I am primarily interested in the Confluence and BitBucket cloud services.
When data stored by these services is just sitting at rest on Atlassian's drives, is it encrypted or not?
Hi @Eric40, @Paul Grover, and @Michael Daoust
I just wanted to provide an update here.
We recently announced that Atlassian now encrypts customer data at rest.
Data drives on servers holding customer data and attachments in Jira Software Cloud, Jira Service Desk Cloud, Jira Core Cloud, Confluence Cloud, Statuspage, OpsGenie, and Trello use full disk, industry-standard AES-256 encryption at rest. To learn more, please see our Security Practices page.
We post updates related to security, privacy, compliance, and more in our Trust & Security group. Feel free to post related questions and feedback there!
Best,
Lauren
Well, that took a while, but glad to hear it!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Does this mean that BitBucket repositories on a free account are encrypted everywhere Atlassian stores them?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@jamesmaniotis No, Bitbucket data is not fully encrypted.
Here's the line from our documentation:
Data drives on servers holding customer data and attachments in Jira Software Cloud, Jira Service Desk Cloud, Jira Core Cloud, Confluence Cloud, Statuspage, OpsGenie, and Trello use full disk, industry-standard AES-256 encryption at rest. Customer data on Bitbucket Cloud is not fully encrypted at rest.
By encryption at rest we mean that we encrypt customer data that is stored on a disk such as Jira issue data (details, comments, attachments) or Confluence page data (page content, comments, attachments). Data encryption at rest helps guard against unauthorized access and ensures that data can only be access by authorized roles and services with audited access to the encryption keys.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
When is Bitbucket data encryption at rest available?
If it is not available today out of the box, is there any other way to achieve it?
Please let me know.
Niru
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Unfortunately, this still means that anyone at Atlassian with access to the encryption keys can read our data in glorious full text, the fact that access is audited means very little to the end-user. How about transparent encryption of the DB rows themselves? You can store IDs or whatever, but the sensitive data (like meeting notes or business plans) is encrypted even to you, Atlassian. Is that something you are considering or is better to switch to server versions in order to protect better our data? Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The answers are posted in their documentation.
https://www.atlassian.com/trust - contains everything
Your answer specifically is located at
https://www.atlassian.com/trust/security/security-practices#faq-5fd9f2cf-d7c7-40fa-af1f-854e2d9f3f48
Content stored within Jira Cloud and Confluence Cloud isn't encrypted. However, attachments on storage in AWS are encrypted. We believe we can rely on the physical controls and management at AWS, as well as transit-level encryption to protect customer data. A minimum of 128-bit Advanced Encryption Standard (AES) is used for attachments.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Can we please get a straight answer to this question? That URL has no info pertaining to this question.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Does this mean that BitBucket repositories are encrypted for free accounts everywhere Atlassian stores them?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Eric,
I recommend you to take a look at this page: https://www.atlassian.com/hosted/security. It contains the answer to your question.
-- Pedro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
So, the answer is 'no, it is not encrypted'? I do not see any comment on encryption while the data is at rest. They do mention that backups are encrypted. If the answer is 'no', please update your answer stating this explicitly and I will mark it as the answer.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Agreed- there is no mention of encryption at rest in that document which I already reviewed. There is the same question from a different user which received the same response. Can we simply have a straight response of "YES" or "NO" to this question?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Pedro Cora [Atlassian] - Sounds like some follow-up is expected from you on this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Atlassian team,
Could you update us all on this question? This can sometimes be a compliance issue and we do need to be clear on this matter whether data is encrypted at rest on not (and with which encryption protocols / methodology) for:
Clearly understood that all communications use TLS 1.2, but this may not be enough information for us.
Understood we can also protect and encrypt some documents sent also with some plugins available, but for example you could already maybe have an encryption at rest leveraging S3 bucket capabilities (if using AWS)?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
do we have a precise information on how to handle data at rest in bitbucket cloud
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Most of the others on this site are users, like you. I've never seen any information regarding your question, so I'll hope @Logostech Atlassian Support notices your question.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.