My client an assurance company , where we have JIRA SW cloud instance is asking Atlassian to give evidences of Security Scanners to detec intrusion etc... in its site sabdellzurich.atlassian.net.
Atlassian does not share the reports of the tests they performed. But this is not enough fro the client.
I can not believe this is the first time a client ask something like this to Atlassian.
Can any body help me and give me a bit of light?
Thanks a lot
Your client needs to understand that they are buying Software as a Service, not a server.
You can ask Atlassian for more detail, but most of what you will get is assurances that their testing and security is thorough, and references to their public documentation. Remember that they test and monitor all the systems, not individual Cloud sites, so the results are sensitive to each site and hence can't be shared.
If your client has specific questions, you could ask them here for more detail in general, but if that's not enough, raise a support request with Atlassian directly, they may give you something more. https://support.atlassian.com/contact/#/
They can always refer to the trust center (https://www.atlassian.com/trust/security)
The fact that Atlassian is certified in certain ISO's should be sufficient to demonstrate that they are secure and compliant.
Like @Nic Brough -Adaptavist- mentions, specific site testing won't really be a thing, the platform in itself is validated and secured.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.