Courtesy - Imperva
Why it's Critical to Backup Your Atlassian Jira Data
Listen to the podcast on DataProtectionGumbo.com
Here is the podcast transcript for Aaron Geister, Atlassian Administrator for Markforged, Sanket Parlikar, co-founder of Revyz and Demetrius Malbrough of Data Protection Gumbo, discussing the importance of Atlassian and Jira data protection.
Demetrius Malbrough: Welcome to Data Protection Gumbo. It's more than just a podcast. It's a source of insights to keep you tapped into all things data driven so that you can be the most informed technical expert in the virtual room. Listen in weekly to stay educated on the latest trends in backup recovery, storage, cloud, and security. In this episode, I have the pleasure of speaking with two super smart gentlemen. The first one is Sanket Parlikarr and he's the co-founder of Revyz and Sanket was bitten by the entrepreneurship bug where he founded Revyz with a mission to bring enterprise data security into the SaaS app world. Also, Aaron Geister is super smart and is the Atlassian administrator at Markforged. So I would like to welcome both of you today to the Data Protection Gumbo.
How's it going Aaron?
Aaron Geister: It’s Going well.
Demetrius Malbrough: All right, and Sanket, How are you?
Sanket Parlikar: I'm good, super excited to be on the podcast with you.
Demetrius Malbrough: Well awesome. Why don't we start off, maybe you two gentlemen give a brief synopsis of your expertise and your skillset, before we jump into the interview here. Aaron, you mind going first?
Aaron Geister: Sure, yeah. I can start off, I am an Atlassian administrator. I've been in the Atlassian world since about 2017. Started in the service desk realm, moved into the full ecosphere of Jira, doing other product administration now, concentrating on secure config standards, making sure that our cloud environment is secure. Also giving the end user a good experience at the same time trying to implement new processes, workflows within Markforged to help with compliance tracking and getting teams to use JSM, deliver that good service management and also help teach teams how to use other portions of products within the Atlassian stack that can help us be proactive with alerted monitoring, alerting, interweaving status page for our Iger solution. So just trying to deliver Atlassian stack as a whole and how it can benefit us in our org today.
Demetrius Malbrough: Okay, awesome. So you're super technical and deep on the Atlassian side, so I appreciate that introduction. Also Sanket, why don't you give us an update?
Sanket Parlikar: Thank you. Demetrius. So well, my entire career I worked in the data protection, data security domain. Initially I used to be on the backup administration side and slowly got into the product side building products, managing products. So throughout my career I basically dealt with different environments, different customers and the requirements related to data protection. That's my brief background. And basically one year ago, almost 10 to 11 months ago, I paired up with Vish and we thought of building something interesting in this new modern space and that's when we figured out, hey, Atlassian is a super big ecosystem and it's really awesome, but it has this one small problem wherein there's no solution. And when I say small, it's actually a very big pain point for all the Jira users in a way. And that's where our expertise was. And we thought, okay, why can't we solve this problem? Let's go ahead and solve this problem. And that's how we started Revyz. So that's the quick introduction about me and Revyz, I would say.
Introduction To Revyz – Jira Backup Solution
Demetrius Malbrough: Yeah, awesome. I was going to ask you that question. You and Vish I know you both founded Revyz and it fills a critical gap in the industry, especially in the data protection side of the house where we're continuing to see all of these niche players enter the space to protect things like SaaS, applications, etc.. And so things like GitHub and also I've seen what else, some other smaller SaaS platforms I can't think of at the moment, but I do know Atlassian and Jira is a critical one, especially for the DevOps and the DevSecOps personas and anyone working in an Agile and Scrum fashion. And so why don't you Sanket start us off and just maybe give us an update and a rundown around what were you and Vish seeing before you got together and you started brainstorming around the need for customers to protect their data in Atlassian?
Sanket Parlikar: Absolutely. So again we were product managers in our previous company wherein we worked together and we were watching the market very closely. We were seeing the trends, the landscape was changing wherein the data where it used to reside within the customer's data center within the on-premise data center, that started shifting into the cloud environment, especially after the pandemic. A lot of customers started moving towards cloud data centers, cloud SaaS solutions. And indirectly their data also started moving into these different cloud environments. And what everyone didn't really understand at that point in time was moving to the cloud doesn't really mean the data is secured, and the vendor providing the SaaS solution, they themselves, say, “Hey, you need to understand the shared responsibility model, you need to make sure you take responsibility of your data, you implement data protection strategies or you go ahead and develop your own data protection strategies”.
