Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

An update on product requests: bringing shadow IT controls to Trello and Bitbucket

To meet the needs of our organization admins and enterprise customers, we launched product requests, a proactive shadow IT control for Jira, Confluence, and Jira Service Management’s (JSM) Cloud Enterprise plans.

We are excited to share that we are expanding the power of product requests today!

Now, any organization admin with Jira, Confluence, and Jira Service Management’s (JSM) Enterprise will also have control over their Trello instances across all Trello plans. Customers with Bitbucket Premium will be able to beta test this functionality. In addition to expanded product coverage, we are happy to share an approval enhancement to the product requests workflow.

A multi-year journey: Atlassian’s approach to shadow IT controls

As you know all too well, uncontrolled shadow IT, defined as the use of IT-related hardware or software by an individual without the knowledge of the organization's admin or IT department, continues to be a challenge for enterprise customers. It can lead to decreased control of potentially sensitive data and an increased risk of data loss.

As a result, we have been on a multi-year journey to address your shadow IT concerns.

The history of addressing shadow IT at Atlassian:

 Date Description  
July 2021 Launched automatic product discovery: an Atlassian Guard (formerly known as Access) feature that allows admins to see what shadow IT (user-created instances) existed in their organizations. Admins could not act on this in-product.
September 2023 Launched product requests: a Cloud Enterprise plan only feature to proactively control shadow IT across Jira, Confluence, and JSM. With this feature, admins could deny new requests for user-created instances and stop shadow IT from being created in the first place.
October 2023 Launched small improvement to automatic product discovery: added the reporting field ‘last active date’, therefore admins could see how recently the shadow IT instance was created/utilized.
February 2024 Launched significant improvement to automatic product discovery: added the ability for admins to join previously unmanaged instances in order to assume control of them.

We are here!

October 2024

Launched expanded coverage and approval flow: Now, we are excited to announce the expansion of coverage to Trello and Bitbucket products. In addition, organization admins can approve product requests if they want to grant a user the ability to create a new instance under their management.

 

How to take advantage of product requests' enhancements:

Atlassian organization admins will be able to configure settings to either ‘allow new products’ or ‘require admin approval’ across their covered products.

PR Settings.png

If admins select ‘require admin approval,’ they will have a dashboard of requests from users to review, approve, or deny new instances.

PR dash.png


 

Addressing your frequently asked questions

We know that product requests is a highly requested, highly adopted feature across our community. We’ve even learned that, the larger a cloud footprint, the more likely an admin is to frequently utilize this feature. We’re so happy to see its impact!

If you haven’t already begun using these controls, we hope these FAQs can help you get started.

 FAQ  Answer

I want to get started!

Can you help me understand the difference between the shadow IT controls available in Atlassian Guard Standard and the controls in Cloud Enterprise?

Because our Cloud Enterprise plan includes Atlassian Guard Standard, customers with Cloud Enterprise can utilize both automatic product discovery and product requests.

Automatic product discovery, a feature within Atlassian Guard Standard, empowers customers to:

  • See what user-created instances exist in their cloud footprint
  • See how many users exist in that instance, its last active date, and who administers it
  • Join as an admin to take over control

Product requests, a feature within Cloud Enterprise, allows admins to set a proactive policy to either:

  • Allow new instances to be created
  • Require admin review before any new instance is created

When requiring admin review, admins will then triage and accept or deny new instance creation.

I want to use product requests for Trello, how do I get access?

Customers with Trello must subscribe to an Enterprise plan for Jira, Confluence, or JSM to access the product requests feature. This means, for example, if you have Jira Enterprise and Trello Standard, you can use product requests for Jira and Trello.

We are exploring options for bringing this as a standalone Trello capability in the future.

Why is product requests in the Cloud Enterprise plan (for Jira, Confluence, and JSM)?

The Cloud Enterprise plan solves the challenges of customers who manage many teams and data across their Atlassian toolchain. These customers operate at a complex scale, which can imply they have arduous workflows; the need to scale administrative practices to ensure no impact on security or performance; have high M&A activity; and more. In addition, these customers often operate in highly regulated industries and geographies or have stricter security and compliance requirements.

Given this, we've made product requests - an advanced security feature - available in our Cloud Enterprise plan to help customers in large, complex environments more closely monitor shadow IT risks as they scale or manage compliance requirements.

