Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

is JIRA cloud data encrypted?

Jelena Vatavuk
Jelena Vatavuk March 1, 2016

I would like to know if the JIRA cloud data (or even the JIRA server) is encrypted in transit AND at rest.

 

 

Answer
Watch
Like # people like this
4409 views

6 answers

1 accepted

4 votes
Answer accepted
lauren
lauren
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 18, 2019

Hi @Jelena Vatavuk@Frederik Nordahl Jul Sabroe, and @Ryan Kennedy

I just wanted to provide an update here. 

Customer data is encrypted in transit and at rest in Atlassian cloud products.

All customer data stored within Atlassian cloud products and services is encrypted in transit over public networks using Transport Layer Security (TLS) 1.2+ with Perfect Forward Secrecy (PFS) to protect it from unauthorized disclosure or modification.

Data drives on servers holding customer data and attachments in Jira Software Cloud, Jira Service Desk Cloud, Jira Core Cloud, Confluence Cloud, Statuspage, OpsGenie, and Trello use full disk, industry-standard AES-256 encryption at rest. To learn more, please see our Security Practices page.

We post updates related to security, privacy, compliance, and more in our Trust & Security group. Feel free to post related questions and feedback there! 

Best,

Lauren

Reply
4 votes
Rita YOUNES [In
Rita YOUNES [Infosysta]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 2, 2016

Application database backups for Atlassian Cloud occur on the following frequencies: On-site backups are performed daily and retained for seven days; Tape backups are taken weekly, which are then stored off-site and retained for four weeks. All backup data is encrypted.

View More Comments
Jelena Vatavuk
Jelena Vatavuk March 2, 2016

Thank you for your response, but this didn't fully answer my question.

I am looking for data that is not only backed up - rather active data that is in transit or at rest.

 

 

Like
Reply
1 vote
Frederik Nordahl Jul Sabroe
Frederik Nordahl Jul Sabroe September 29, 2017

Atlassian is compliant with SOC2, and their SOC2 report can be obtained here: https://www.atlassian.com/trust/compliance

Unfortunately the report clearly states on page 29 that "Data is not encrypted at rest. Data in transit is encrypted with the TLS cryptographic protocol."

Reply
0 votes
Ryan Kennedy
Ryan Kennedy May 18, 2017

We are an Atlassian Solution Partner and we've just released something that might help. It's called Team Secrets and it protects sensitive file attachments in JIRA with end-to-end encryption for attachment uploads and 2 factor verification for downloads.

https://marketplace.atlassian.com/plugins/io.teamsecrets.jira.prod/cloud/overview

Please try it and let us know if this helps!

Reply
0 votes
Bob Vandenberg
Bob Vandenberg September 26, 2016

I am also looking for the same data. 

I need to know if the data at rest is encrypted or in any other way secured? 

I also need to know if a 3rd party vendor can access/decrypt the data their facility is hosting? 

Also, I need to know of any vendor has access to non-encrypted, non-public data in our instance?

I have not found a clear statement in your online documentation 

Reply
0 votes
Robert Massaioli _Atlassian_
Robert Massaioli _Atlassian_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 2, 2016

This is the Atlassian Cloud Security document: https://www.atlassian.com/cloud/security/

View More Comments
Jelena Vatavuk
Jelena Vatavuk March 2, 2016

Again, thank you for your response, but this didn't fully answer my question.

I am looking for data that is not only backed up - rather active data that is in transit or at rest.

Like Erin Kelley Bober likes this
Robert Massaioli _Atlassian_
Robert Massaioli _Atlassian_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 26, 2016

Old response:

I believe that data sent over public networks uses HTTPS and should have all of the security properties that HTTPS provides. Data at rest is not as simple as "it is all decrypted" or "it is all encrypted". Some data is and some data is not and I cannot give you a full breakdown of that information. Please raise a request at support.atlassian.com to get our excellent support team to gather that information for you.

Please see the latest answer down the bottom. My comment is old and no longer relevant.

Like
Bob Vandenberg
Bob Vandenberg September 27, 2016

Appreciate your response Robert.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events