ATLASSIAN'S SHARED RESPONSIBILITY MODEL
Understanding the Shared Responsibility Model:
Imagine the Atlassian cloud as a secure apartment building. Atlassian takes care of the building's foundation, walls, and infrastructure – ensuring physical security and environmental controls. You, the tenant, are responsible for securing your belongings within the apartment, choosing reliable locks, and exercising safe practices. Similarly,
Atlassian focuses on:
Infrastructure & Platform Security: Atlassian secures the underlying infrastructure, including data centers, network architecture, and application security. They adhere to rigorous compliance standards like SOC 2 and PCI DSS, guaranteeing a robust baseline.
- Application Security: Atlassian continuously updates and patches their applications to address vulnerabilities and protect against external threats. They also offer granular access controls and robust authentication mechanisms.
However, your responsibilities encompass:
- Data Security: You control the data you upload and manage within your Atlassian instances. This includes your business intellectual property (IP), project information, and any sensitive files stored. Implementing strong access controls, and passwords, within your Atlassian tools are your responsibility. Data accidents unintentional or otherwise are a fact of life, it is your responsibility to backup your Atlassian data regularly and have it available in a format that will allow you to restore your data back easily.
- User Management: Managing user accounts, access levels, and permissions falls under your purview. Implementing access reviews, least privilege principles, and user activity monitoring are crucial to prevent unauthorized access or misuse.
- Marketplace Apps: Third-party apps installed on your Atlassian instances add functionality but introduce additional security considerations. Thoroughly vetting apps, understanding their permissions, and keeping them updated are essential.
Best Practices for Shared Security
Building a solid security posture requires collaboration between you and Atlassian. Here are some best practices to ensure a seamless and secure cloud experience:
- Leverage Atlassian's security features: Utilize built-in tools like audit logs, activity streams, and security settings to monitor user activity and potential threats.
- Stay informed: Keep up-to-date with Atlassian's security bulletins and release notes to address vulnerabilities promptly.
- Protect your data: Secure your data by regularly backing it up, either build a system yourself or utilize trusted Marketplace tools that display the Cloud Fortified badge
- Use the community: The Atlassian Community has a number of forums where cloud security and resiliency topics are discussed, these are a great place to stay informed
- Seek guidance: Atlassian offers extensive documentation and resources on their shared responsibility model. Don't hesitate to contact their support team for further assistance.
- Conduct regular security reviews: Periodically assess your security posture and implement necessary adjustments to adapt to evolving threats and regulations.
Investing in Shared Security: A Shared Benefit
- While the shared responsibility model might seem complex at first, understanding and embracing it ultimately benefits both you and Atlassian. It empowers you to take ownership of your data and tailor security measures to your specific needs, while Atlassian continues to invest in a secure and compliant platform. This collaborative approach fosters a secure and resilient cloud environment, enabling you to focus on achieving your organizational goals with confidence.
Remember, data security is a shared responsibility. By collaborating with Atlassian and utilizing enterprise class tools like Revyz, you can create a secure and resilient environment for your valuable information, empowering your teams to thrive in the cloud.
"For the IT team, the top priority for data protection was cloud-native capability, which had minimal operational overhead. The Backroads team started a.."
Read the Case Study of how Backroads IT Manager, Oscar built a cloud resilience strategy for their Atlassian Jira site
Download the Case Study Here
DATA RESILIENCY RESOURCE CENTRE
The following resources are great to use to develop your own cloud data resilience strategy