From Data Center to Cloud: how customers are rethinking apps

@Mia Tamm _Simpleasyty_ Totally agree: the first step is the hardest, but once teams experience the possibilities, the conversation changes. Thank you for sharing these insights!

Totally resonate with this, Mia. That “first step” mindset shift is real. Once teams are in Cloud, they can stop trying to mirror the past and start really optimizing for the future.

One practical way we see that happen is with content lifecycle. Confluence and Jira are powerful, but without clear retention from day one, content sprawl creeps in fast. Search and Rovo/AI output quality drops, onboarding gets harder, governance gets real fuzzy. Establishing automated, policy‑driven retention early (review → archive → delete, with exceptions for evergreen or regulated content) keeps the signal high and the noise lower. Side-benefit: backups are more efficient and more compliant as well, and their object storage simply costs less (to store 3x copies of a 35% larger backup costs approximately double what it could be).

This the core idea behind Opus Guard’s Content Retention Manager for Atlassian Cloud: set policies once, apply them consistently across spaces (and fka projects), track all the decisions with audit-ability, honor legal holds, and give content retention to delegated groups of content admins to do lightweight approvals when needed. It’s a small change that compounds: better search relevance, less model drift and cognitive decline from Rovo, leaner workspaces everywhere, stronger compliance posture, and happier teams who do less manual upkeep to better find what they need and trust what they see.

In short: start fresh, and stay fresh. Cloud gives you the flexibility; automated retention gives you the discipline to keep it that way.

Thank you both so much, @Elena_Communardo Products and @Nick Wade -Opus Guard-! 

I couldn’t agree more that “first step” mindset shift truly changes everything. Once teams embrace Cloud, new habits and better ways of working naturally follow.

Really appreciate your thoughtful perspectives and the work you’re both doing to help teams build stronger, more future-ready environments.

To add to this, Atlassian has invested extensively in making sure apps are Cloud Enterprise ready. Key things to look for when considering an app if you're a large enterprise:

• Is the app "Runs on Atlassian?" This is a non-starter if not given the security posture you were used to with DC
• Is the app Cloud Fortified?
• Is the app vendor SOC2 Type 2 certified? - This one is huge because it ensures not just how the app executes but how the business behind it is secured. 

“We don’t want to lose what we already have.”

This quote gets me. DC had the benefit of virtually unlimited storage limited only by your infra. In cloud, if you want it to run fast, you need to have a better content management strategy in place, keep what you need, remove what you don't. Additionally, as great as the security features above are, in cloud, you should still think: "what if someone gets through the secured door?" That means not leaving your risky or obsolete content out in the open. 

I'm always up for coffee, but really, @Nick Wade -Opus Guard- 's got it

@Darin - Opus Guard I wonder how Runs on Atlassian will impact the need to have SOC2 for American companies. On a practical software security level Runs on Atlassian is in many ways more interesting than SOC2, it makes it impossible for apps vendors to access client data regardless if have SOC2.

Thanks so much for expanding on that, @Darin - Opus Guard! Totally agree, “Runs on Atlassian” and Cloud Fortified are key signals for enterprise-ready apps. Love how you framed the importance of managing content actively rather than just storing everything “because we can.”

That mindset shift really defines success in Cloud.

Great point, @Stavros_Rougas_EasyApps 

The way “Runs on Atlassian” isolates customer data indeed changes the conversation. It’s security by design. SOC2 still adds trust from a business and process standpoint, but the combination of both gives customers real peace of mind.

@Stavros_Rougas_EasyApps - I wish it were that easy, because I'm with you. We built Content Retention Manager 100% on forge so it was in the first grouping of "Runs on Atlassian." My thinking was that's better than Soc2 because no data egress, built in data residency tethered to Atlassian and all the security from Forge itself.

...then came our first major deal. They were over the moon with our app, but when their Zip request came in, it still came down to "when are you getting SOC2?"The fact is, while Forge is well known within Atlassian, for the enterprise procurement teams, who manage hundreds of SaaS platforms and the thousands of apps/integrations, there's still a gap in policy. The procurement, IT, CISO, and legal teams in these large organizations still default to SOC2 or Bust.

So we sat on it and decided, let's do it. To your point, there was an entire section of the SOC2 audit we got to "skip" thanks to Atlassian Forge. Our audit focused primarily on how we operate our business, so while overkill, it still promotes trust to these large enterprises. I would still argue, it's a good thing because even demonstrating the ability to secure SOC2 defines a company as more than a hobby project and one with business rigor behind it.

Since that point, we continue to hear that while there's debate to the validity of SOC2 in scenarios like Runs on Atlassian, for top tier enterprise tech, they still demand it as it gives their general council (and team) a little extra comfort.

SOC2 remains the first document we share during the enterprise procurement process even before we get them going with their free pilot.

@Darin - Opus Guard great explanation. SOC2 (ISO 27001 even, especially in Europe) for the better or for the worse can be a minimum requirement, SOC2 organization has done a lot to sell it's brand.

Even if Runs on Atlassian becomes better known this is likely to be the case for 1-2 more years. And even then it is niche, Atlassian specific.

I have definitely noticed this shift in my own experience. More and more, teams are rethinking apps not just for performance, but for flexibility and scalability in the cloud. What used to be rigid, on-prem setups are now being redesigned so they can scale up or down easily, integrate with other services, and take advantage of things like AI and analytics. It’s not just about moving servers—it’s about reimagining how the app actually works and delivers value to users. I’m curious how others are handling the balance between cost, security, and agility when making this transition.