In October 2020, Atlassian took its biggest step towards the cloud with this announcement:
For the best possible experience, our partner will stop supporting the Atlassian Server product line at the beginning of 2024 and no longer sell new licenses from the beginning of 2021.
We support our customers in their move to the cloud with individual advice, our technical know-how and complimentary free services, such as our 12 tips for migrating to the cloud.
In this blog post, we take a deep dive into Atlassian's security policies regarding the cloud. We have compiled essential information from our partner's Data Protection & IT Security section to clarify the most important questions around this crucial topic: How secure are Confluence, Jira & Co in the cloud? Furthermore, what is the international company's position on European standards such as the European General Data Protection Regulation (GDPR) and much more...
While most companies are already in the cloud, a few are still hesitant to take the next step. So here are its biggest benefits in a nutshell:
1. Scalability
The platform adapts to the growth of companies and can be scaled quickly and easily.
2. Flexibility
Teams can work together even more agile - no matter with which device, at which time and in which place.
3. Time & money savings
The cloud is usually cheaper than server hardware, as costs are variably adjusted to actual demand and fixed costs for hardware are eliminated. In addition, companies can free up more personnel resources, as less IT administration work is required.
4. Increased performance
Professional 24x7 support and the immediate availability of new functionalities provided by the cloud provider enable companies to increase their performance immensely.
5. Competitive advantages
Intuitive, agile, fast workflows in the cloud are the perfect basis for even higher quality and accelerated market introduction of new products, which leads to noticeable competitive advantages.
In the next step, let's take a closer look at how Atlassian contributes to IT security, and in particular, to the security of its cloud environment.
1. Data protection
Atlassian is committed to meeting the world's highest data protection requirements at various levels.
Let's start with the company's internal systems that pursue a multi-layered security approach: Atlassian protects its networks from illegitimate access with solutions such as VPC routing (virtual private cloud), robust firewall rules and encryption. In addition, Atlassian's security philosophy also includes a zero-trust approach: users can access resources and services using their credentials and trusted devices, but additional factors are utilised to approve or deny access to individual resources based on the security level of the user's device – these flexible policy-based decisions further enhance Atlassian's security.
Atlassian's data centres are hosted on Amazon Web Services (AWS), the industry leader in cloud hosting. In addition, the company uses further geographically distributed regions within AWS. This ensures that the availability of customer data or products is guaranteed, without interruption, in the event of a downtime.
In addition to encrypting data when transferred over public networks, Atlassian also uses key management, which assigns an owner to each key, who ensures that appropriate security measures are in place for the respective key.
Obviously, Atlassian's customers access a common cloud-based IT infrastructure. For this reason, Atlassian has taken numerous measures to segregate its clients so that the actions of one client do not affect or even compromise the data or services of other users.
Ultimately, Atlassian takes full responsibility for the security, availability and performance of the applications provided, the systems on which they run and the environments in which the systems are hosted.
2. Compliance
When moving to the cloud, it is not only important to choose a secure and strong infrastructure but also to implement and comply with extensive requirements, rules and regulations from regulatory authorities.
That's why Atlassian makes it a priority to have its cloud products independently audited regularly. This involves checking whether the applicable global or European security, data protection and compliance requirements are met. The Atlassian Cloud and the company's products are developed according to widely recognised guidelines and standards and have all necessary certifications.
Many Atlassian products are certified to ISO/IEC 27001 and ISO/IEC 27018 as well as SOC 2 and SOC 3. Regular SOC 1, SOC 2 and/or ISO/IEC 27001 audits are also conducted based on security assessments as part of the evaluation process of various data centre or managed service providers.
As a global company, Atlassian needs to be able to access data worldwide. Because customers want to transfer their data across the world, the company provides an extra addendum to its privacy policy for transferring personal data to countries outside the European Economic Area (EEA) and a robust framework for global data transfers.
And even when data is transferred to Atlassian service providers, the company takes control and responsibility for how the data is used. In addition, for optimal security, the respective providers are comprehensively audited and specific contracts ensure that customers' data is protected.
3. Service
Lastly, Atlassian raises awareness for this crucial topic with internal training in cloud and product security. Regular analyses ensure that data is handled properly and customer requirements in terms of cloud security are met. Openness and transparency also play a major role for Atlassian: the company publishes an annual transparency report in which it discloses authority requests regarding access to user data, the removal of content or the blocking of user accounts.
Ready to take the next steps to the Atlassian cloud? If you have any questions, we're happy to answer them and advise you on how to make your company's move to the cloud as smooth and successful as possible.
Contact us today for a consultation. We look forward to hearing from you!