 

Thank you for your engagement, and we look forward to seeing the impact product requests has on your organization.

Best, Vikki and the Admin Experience team

16 comments

Comment

Log in or Sign up to comment
Asher Francis
Contributor
October 15, 2024

Still absolutely disgusting that this is only available on the Enterprise plan. We pay in excess of $60k a year for Jira yet cannot control this unless we pay almost double that. 

Like # people like this
Bert Roos
Contributor
October 15, 2024

It is absolutely unbelievable that you take pride in resolving this issue for high-paying customers, while leaving others to struggle with Atlassian-facilitated shadow IT.

Like # people like this
tom_hawkins
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 15, 2024

@Vikki Ulmer when will shadow IT controls be available to standard plan customers please? There are many functions where it's understandable why they are only available to Enterprise or Premium level customers, but this is NOT one of them! 

Like # people like this
S Alexandre Lemaire
Contributor
October 15, 2024

Agreed. Locking a feature meant to prevent costly misuse behind a more expensive plan is unacceptable. We need controls to stop users from unintentionally creating sub-Confluences and similar items that are automatically added to our bill (adding, that these rogue additions are not straightforward to cancel).

Like # people like this
Tomislav Tobijas _Koios_
Solutions Partner
Solution Partners provide consulting, sales, and technical services on Atlassian products.
October 15, 2024

While it's good to see improvements on this topic, I can just agree with what everyone else is saying and forward that all of our clients and partners are unhappy with not having the option to disable new product installs by their managed users. In my opinion, this feature should be available for all paid plans.

Like # people like this
Joe Johnson
Contributor
October 16, 2024

Joining everyone else here to say that giving this ability to Enterprise only plans is not acceptable. Many businesses with a larger footprint still use Premium, and it's unrealistic to suggest that they should upgrade their plan just for this basic security admin feature. Furthermore the option to block product creation is clearly already available in the admin panel for Premium users, we're justg not able to select it. Bad form.

Like # people like this
Joerg
Contributor
October 17, 2024

I agree that this should not just be for Enterprise customers but also what I noticed that even though we have JSM Enterprise we can't limit the creation of Confluence and Jira products because "You need a Jira Enterprise subscription to change this request setting." I assume it must be Jira Software Enterprise and even JSM Enterprise is not enough?

Like # people like this
Benjamin Horst
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 21, 2024

>Why is product requests in the Cloud Enterprise plan (for Jira, Confluence, and JSM)?

Chose the possible answer (multiselect or none possible)

1) Atlassian wants to create Cash by pain. First you create the pain in a pretty stupid way. 18 of our currently 22 discovered products were reportedly created by pretty new users by accident. It's like shooting people in the foot and then selling bandages. 

2) Atlassian has reports running for its stakeholders that show how many new orgs and sites get created every month. Currently we run with an average of about 1-3 pages per month getting created accidently per 1000 users. Someone must have run the numbers and is scared now to correct the numbers.

3) "The Cloud Enterprise plan solves the challenges of customers who manage many teams and data across their Atlassian toolchain. These customers operate at a complex scale, which can imply they have arduous workflows; the need to scale administrative practices to ensure no impact on security or performance; have high M&A activity; and more. In addition, these customers often operate in highly regulated industries and geographies or have stricter security and compliance requirements.

Given this, we've made product requests - an advanced security feature - available in our Cloud Enterprise plan to help customers in large, complex environments more closely monitor shadow IT risks as they scale or manage compliance requirements."

Like # people like this
Ben Hawkins
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 22, 2024

This is completely unacceptable that these Shadow IT controls are behind the Enterprise plan only. This is a security risk, especially considering Trello's history. This needs a sense check

Like # people like this
Stefaan Vandaele
Contributor
October 22, 2024

Being able to control the creation of new organizations/sites/products by managed users must be a standard feature, otherwise why name the user a managed user?

The standard Atlassian products contain the ability to set permissions on users and groups, but not the ability to block organization/site/product creation by managed users? C'mon!

Even worse, the whole UI design by Atlassian continuously tricks the managed users into creating new organizations/sites/products by accident, especially during login.

Instead, while logging in to the platform, a managed user should be guided towards the organizations/sites/products that he/she has access to.

Any organization that takes security and data protection seriously, cannot allow such practices of guiding the users away from the managed environment. Any self-respecting organization should also not implement such "features".