So that's what was happening and we saw that within the Atlassian ecosystem, it's such a broad ecosystem, all the customers are moving sensitive data into Atlassian products. You have Confluence, you have Jira, you have JSM, you have Jira work management. So talking about these products, they're used for various different reasons, but the dataset which is being handled in these products is very sensitive and it also can lead to downtime of your various teams and it can impact your various teams in very different ways. So that's what we saw and we decided to jump in. We decided to solve that problem and that's how we got started.
Challenges and the need for a Jira Backup Solution
Demetrius Malbrough: And Aaron, I know you are deep within the weeds of pain and issues and challenges of just managing an Atlassian environment. Why don't you maybe give us a few ideas around what are some of the pain points and some of the challenges with just being an Atlassian administrator?
Aaron Geister: One of them is getting the orgs to align and using a central tool. Being that one department says, I want to use Asana, another department wants to use ClickUp, but the company says this is our tool. And to kind of keep everybody in the same ecosystem for tracking projects, tracking data and having a centralized area to do that. On top of that, helping people understand how Jira works. So training and development within the Jira environment. Those are very hard because different users want different things or different orgs within the company want different things and thus every org's Atlassian environment doesn't look the same.
It's like you're going to look into new minds every time you go to another place. And so trying to keep everybody on the same level is a hard one. But I think one of the biggest pain points is how do we get that data secured and backed up? This year we finally got a little bit of relief from that, because of Revyz, but prior to that It was taking me 12 hours to backup each time and things may not work too sometimes. To get to the best secure config standard that was one of our major gaps is not having that backup
Demetrius Malbrough: Solution. And what is secure config standard?
Aaron Geister: The secure config standard is a way to manage how your SaaS applications are being managed from a security end. Are you using mfa? Are you using sso? Are you using IDP? How are identities being given access to that stack? Do you have a secondary directory giving access to outside users? And how are you managing those users to make sure that the environment is secure? How are people getting access to secure IP projects where we can't allow certain people to see that data because it's under a secure ip. So there's many portions of how we can secure our environment in the SaaS stack. And actually Atlassian's probably one of the better ones to allow us to get there. So just the options that they give you to help secure it. Again, one of the major gaps was like how do we get those backups and secure our data?
Demetrius Malbrough: And Aaron, so I guess before a product like Revyz, I'm real curious, how were you protecting that data? How were you capturing backups or snapshots or able to rebuild or reconfigure your Atlassian or your Jira or any of that? What did that look like?
Aaron Geister: So I was running automated backups for a while and they were not working from time to time. So I went to do the manual process where I would just download the backup every Friday. The process was really long, you back it up, you wait for that download to go six hours to your machine or whatever. It's a snapshot in that day and time when you take that. So whatever's being done after that, if we were to go down there would be a gap of missing information. And it would took me six hours to get it downloaded because of how big the site is and would then get me another six hours to upload it to drive, to keep it in a central area on our drive. And then we would just take the old snapshot out, let the new one be there just for not putting too much data we don't need up in the cloud. But it was like a 12 hour process and that's never fun.
How often should you backup your Jira data?
Demetrius Malbrough: And I'll let both of you answer this question and send it out. I'll start off with you just based upon your research, I'm sure you and Vish have done tons of research and sitting down to really determine what your go to market story is and who are the personas that you're selling to, et cetera. So with your research and all the time that you've spent, how often should someone be backing up their Jira data within Atlassian? And I know it's dependent upon the company and how much or how critical Jira is to them, but I'm curious to get your opinion on what you have heard or what have you seen based on your research?
Sanket Parlikar: Good question. So when we spoke to multiple administrators, what we heard was at least bare minimum every day, I should be able to back up my system, including all of its attachments, all of its configurations, and all of its issues. That's the sweet spot for most of the customers. Now depending on what various companies do with Jira, they might have different requirements, but on average, the sweet spot is like every day you should have at least one good snapshot.
Demetrius Malbrough: Awesome. Aaron, I was just saying for you, what does that look like? Is that, because I know you say you were capturing it manually once a week. Has that changed?
