Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Don’t let security spook you - it’s Trust-tober

October 5, 2023

Here in the US, it’s Cybersecurity Awareness Month! At Atlassian, we call this Trust-tober :pumpkin:

And while we don’t want you to be too spooked, it’s important to recognize that cybercrime has increased 15% over the last three years. As the size of these threats continues to grow, so does their level of sophistication. What has worked in the past won’t be enough to protect against future threats. On Atlassian Cloud, we tackle these challenges together and provide your teams with the tools they need to collaborate effectively, without compromising your data.

Here’s a snapshot of upcoming and recently launched features that we’ve built to defend your data, remain in compliance, and increase efficiency for admins:

  • Advanced security controls

    • BYOK encryption for Jira Software

    • Product requests

    • Security improvements to API token controls

    • Data residency in Canada

  • Expanded compliance program

    • HIPAA compliance for Standard and Premium plans

    • TISAX Level 2

  • New investments in the admin experience

    • Custom Domains for JSM Help Center (Beta)

    • Real-time changes in product updates

Take advantage of new security controls

On cloud, we tackle the evolving challenges of data security together. In addition to the comprehensive data protections we’ve built into the architecture of our products, we’re constantly expanding the number of controls we offer to ensure your teams have the flexibility they need to design a security strategy that best meets the needs of your organization. In this month’s roundup, we’re introducing features that will enable your teams to:

Maintain control over how your data is accessed

A consistent theme we’ve heard from you is the need for stronger encryption. Historically, encryption in cloud has been limited to encryption at rest and in transit but earlier this year we launched bring-your-own-key (BYOK) encryption as part of an early access program (EAP) for Jira Software and Confluence. Finally giving your teams the ability to manage the keys to your most prized possession, your data, with keys from your own AWS account. EAP was a success and now we’re moving to GA at the end of the month for Jira Software. This is the first of many milestones for BYOK encryption over the next year so keep your eye out for more to come!

Scale security as you grow

Whether you have 100 people or 10,000 people data security is essential to the success of your business, but your approach may look different. Unfortunately, as your teams grow, so do the risks of shadow IT. To further admin visibility and control to keep your organization protected, we’ve recently launched product requests. Product requests allows admins to deny or resolve user requests for new instances, and easily implement policies via admin.atlassian.com to address these risks.

Another key area that becomes more complex as you grow is API management. Recently, we have improved the mechanisms for managing API token usage to reduce unauthorized access to your organization's data. Admins can now block API token generation and usage by managed and external users all from within admin.atlassian.com.

Keep your data in a secure location

It’s not always about the size of your data, but where it lives. Storing data in a trusted region of your choice is often at the top of the requirements list for many organizations, which is why we’ve invested in expanding data residency to regions all over the world. Earlier this year we launched Singapore as a new region and now we’re introducing Canada, bringing the total number of countries we offer to six. By the end of Q1 2024, that number will double with Brazil, India, the UK, Japan, and Switzerland joining the party.

Address industry-specific compliance

In addition to strengthening our controls, we’re also broadening our compliance program to provide greater coverage across industries.

Improving coverage in healthcare

For customers with protected health information (PHI) in the US, we launched HIPAA compliance last year for Jira Software, Confluence, and Jira Service Management in Cloud Enterprise. We’re thrilled to announce that based on the feedback we heard from customers, we’re now expanding support to all paid plans (Standard and Premium) so teams of all sizes can take advantage of our HIPAA program. This expansion also comes with improved notifications in Jira Software (JSW) and Jira Service Management (JSM). When we initially launched HIPAA, all instances were required to turn off their notifications to ensure that PHI would remain compliant. Since then, we’ve made improvements to our notification system to allow for teams to turn on their notifications and stay protected. To learn more, visit our implementation guide.

Improving coverage in automotive

We’ve also improved our compliance posture for teams that work in the automotive industry in Germany, with TISAX Level 2 certification. TISAX requirements directly map to ISO27001 controls, which we are audited against every year to provide additional verification of our trusted platform. As we continue to uplevel our data security protections, we’ll continue to grow our compliance program into new industries. In the meantime, check out our Compliance Resource Center to explore what we offer today.

Make it easier for admins to focus on what matters

It’s no doubt that admins wear many hats, and admin.atlassian.com serves as their mission control center to ensure teams are protected, work moves forward, and goals are reached. Admins often have to balance customization and control within their organizations, and we’re excited to share a new customization feature for Jira Service Management Help Center. We’ve recently launched custom domains for JSM Help Center in beta. This feature provides admins with the ability to create a unique URL for their help center domains - promoting greater discoverability and ease of use.

As admins look to make information easier to find within their organization, we want to make it as easy as possible for them to find the latest information about Atlassian. That’s why we built product updates to surface essential, relevant, real-time information about Atlassian-initiated changes within their existing workspace. Gone are the days of sifting through emails and Slack messages to figure out what’s changed, when, and if it’s relevant for your teams. If you haven’t checked it out yet, go take it for a spin!

That’s all for now! If you have any questions, feedback, or comments would love to hear from you below.

Cheers,

Hosana

Comment
Watch
Like # people like this
1408 views

1 comment

Comment

Log in or Sign up to comment
Mark Benson
Mark Benson October 5, 2023

Unfortunately, as your teams grow, so do the risks of shadow IT. To further admin visibility and control to keep your organization protected, we’ve recently launched product requests. Product requests allows admins to deny or resolve user requests for new instances, and easily implement policies via admin.atlassian.com to address these risks.

 

Yeaaaaah, but you really haven't addressed it...

If Atlassian was serious about security in general and "addressing risk" across the board you wouldn't have paywalled this feature behind Enterprise only subscriptions.

Good security practices should not be a consideration exclusively for your Enterprise customers.

Like Dave Liao likes this
Hosana

Hosana

Atlassian Team
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.

About this author

Product Marketing Manager

17 total posts

View profile
groups-icon
Enterprise
TAGS
AUG Leaders

Atlassian Community Events

    See all events