You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We have recently purchased Jira and Confluence, we would like to know to what extent our data is protected from other customers. For example, do we have our own application instance and our own database or just our own database and we share the application layer with other customers.
We found some info online but there seems to be conflicting information in the following links.
Even though cloud products can be packaged together for customers, each Jira and Confluence Cloud account is a separate instance.
Although each application is isolated from a security perspective, underlying resources like hardware, CPU, and memory can be shared between many customers. Servers for our cloud applications are located in the US, and will soon be available in Europe as well.
Each Jira or Confluence Cloud instance is identifiable by its tenant ID. An instance URL is liable to change without warning."
"Single sign-on, multi-tenant architecture
Our cloud architecture relies on shared Atlassian accounts, so that with one Atlassian account, users can log in to Jira products, Confluence, and Bitbucket. Users can log in to all the products they use quickly and easily, and admins get a straightforward way to control how users authenticate to access Atlassian products and which users have access to which content.
The architecture is also multi-tenant, which means a single instance of the software and its supporting infrastructure serves multiple customers. Customers share the software application and a single database, but each tenant's data is isolated and remains inaccessible to other tenants.
This shared structure results in more scalability for larger customers, more availability to smaller customers who wouldn’t be able to afford or support full on-premises setups, and a competitive price point for companies of all sizes.
I understand you have some concerns in regards to data privacy on our Cloud offerings. Just to clarify, the first link you posted is from the developer site. It primarily focuses on resources for vendors that want to create plugins/add-ons/apps for our products. While your second link has a more generalized focus to explain how we have setup our Cloud offerings. I don't quite follow how these might be providing conflicting information yet, but I'm interested to learn more about your concerns.
Atlassian Cloud products are quite different from the Server line of products. Our Cloud products are a stateless application. This is very different architecture from our Server products where you manage the database and the application yourself. For example, in our Cloud products, no customers have direct access to the SQL database in use. Whereas in Server, you might have any number of SQL administrators that have access to that database. There is a helpful page that describes many differences between Cloud and Server that might be of interest here, check out Compare Atlassian cloud vs server.
We do take security very seriously. I would invite you to review our page at https://www.atlassian.com/trust/security and the page on Product Security. It helps to explain the practices we use in our Cloud sites to protect your data.
Please let me know if you have any additional concerns here.
Hi Atlassian Team,
recently I also read about the Jira and Confluence Cloud products and found the two explainations provided above.
I understand that both explainations target a different user group. But as far as I have understood it both explain the same topic differently.
Both articles aim to describe the architecture of atlassian in the cloud:
"The architecture is also multi-tenant, which means a single instance of the software and its supporting infrastructure serves multiple customers" -> app (e.g. jira) and infrastructure is shared among tenants
"Even though cloud products can be packaged together for customers, each Jira and Confluence Cloud account is a separate instance. Although each application is isolated from a security perspective, underlying resources like hardware, CPU, and memory can be shared between many customers." -> app (e.g. jira) is not shard among tenants though infrastructure is shared.
For me it seems like the that the second explainations about Jira and Confluence is outdated.
Can you please clarify this?
Best Regards Niklas
I remember reading ages ago (perhaps still on the web) that each customer was essentially a separate instance, which correlates with the second description. However, Atlassian may have changed their architecture to user a shared/partitioned database and shared infrastructure, since that is a good way of reducing costs.
I'd be very interested knowing the current architecture also.