Aaron Geister: Oh yeah. We're doing it daily now because of Revyz and I'm actually thinking about going through and maybe doing it twice daily just for our own sake. And the reason why is that in the company I work in today, Markforged, we produce software, but we also do a lot of hardware with our 3D printers. And so there's changes happening in there through the day, thousands and thousands and thousands of changes. And if Atlassian had a bad day, which we have experienced in the past but didn't affect all customers, and that's just part of running a SaaS product, is it, it's really hard to have a hundred percent up time all the time, but I think they do a great job. But the problem is when will it go down? When does it go down? And we're not able to capture that back. And so having that insurance is critical. So for me, going back right now, I'm thinking maybe we need to do it twice a day so that if we do have to go back to that restore point, we're a little closer to not missing data.
How easy is it to restore Jira data from Revyz Backup?
Demetrius Malbrough: And we all know that it's great, it's fantastic to have backups, but the main reason to have backups is for recovery. So think back before Revyz, were you ever put in a situation where you had to try to recover some data from Atlassian?
Aaron Geister: So yeah, multiple times. And then it was like, well, someone deleted something that they shouldn't have deleted and we didn't get it back, it's gone. We never were in a spot where Atlassian was down and we needed to import a whole bunch. That's great. Again, thank you Atlassian for your uptime, but you never know, right? I've been in situations with other companies where Microsoft was down for how long and what do you do when everybody in the company is on the same product and it's your whole living ecosystem.
Demetrius Malbrough: Now, hold on. You said Microsoft was down or is that a section of Azure
Aaron Geister: Yeah, this is years back now where, oh, okay. Microsoft stuff had a bad week and it's just like you don't want to live through that. That's chaos in our IT team. Anytime you're an administrator, you just don't want to live in that moment, but those moments are possible and then they can happen.
Demetrius Malbrough: And have you tested a recovery now that you have Revyz or have you had a situation where you've had to use it to recover anything? Yeah,
Aaron Geister: Yeah, we've done a couple really good tests and we've also done some testing in our sandbox to just delete a bunch of things and bring them back and it's all functional working. I think the one thing about it is that if someone deletes something it's still storing that data almost on the fly, so you're still able to get that stuff back pretty smoothly. It's a pretty smooth process with Revyz.
SaaS Shared Responsibility & Budgets
Demetrius Malbrough: So just for both of you, if a CIO was kind of on the fence about whether or not to invest in a technology that actually is able to capture a snapshot or capture a backup of data in Atlassian or Jira data, what would you say to convince them that you need that in the budget and you need to do it right now Sanket?
Sanket Parlikar: Sure good question. So basically what I would say is, Is it okay not to back up your JIRA system? do you understand the risk? Do you know what data is going into your Jira systems and what is going to happen if you lose that data? You need to really understand that, right? And the moment you do that analysis, the moment you start looking at what projects you have created, what JSM projects different teams are using, what data is stored, what attachments are uploaded within your Jira system, the moment you do that analysis, it's a no-brainer right away you are going to say, Hey, this is something really, really important for my business. I cannot take the risk of losing this data. Let me just go ahead and back up my system. So most of the time, CIOs and CISOs and even admin teams, IT heads whenever they will do that analysis, I'm pretty sure 99% of the time they'll come back and say, Hey, my system needs data protection strategy.
Demetrius Malbrough: And Aaron, I'm, I'm not sure if you were a part of the conversation when you guys were evaluating which product in order to capture backups of Atlassian and Jira data, were you a part of that conversation and maybe if you were, what did you say to convince your management team to follow through with that purchase?
Aaron Geister: So I was part of the conversation. I was the one that brought up Revyz and introduced Vish’s team to my team. I met Vish down at Team’22 and when he pitched me the idea that this was coming alive, I was like, where have you been all my life? And I was like, you got my full support. There are a few other Atlassian add-on apps that do something similar, but I don't think they do it at the same capacity that Revyz does. And what I used was the whole shared responsibility pitch. We're using Spanning to back up our Google cloud. Why are we not doing that for Atlassian? We have project data here that if we go down, we have no clue of what's going on now because it's all tracked in that place. We have secure IP data that we need to have for tracking and building these new things within the Markforged ecosphere.
And if you lose that data, how do you get that back? What are you going to do? So my pitch was shared responsibility. Remember SaaS products there, there's all humans behind what's going on and things happen. We make mistakes and sometimes those mistakes cost a lot of money for companies. And so if we don't do our due diligence as administrators and try to do our best to safeguard those things, again, going back to the secure config standard, having something in your pocket that says we need these specific things to harden our SaaS applications, we need to hit these data points so that we can help keep business continuity going. Right.
