It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Is data at rest encrypted for Atlassian cloud services?

I am primarily interested in the Confluence and BitBucket cloud services. 

When data stored by these services is just sitting at rest on Atlassian's drives, is it encrypted or not?

 

6 answers

1 accepted

1 vote
Answer accepted
lauren Atlassian Team Jun 18, 2019

Hi @Eric40@Paul Grover, and @Michael Daoust

I just wanted to provide an update here.

We recently announced that Atlassian now encrypts customer data at rest.

Data drives on servers holding customer data and attachments in Jira Software Cloud, Jira Service Desk Cloud, Jira Core Cloud, Confluence Cloud, Statuspage, OpsGenie, and Trello use full disk, industry-standard AES-256 encryption at rest. To learn more, please see our Security Practices page.

We post updates related to security, privacy, compliance, and more in our Trust & Security groupFeel free to post related questions and feedback there! 

Best,

Lauren

Well, that took a while, but glad to hear it!

Like lauren likes this

Does this mean that BitBucket repositories on a free account are encrypted everywhere Atlassian stores them?

lauren Atlassian Team Sep 19, 2019

@jamesmaniotis No, Bitbucket data is not fully encrypted. 

Here's the line from our documentation: 

Data drives on servers holding customer data and attachments in Jira Software Cloud, Jira Service Desk Cloud, Jira Core Cloud, Confluence Cloud, Statuspage, OpsGenie, and Trello use full disk, industry-standard AES-256 encryption at rest. Customer data on Bitbucket Cloud is not fully encrypted at rest.

By encryption at rest we mean that we encrypt customer data that is stored on a disk such as Jira issue data (details, comments, attachments) or Confluence page data (page content, comments, attachments). Data encryption at rest helps guard against unauthorized access and ensures that data can only be access by authorized roles and services with audited access to the encryption keys.

Hi,

When is Bitbucket data encryption at rest available?

If it is not available today out of the box, is there any other way to achieve it?

Please let me know.

Niru

Unfortunately, this still means that anyone at Atlassian with access to the encryption keys can read our data in glorious full text, the fact that access is audited means very little to the end-user. How about transparent encryption of the DB rows themselves? You can store IDs or whatever, but the sensitive data (like meeting notes or business plans) is encrypted even to you, Atlassian. Is that something you are considering or is better to switch to server versions in order to protect better our data? Thanks

Can we please get a straight answer to this question?  That URL has no info pertaining to this question.

The answers are posted in their documentation.

https://www.atlassian.com/trust - contains everything

 

Your answer specifically is located at 

https://www.atlassian.com/trust/security/security-practices#faq-5fd9f2cf-d7c7-40fa-af1f-854e2d9f3f48

Content stored within Jira Cloud and Confluence Cloud isn't encrypted. However, attachments on storage in AWS are encrypted. We believe we can rely on the physical controls and management at AWS, as well as transit-level encryption to protect customer data. A minimum of 128-bit Advanced Encryption Standard (AES) is used for attachments.

Most of the others on this site are users, like you. I've never seen any information regarding your question, so I'll hope @Logostech Atlassian Support notices your question.

0 votes
Pedro Cora Atlassian Team Nov 20, 2014

Hi Eric,

I recommend you to take a look at this page: https://www.atlassian.com/hosted/security. It contains the answer to your question. :smile:

-- Pedro

So, the answer is 'no, it is not encrypted'? I do not see any comment on encryption while the data is at rest. They do mention that backups are encrypted. If the answer is 'no', please update your answer stating this explicitly and I will mark it as the answer.

Agreed- there is no mention of encryption at rest in that document which I already reviewed.  There is the same question from a different user which received the same response.  Can we simply have a straight response of "YES" or "NO" to this question?

@Pedro Cora [Atlassian] - Sounds like some follow-up is expected from you on this.

Dear Atlassian team,

Could you update us all on this question? This can sometimes be a compliance issue and we do need to be clear on this matter whether data is encrypted at rest on not (and with which encryption protocols / methodology) for:

  • Attached documents (uploaded)
  • Pages, tickets...

Clearly understood that all communications use TLS 1.2, but this may not be enough information for us.

Understood we can also protect and encrypt some documents sent also with some plugins available, but for example you could already maybe have an encryption at rest leveraging S3 bucket capabilities (if using AWS)?

do we have a precise information on how to handle data at rest in bitbucket cloud

Does this mean that BitBucket repositories are encrypted for free accounts everywhere Atlassian stores them?

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence

How To: get the most out of the new Confluence navigation and Home

Hi Community, Elaine again from Confluence Cloud Product Management. Most of you have used the new Confluence navigation and Home for some time by now. Not sure what changed or just want to lear...

480 views 3 10
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you