I am primarily interested in the Confluence and BitBucket cloud services.
When data stored by these services is just sitting at rest on Atlassian's drives, is it encrypted or not?
I just wanted to provide an update here.
We recently announced that Atlassian now encrypts customer data at rest.
Data drives on servers holding customer data and attachments in Jira Software Cloud, Jira Service Desk Cloud, Jira Core Cloud, Confluence Cloud, Statuspage, OpsGenie, and Trello use full disk, industry-standard AES-256 encryption at rest. To learn more, please see our Security Practices page.
We post updates related to security, privacy, compliance, and more in our Trust & Security group. Feel free to post related questions and feedback there!
@jamesmaniotis No, Bitbucket data is not fully encrypted.
Here's the line from our documentation:
Data drives on servers holding customer data and attachments in Jira Software Cloud, Jira Service Desk Cloud, Jira Core Cloud, Confluence Cloud, Statuspage, OpsGenie, and Trello use full disk, industry-standard AES-256 encryption at rest. Customer data on Bitbucket Cloud is not fully encrypted at rest.
By encryption at rest we mean that we encrypt customer data that is stored on a disk such as Jira issue data (details, comments, attachments) or Confluence page data (page content, comments, attachments). Data encryption at rest helps guard against unauthorized access and ensures that data can only be access by authorized roles and services with audited access to the encryption keys.
Unfortunately, this still means that anyone at Atlassian with access to the encryption keys can read our data in glorious full text, the fact that access is audited means very little to the end-user. How about transparent encryption of the DB rows themselves? You can store IDs or whatever, but the sensitive data (like meeting notes or business plans) is encrypted even to you, Atlassian. Is that something you are considering or is better to switch to server versions in order to protect better our data? Thanks
The answers are posted in their documentation.
https://www.atlassian.com/trust - contains everything
Your answer specifically is located at
Content stored within Jira Cloud and Confluence Cloud isn't encrypted. However, attachments on storage in AWS are encrypted. We believe we can rely on the physical controls and management at AWS, as well as transit-level encryption to protect customer data. A minimum of 128-bit Advanced Encryption Standard (AES) is used for attachments.
Dear Atlassian team,
Could you update us all on this question? This can sometimes be a compliance issue and we do need to be clear on this matter whether data is encrypted at rest on not (and with which encryption protocols / methodology) for:
Clearly understood that all communications use TLS 1.2, but this may not be enough information for us.
Understood we can also protect and encrypt some documents sent also with some plugins available, but for example you could already maybe have an encryption at rest leveraging S3 bucket capabilities (if using AWS)?
Hi, Confluence collaborators! As part of #Confluence-Collaboratory month, we’ve created a very special Mythsbusters segment, where we're dive into an interesting myth and uncover the truth behind i...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events