How to secure Atlassian Cloud Applications?

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”

- Edward Snowden

Atlassian's announcement that it would be shutting down its server instances had a significant impact on the customers. Confusion grew among people as some chose Atlassian's Data Center while others chose its Cloud. Both the Data Center and the Cloud have their own set of benefits and drawbacks. One of the most common questions was, "Is Atlassian Cloud secure in terms of cyber threats?" when Atlassian itself faced a cyber attack.

Products made by Atlassian are high quality, very secure, and reliable, but as they say, there is always a scope for improvement. This article will mainly focus on how we can make Atlassian Cloud Applications more secure and avoid cyber-attacks!

When we talk about securing an application for ten to thousands or even more users, adding an extra layer of authentication on top of the basic authentication can be extremely helpful because with 2 layers of authentication hacking into any system becomes much more difficult. Therefore we see an increase in the demand for authentication methods like Single Sign-On (SSO) and Two Factor Authentication (2FA)  in the last couple of years.

Atlassian provides a level of security by allowing users to Single Sign-On. Single Sign-On (SSO) and Two Factor Authentication (2FA) go hand in hand so it won’t be an issue for customers who are using the in-built SSO solution for Atlassian Cloud. 

Single Sign-On(SSO)

SSO is an authentication process in which a user is authenticated against the Identity Provider which is connected to the Atlassian Applications. These users authenticate using XML assertion in SSO. The XML exchange process reduces security threats and protects user data. 

Atlassian has an inbuilt connector for Single Sign On (SSO) which works well for SAML Identity Providers and it is highly recommended to solve complex use-cases like login with multiple IDPs and managing user permissions.

Two Factor Authentication(2FA)

Two-factor authentication (2FA), sometimes referred to as two-step verification, is a security process in which users provide two different authentication factors to verify themselves on top of the username and password authentication. This process is done to better protect both the user's credentials and the resources the user wants to access in our case it will be Atlassian Cloud.

The above explanations went pretty technical so let’s understand it with the help of an example. 

Now let’s consider the rays of the sun as the users, the ozone layer as SSO or 2FA shield, atmospheric hindrance as basic authentication, earth as an application like Jira, Confluence, etc, and humans as files or documents present inside those applications.

Now we as rays of the sun (users) first have to cross the ozone layer (SSO/2FA) then pass the earth’s atmospheric hindrance (basic authentication) then we can gain access to the files present in those applications. We (users) as rays of the sun are happy as we were able to reach our destinations.

But let’s consider another aspect of the same scenario, now let’s consider ozone holes and UV rays of the sun as a hacker. The UV rays (hacker) tries to enter the earth (application) and since the ozone layer (SSO/2FA) is absent in some areas, the UV rays can easily bypass the ozone layer and with a bit of skill crossing atmospheric hindrance (basic authentication) won’t be a big deal and hence reach earth (application) but now the humans (files and document) are exposed.

Therefore this is how an additional layer such as SSO or 2FA is important for us.

Since Atlassian’s cloud community is still growing, applications that support 2FA over the cloud are very few. miniOrange can help in fulfilling the needs of SSO as well as 2FA. The 2FA solution provided by miniOrange over the cloud contains many authentication methods like OTP over SMS, OTP Over Email, Hardware Token, Authenticator token, and many more, with the capacity to manage a huge number of users. With miniOrange, external and internal users can be managed in one place. It can easily be integrated with external AD/LDAP directories or other Identity Providers (IDPs) without any hassle. Users can use the same credentials and 2FA to access multiple applications.

We have a Two Factor Authentication (2FA) solution for Atlassian Server and Data Center as well. Give a quick read to this Article. 

For detailed information about our SSO and 2FA add-ons please refer to the link. In case of any queries, please feel free to drop us a mail at info@xecurify.com