely auditing activity logs and accounts, limiting admin access, and constantly educating users with security best practices.
Cloud Security – A shared responsibility
When it comes to moving to the cloud, security is often a common concern. In addition to the various security capabilities that Atlassian constantly builds into its cloud products, it also believes cloud security to be a shared responsibility between Atlassian and the organizations that embrace the Atlassian cloud. While Atlassian takes appropriate action for the protection and confidentiality of customers’ data, enterprises themselves need to manage the information within their accounts and users to meet their own compliance obligations.
Here’s looking at how cloud security responsibilities are split between Atlassian and its customers:
In a world where software delivery is getting increasingly complicated, Atlassian Cloud offers an array of modern capabilities that makes this process extremely efficient and straightforward.
For organizations eager to embrace Atlassian Cloud but are worried about security, Atlassian drives relentless efforts in integrating the latest security controls across all its products, networks, and infrastructure. It allows them to work towards achieving their business goals with ease – without worrying about security or compliance.
If you need assistance in ensuring a smooth migration to Atlassian Cloud, let us connect.