BACKUP BLINDSPOTS?
TABLE OF CONTENTS
NOT ALL BACKUP SOLUTIONS FOR JIRA ARE THE SAME
After years of talking to Atlassian customers looking for a robust backup solution, we kept hearing about how most solutions promised to 'backup everything in Jira', but how many simply did not make the cut?
So we decided to go out and fact-check the features of the backup apps available on the Atlassian Marketplace.
We were surprised again and again to find, what we would call, critical functionality in backups, was completely missing in some solutions!
We’ve labelled these Backup Blindspots and are adding them to this page, one by one...
AUTOMATIONS
Automations are a Critical Part of Most Jira Sites
Since their inception, Automations in Jira have been a fantastic way to increase productivity and to remove unnecessary effort in your service desk and projects - just about anywhere! For many sites, dozens of automations run 24x7 completely unnoticed. This is where the problem lies. Because automations run in the background, you tend not to notice them until they break down, or as is the case of late February 2024, they go missing altogether!
Automations are Not Backed Up
Automations are not backed up by default, and due to our recent investigations of backup apps on the Marketplace, very often they are not able to be backed up adequately by your backup software. It should be noted that Atlassian are backing up Automations and other configuration objects for their own outages - but this is not covered if any damage is done internally to your site.
How To Create Automations and Back Them Up by Alex Ortiz
We asked renowned Jira expert and trainer, Alex Ortiz, to walk us through setting up Automation rules and backing them up in the video below.
Watch Explainer: How to Create Automations Rules in Jira
Watch Explainer: How to Restore Automations Rules from Jira Backups with Revyz
The Risks of Not Backing Up Automations
There are many ways that your Automations can be damaged or lost, including;- User damage during making changes
- Accidental deletion
- Malicious deletion by rogue staff
- Deletion or adjustment by cyber-attack (there's not greater way to create havoc in a Jira site!)
- Site incidents and cloud outages
What Happens When Atlassian Cloud Loses Automations
In Februarty 2024, Atlassian Jira Cloud encountered a critical incident where Automations were no longer available to Jira customers. This event was unfortunate and, for some customers, the impact lasted for several days before automations were fully up and running again. During the incident, we hosted a live session with The Jira Life team of experts to talk through the incident and discuss the implications, ways to resolve the issue and how to mitigate the risks. The recording is below.
Other Resources
CLOUD FORTIFIED
Jira and Confluence Cloud Typically Contains Highly Sensitive Data
Whether it is commerically sensitive project information, private customer details or information that falls under the spotlight of regulatory control and protection, its essential that the data inside your cloud instances is protected from theft, loss and damage.
An area that is often overlooked by admins is the access that your third-party providers such as marketplace apps have.
Third Party Provider Risk
Its not all that difficult to become a Marketplace provider and with that role, comes a lot of responsibility. In recognition of that, Atlassian created the Cloud Fortified programme where marketplace partners can have be vetted by Atlassian and that confidence passed on to customers.
It is Essential for Backup Providers to be Secure
As backup vendors on the Marketplace have deep access to your data, it is absolutely essential for their security practicies, their commercial structures and their hosting platforms to be verified, but, not all in the Marketplace that we have reviewed are Cloud Fortified.
Cloud apps with advanced security, reliability and support
Quote From the Atlassian
"With advanced standards for security, reliability and support, Cloud Fortified apps are ready to meet the needs of all Atlassian Cloud customers, including enterprises. A Cloud Fortified badge indicates that an app participates in all six of Atlassian's cloud app security programs and undergoes additional checks for service reliability and performance. Cloud Fortified apps integrate their incident and review processes with Atlassian to allow for faster recovery time and continuous improvement, and abide by strict Atlassian-defined app support SLAs."
Other Resources
Backup Buyers Guide
When selecting a cloud backup solution for Jira or Confluence, make sure that you get answers to the following questions;
Basic Backup Features
If you are wanting a no-fuss backup solution that you can rely upon, these backup features are non-negotiable;
- How often can I back my data up?
- Can I configure the frequency of my automation?
- If the backup fails, how will I become aware of this?
- In the event of a backup problem, how can I trouble-shoot the problem, what information have I got access to track down the cause?
- How do I manage my backups in Jira and Confluence?
- How do I manage user-access security to my company backup operations and access to this sensitive data?
Backup Scope Features
- Which Jira data objects do you include in backups?
- Which Jira data objects do you not include in backups?
- Which Jira configuration objects do you include in backups?
- Which Jira configuatiion objects do you not include in backups?
