7 non-negotiable security practices for any cloud product

Hello, Community! My name is Bill and I'm a Trust and Security Manager at Atlassian. 

Implementing security best practices for your cloud products might feel like you’re playing a game of chess against a chess grandmaster. You think you need to know the most complex strategies and plan ten moves in advance, but in reality, you’re playing against a 3rd-grade checker player.

While sophisticated security attacks do happen, it’s more likely that someone will break into your system using a simple phishing attack or they will crack one easy password and then figure out that people in your organization are using the same passwords over and over.

It’s not difficult to prevent the majority of security attacks using simple security hygiene and consistent maintenance and monitoring. Implementing these simple security measures will help keep your company data secure and protect it from unauthorized access, so you can rest easy knowing that your data is safeguarded (and that 3rd-grader isn’t taking your checkers).

Here’s the 3min tl;dr:

1. Track access and usage across cloud providers: In Atlassian cloud products, you can do this by creating an Organization. Learn how to create an Organization!

2. Manage access to sensitive data and routinely audit your accounts: Separate your company’s most sensitive information by creating a separate product site or repository, where you can tightly control users and access. It’s also a good idea to limit the number of admins you have for your cloud tools.

3. Automate your user provisioning: Rather than manually setting up user access and periodically auditing user accounts, automated user provisioning allows for a direct sync between your identity provider and your Atlassian cloud products. You’ll save time and strengthen security. 🙌

4. Configure single sign-on with your identity provider: Single sign-on (SSO) is also a great solution for consistently managing account access. Like SCIM, your SSO provider automates much of the security setup that otherwise you would manually manage.

5. Educate your team and set up login requirements: It’s not just up to you to implement security practices – we provide a couple reminders you can pass along to you team along with information about setting up password policies.

6. Routinely audit your activity logs: It’s a good idea to consistently audit your activity logs to help monitor unauthorized access to sensitive information.

7. Familiarize yourself with your cloud provider’s security: We encourage and expect you to verify security and operations of every cloud provider that your organization partners with, including Atlassian, which is why we’ve documented our information on our Atlassian Trust site, check it out!

Keep calm and check out the entire post on the Atlassian blog if you want the details for each recommendation!

How do you set up your cloud products to be secure? What are the best practices and time-savers that you’ve discovered?