Demetrius Malbrough: And you know what? You touched on a lot of different things. The shared responsibility model is still confusing or all right, not understood or just not known about when you're talking to centers of excellence, whatever that COE is, whether it's a Salesforce COE or it's Atlassian or just name your SaaS product. So there are multitudes, and it's been said that companies have hundreds of SaaS applications that they are utilizing in order to just run their businesses. So what do you see as some of the challenges as you grapple with all of these different SaaS products? So you mentioned you had Spanning, now you're using Revyz. I mean who knows what else you're using, right? To capture or manage data. What are some of the challenges? And I know I would like to see a single solution that kind of ropes everything in, wrangles it all in and kind of allows me to manage it from one, as they say, single pane of glass. But I know that hard, that's not existing yet. What are your thoughts there, Aaron?
Aaron Geister: So I have used other tools that kind of do that, right? I've used a tool called CIA and it works okay, but the thing is it's at the level that you need it to work. So what happens when we're using products that are specific backup products to that ecosystem? Spanning is definitely meant for a Google ecosphere. Revyz definitely meant for Atlassian ecos. What do you get with that? What you get with that is, you target what you really need for backups. You're getting iteration, you can return specific data points that have been deleted and bring them back. Why? Because they're focused on that specific system and how that system works. And the one thing I think is when you get an all inclusive SaaS backup solution, they are going to miss the points that are crucial points of what you need to grab out of there because of the way each one of those are built. Every SaaS application is not built the same. And I think that's why you're seeing these specific backup solutions for specific products. And that has to go back to how that system is built and working. I would love to see what you're talking about too, but I don't see the realism in that being achievable because each system is so different.
Demetrius Malbrough: All right, so we got a new project between the four of us and we're going to say Vish is here in spirit. So the four of us, we need to figure out a way that we can plug in and connect multiple products regardless of what that SaaS product is into one unified UI and allow someone to be able to tap in that way. I know, no, it may not exist, it may be 10 years from now, but someone's going to tackle that. And I think the one thing that allows all of this to be possible are APIs, right? Because without APIs there wouldn't be a communication mechanism between all of the hundreds and thousands of different applications and products out there. So thank God for APIs. Any closing words? Same Sanket. Again
Sanket Parlikar: From my side, I would just say this one thing. When we talk about the Atlassian ecosystem, again, we need to think of it from the point of view that it's a cloud solution, it's a SaaS solution for all the admins. It's very important to understand the shared responsibility model. What is your responsibility as a user and admin? What is that they're going to do from their side? And what you really need to be aware of and what you need to be really executing as part of that shared responsibility model. You need to really, really understand that very well. So that's my summary. I would like to just request everyone, go ahead, try to look at what the shared responsibility model and what Atlassian talks about in their white paper is going to help all of the Atlassian users in understanding how this SaaS solution works and what they really need to do from their side. So that's my summary.
Aaron Geister: Just to piggyback on that, Admins I think in general, are doing a lot of the API work, they're all crucial in that shared responsibility. Knowing that for each SaaS application that they're administering and then finding that solution for that gap. Again, going back to that secure config standard, looking at the compliancies that you're under, right? With your organization do you have sox? What is it that you have to follow? And then go back to the application and see where those gaps are. And if you're under any compliance regulations, you'll find out that backup is actually in some of those regulations of what you are doing to safeguard your information. I think most everybody has it out there, so look for it and then look for the solution. I was lucky to meet Vish and then met Sanket and I think if we wouldn't, we would still have a very big gap. So I appreciate them. It was a lot of months of work to get it out and working because of the safeguards we have with the vendors that we work with. But yeah, we need these type of solutions.
Demetrius Malbrough: Well, fantastic gentlemen, I do appreciate the insights and some of the best practices around just protecting data within Atlassian and also Jira data as well. So one final thing, if you are watching today, maybe you're watching from DataProtectionGumbo.com or also we do have a Backup and Recovery Professionals group on LinkedIn with 25,000 professional members in it. So please go on LinkedIn search Backup and Recovery Professionals and you can find the group there. So I appreciate all of you as listeners, and until next time, may the gumbo be with you. Thank you for listening to Data Protection Gumbo. Please follow us on Twitter @DPGpodcast and join our Backup and Recovery Professionals LinkedIn group. Just search, backup and recovery professionals on LinkedIn and you will find the group. And until next time, gumbo listeners, have a fantastic week.