Like # people like this
Alex Koxaras _Relational_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 22, 2024

Hi @Vikki Ulmer 

It would be great if that could be featured in the Premium plans as well. The way I see it currently this feature is coming from the "Enterprise admin experience team" rather than an "admin experience" team. These news are not quite what I was expecting. :(

Like # people like this
Hana Kučerová
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 22, 2024

Hi @Vikki Ulmer ,

thank you. It is great improvement, but I totally agree with the others. This is big problem in every organization and I would really appreciate, if this is available for at least Premium plan, not only Enterprise.

Like # people like this
Michelle Lynch
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
November 12, 2024

This needs to be available to all paid plans, not a good look for Atlassian if the motivation is to force us all to Enterprise. 

Like Joe Johnson likes this
Stefaan Vandaele
Contributor
November 12, 2024

Hi,

Let's have a look at the products and the product names:

  • Premium products: the "premium" versions of Jira and Confluence are not cheap. Many companies, like ours, are spending a small fortune on these products! All customers for the so-called “premium” products are expecting those products to be mature and secure, and well suited for professional use.
  • Managed users: the users are "managed" but what does this mean? In my opinion, the company must have control over those users and what they can do or can’t do on the platform. But not for Atlassian! For them, a "managed" user means a user that belongs to a claimed domain, that's all! On the contrary, Atlassian guides our “managed” users away from the “premium” managed environment, and allows (and encourages!) them to subscribe for new products outside of the managed environment! This shadow IT is a major security hazard!
  • Guard: according to the name, this product should guard their customers from a number of things. The first one, and the most obvious one in my opinion, is guarding the company from the above mentioned security hazard that Atlassian is creating for their "premium" customers, who have "managed" users!

Although obvious for every customer of Atlassian, it seems none of this makes sense for the so-called product managers of Atlassian! Stopping these shadow IT practices and guiding our managed users towards to our managed environment, is basic stuff for any product that deserves the naming premium/managed/guard, and should never be hidden behind an enterprise paywall.

Atlassian, if you really want to be what you claim to be (a provider of secure and good quality platforms and services), then just act like that by providing value for money! Now you are providing a lot of garbage for “premium” money (a continuous flood of security hazards), and you are asking “enterprise” money for stopping to provide the same garbage? This is not what I understand under “provide value for money”.

We must open a support ticket every time a user is accidentially creating an site and let the Atlassian support clean up the mess until we get some opportunity to prevent users from creating new instances without any admin consent.

Indeed, we must keep on bringing this to the attention of Atlassian, using all possible means, and make them spend their time on the cleanup work, too! We must also keep posting and creating new bug reports for this issue.

In the support tickets, always repeat the same information (I even made a "template" ticket for site removal requests!):

  • The site has been created entirely by accident by one of your "managed" users
  • You don't agree with the shadow IT activities of Atlassian towards the managed users of your "premium" subscriptions
  • This is a huge security issue which must be resolved by Atlassian if they want to show any respect for their customers
  • If this continues, you will have no other option than advising AGAINST the further use of any Atlassian tools

Also make references to some relevant articles:

Ask for the immediate and permanent deletion of the site.

And finally, also ask to keep the ticket open until the site has been completely removed (because they like to close tickets before the site has been deleted and when deletion fails you have to start all over again!).

 

Like Joe Johnson likes this
Stefaan Vandaele
Contributor
November 14, 2024

"How can Atlassian better support your organization?"

That is the title of an email from Atlassian, which you have probably also received, containing an invitation to "Share your thoughts in a short 5-7 minute survey".

I recommend everyone to participate and share your thoughts about Atlassian pushing shadow IT towards the managed users of customers with Jira Premium and Confluence Premium.

During the survey, there are 3 text boxes where you can type free text. Keep Atlassian informed about your thoughts!

Like # people like this
Chris Rogers
Contributor
November 29, 2024

@Vikki Ulmer - This is disappointing and is not customer-focused.  It would be one thing if this functionality didn't exist at all, but having it available and choosing to paywall it behind Enterprise goes away from a core Atlassian value: "Dont #@!% the customer"

This should be available for any organization, no matter the license tier, that has managed accounts.

Like Joe Johnson likes this
TAGS
AUG Leaders

Atlassian Community Events