Courtesy - Dilbert.com
Jira Backup Requirements
Courtesy - Bitperfection
With an understanding of some of the business challenges in the modern cloud era, let’s turn our attention to business requirements for protecting your Jira data.
Data Backup and Retention
Ask any of your IT administrators about your company’s backup strategy, and it’s likely they’ll confidently rattle off your backup schedules, technologies, capabilities, and features, and how quickly they can recover a file that was deleted six months ago.
Ask the same question about your Jira backups and that confidence quickly fades. In much the same way that many business users have a limited understanding of the shared responsibility model, Jira backups may be all “smoke and mirrors” to your IT administrators.
Simply stated, Atlassian’s Jira doesn’t meet the standards that virtually all security professionals recommend for data backup and retention (aka, the “3-2-1 Rule”): maintain three independent copies of your critical enterprise data on two different platforms/media, and in at least one remote location.
In fact, the native data protection capabilities in Jira provide organizations with very little control over data backup and retention policies, Jira data can be manually backed-up as a database XML file, how you manage the backup file is essentially your headache.
It’s inevitable. End users, Jira Project admins or Jira Site admins, accidentally delete Jira issues, attachments, comments, or configuration objects such as workflows, screens or delete an entire project. The bottom line is that without a comprehensive third-party Jira backup solution, your valuable data is vulnerable. As is known any deletion operation takes effect instantaneously.
In many cases, end users or admins may immediately realize what they might have done accidentally, but it might be too late as any deletions except for entire projects are immediate and the data is lost forever. But, in far too many cases, they may not realize that business-critical data was accidentally deleted until months later. For example, a well-intentioned project administrator may try to clear up some redundant Jira Issues, but by doing so, he or she may have ended deleting critical attachments and comments associated with those issues. It is a very normal practice to run an automation script to either make a bulk change or delete Jira issues older than a certain age.
In both cases, it may be months before someone realizes that an important file has been deleted or an inactive project is suddenly active again. Unfortunately, in both situations the data would most likely be lost forever without a comprehensive third-party Jira backup solution that provides:
- Regular point-in-time backups and unlimited retention
- Bulk and granular point-in-time restores
- Quick recovery and self-serve options to meet SLAs and operational-level agreements (OLAs)
Speed, agility, and seamlessness are among the pillars of modern-day project and workflow management. In Jira, a capability that can help you do work efficiently is the bulk change feature where you can make changes or edit multiple issues at once. There are many and varied use cases as to why an end user, project admin or a site admin will use this capability to avoid repetitiveness. Just like in the accidental deletion case, a user after the bulk change action has been taken realizes that the selection criteria for selecting the Jira issues that had to be changed was in correct. Reversing such a change becomes a very tedious and time consuming effort as the specific issues which were modified become very difficult to identify and revert back. In order to avoid such situations an incremental backup solution with bulk and granular point-in-time restores can help revert back bulk changes.
Project administrators to simplify and declutter their Jira site, share project configuration objects across multiple projects, this is an excellent best practice. The shared configuration objects include screen configuration, workflows, issue types and various types of Jira schemes encapsulating the underlying objects. While the practice of sharing objects across projects is great it also leads to unforeseen issues when changes in one shared configuration object can unintentionally impact other projects, just trying to understand what caused the problem can be a huge time sink. A solution to address such issues would be to have a configuration revert or undo capability, which is achievable via regular backups of the site.
The Insider Threat
It’s an unfortunate reality: malicious insiders account for nearly one-third of all security incidents and approximately one-fifth of all data breaches according to the Verizon 2019 Data Breach Investigations Report (DBIR). (https://enterprise.verizon.com/resources/reports/dbir/2020/introduction)
A disgruntled or departing employee may delete, hide, alter, or steal sensitive data, often months before being discovered or “walking out the door.” Unfortunately, when it comes to Jira there is no good answer to address these types of scenarios as the data loss is immediate and worst of all no one knows who did it.
Without a comprehensive third-party backup solution, your ability to recover business-critical and/or sensitive Jira data, review the history of the incident and scope of data loss, and conduct a thorough forensic investigation may be severely limited. A comprehensive third-party Jira backup solution allows you to:
Constantly capture data (including deleted Jira Issues, and associated attachments, comments and configuration objects such as workflows, screens etc..) with continuous backups and unlimited retention
- Isolate a copy of historic data outside of the Jira environment
- Restore data sets back to the manager or even outside the Microsoft 365 environment
- Conduct data investigations and forensic analysis with built-in search and analytics capabilities
Account Takeover Recovery
Account takeovers, a flavor of Ransomware type of attacks in context of Jira have increased exponentially over the past several years. The traditional Ransomware type of attacks have focussed on encrypting data where possible, in the context Jira, the attacker gains access to the Jira application and with the appropriate privileges destroys data to create havoc and disrupt the target business.
Ransomware as a Service (RaaS) is one disturbing trend that makes it easy but no less criminal for practically anyone to target an organization with ransomware.
If your organization becomes a victim of ransomware or account takeovers, your single best defense is a reliable data backup. Even if you pay the ransom, in the case of Jira if the data was deleted, it is lost forever.
Change Management & Compliance Reporting
Jira is used by many organizations as the “system of record” for managing changes to the systems that are used to deliver the necessary business services. When it comes to an SOC2, PCI, ISO27001, FDA or any other type of compliance related audit, companies just export out the Jira issues associated with the changes that were made to the various delivery systems during the audit period. Ensuring that the audit process goes smoothly with no hiccups is critical for the business, having any missing or lost change management records could be detrimental for the business. The only solution to ensure that the change management records are safely maintained is to have a comprehensive Jira backup solution in place.
When your organization is involved in litigation, it must comply with court-ordered eDiscovery and legal hold requirements. Without the right tools, compliance can be painstaking and fraught with risk. eDiscovery requires all relevant end-user data across the organization to be quickly accessible and protected from deletion or alteration, to avoid potential penalties and/or liability. Jira offers no specific capabilities to address the needs of data preservation and compliance. Data retention gaps, such as departing employees or intentional deletion, may also impede full compliance. Only a comprehensive Jira backup solution can fully help address these requirements of data preservation.
As you can see, the traditional Jira backup capabilities are limited, and in most cases, inadequate to meet the data protection, data recovery, data security, change management and compliance requirements of today’s businesses. A comprehensive third-party Jira backup solution is the only way to ensure that your Jira data is properly protected, quickly recoverable, and compliant with various industry and legal requirements.
How can Revyz Help
Implementing a data protection strategy for Atlassian Jira cloud has become a necessity and equally complex. With limited native options from Atlassian, you will have to either build some custom scripts, manage data on your own to address your data protection needs or you leverage 3rd party SaaS applications such as Revyz to offload data protection from your core IT team.
Revyz Backup & Restore app for Jira can store data securely & remotely, making it available for various recovery scenarios without having you to rollback the entire site.
Try Revyz for free - Atlassian marketplace link. Share your feedback on how we can improve & what other use cases you would want Revyz to address.
Blogs from Revyz
Atlassian Data Protection - Challenges in the cloud
7 Reasons Why A Jira Backup & Restore Solution Is A Must Have
Pro's and Con's of using Jira Cloud Database Backup & Restore
Mystery of Incorrect Sprint Reports
Jira - Restoring Issue Family Hierarchy
SaaS Backup: An Antidote to Ransomware
Data Backup - A Key Pillar of Insider Risk Management
What’s your Atlassian Cloud Migration & Data Protection Strategy?
A Guide to SaaS Shared Responsibility Model
Why you need a SaaS backup strategy and solution
Why we built Revyz