- How do I manage user-access security to my company backup operations and access to this sensitive data?
Data Restore Features
- Which data objects can your system restore?
- Which data objects can your system not restore?
- Which configuration objects can your system restore?
- Which configuration objects can your system not restore?
- In the event of a full restore of an entire Jira project back to the same site, what - if any - manual activities will we need to complete in order to have that project back to a fully operational state?
- In the even of a full restore of an entire Jira project to a different site, what - if any - manual activities will we need to complete in order to have that project back to a fully operational state?
Data Security
- How can I be assured that my backups are working without having to log in and check manually every day?
- Is my data encrypted while its being transmitted from Atlassian Cloud to your external site?
- Is my data encrypted while its being stored at your external site?
- Is my data encrypted while its being restored back from your external site?
- What company level protections do you offer to provide assurance to me that your claims about security, resliency and reliability are independently verified?
Monitoring and Management
- Can I monitor multiple Jira sites and platforms in a central view or dashboard?
- Does your system provide logging of backup activities, such as backup run, backup success/fail?
- Does your system provide detailed logging of errors when things go wrong?
- Does your system provide logging of user activity such as changing backup settings, running a manual backup, running a restore?
- Can I have a third-party provide access the backup software to manage it for me?
Support
- What type of technical support does your company provide to customers? (Email, Chat, Phone, Remote-Connect)?
- What hours do your support team operate?
- Are your support team in-house staff, or an outsourced support provider?
- How are your team members vetted from a security standpoint?
Backup Buyers Guide
When selecting a cloud backup solution for Jira or Confluence, make sure that you get answers to the following questions;
Basic Backup Features
If you are wanting a no-fuss backup solution that you can rely upon, these backup features are non-negotiable;
- How often can I back my data up?
- Can I configure the frequency of my automation?
- If the backup fails, how will I become aware of this?
- In the event of a backup problem, how can I trouble-shoot the problem, what information have I got access to track down the cause?
- How do I manage my backups in Jira and Confluence?
- How do I manage user-access security to my company backup operations and access to this sensitive data?
Backup Scope Features
- Which Jira data objects do you include in backups?
- Which Jira data objects do you not include in backups?
- Which Jira configuration objects do you include in backups?
- Which Jira configuatiion objects do you not include in backups?
- How do I manage user-access security to my company backup operations and access to this sensitive data?
Data Restore Features
- Which data objects can your system restore?
- Which data objects can your system not restore?
- Which configuration objects can your system restore?
- Which configuration objects can your system not restore?
- In the event of a full restore of an entire Jira project back to the same site, what - if any - manual activities will we need to complete in order to have that project back to a fully operational state?
- In the even of a full restore of an entire Jira project to a different site, what - if any - manual activities will we need to complete in order to have that project back to a fully operational state?
Data Security
- How can I be assured that my backups are working without having to log in and check manually every day?
- Is my data encrypted while its being transmitted from Atlassian Cloud to your external site?
- Is my data encrypted while its being stored at your external site?
- Is my data encrypted while its being restored back from your external site?
- What company level protections do you offer to provide assurance to me that your claims about security, resliency and reliability are independently verified?
Monitoring and Management
- Can I monitor multiple Jira sites and platforms in a central view or dashboard?
- Does your system provide logging of backup activities, such as backup run, backup success/fail?
- Does your system provide detailed logging of errors when things go wrong?
- Does your system provide logging of user activity such as changing backup settings, running a manual backup, running a restore?
- Can I have a third-party provide access the backup software to manage it for me?
Support
- What type of technical support does your company provide to customers? (Email, Chat, Phone, Remote-Connect)?
- What hours do your support team operate?
- Are your support team in-house staff, or an outsourced support provider?
- How are your team members vetted from a security standpoint?
BEST PRACTICE GUIDE FOR JIRA DATA PROTECTION
Get the informative eBook
JIRA CLOUD DATA RESILIENCE STRATEGY
Just like any other part of your critical IT infrastructure, you should have a resiliency strategy that maps out the risks, vulnerabilities, practices and protective measures for your site/s.
A great place to start is to understand where your security responsibilities lie, which are distinctly different from Jira Server. Atlassian have published a very detailed guide on this and we have also written this aritcle to help you navigate this crucial step.
Read : Navigating Atlassian Cloud Security Shared Responsibilities
Once you've gotten a handle on your responsibilities around security and data backups, it pays to review your situation. We partnered with platinum solution partner, Praecipio to provide the following checklist to support this process.
Download: SaaS Data Resilience Checklist