We have recently purchased Jira and Confluence, we would like to know to what extent our data is protected from other customers. For example, do we have our own application instance and our own database or just our own database and we share the application layer with other customers.
We found some info online but there seems to be conflicting information in the following links.
Even though cloud products can be packaged together for customers, each Jira and Confluence Cloud account is a separate instance.
Although each application is isolated from a security perspective, underlying resources like hardware, CPU, and memory can be shared between many customers. Servers for our cloud applications are located in the US, and will soon be available in Europe as well.
Each Jira or Confluence Cloud instance is identifiable by its tenant ID. An instance URL is liable to change without warning."
"Single sign-on, multi-tenant architecture
Our cloud architecture relies on shared Atlassian accounts, so that with one Atlassian account, users can log in to Jira products, Confluence, and Bitbucket. Users can log in to all the products they use quickly and easily, and admins get a straightforward way to control how users authenticate to access Atlassian products and which users have access to which content.
The architecture is also multi-tenant, which means a single instance of the software and its supporting infrastructure serves multiple customers. Customers share the software application and a single database, but each tenant's data is isolated and remains inaccessible to other tenants.
This shared structure results in more scalability for larger customers, more availability to smaller customers who wouldn’t be able to afford or support full on-premises setups, and a competitive price point for companies of all sizes.
I understand you have some concerns in regards to data privacy on our Cloud offerings. Just to clarify, the first link you posted is from the developer site. It primarily focuses on resources for vendors that want to create plugins/add-ons/apps for our products. While your second link has a more generalized focus to explain how we have setup our Cloud offerings. I don't quite follow how these might be providing conflicting information yet, but I'm interested to learn more about your concerns.
Atlassian Cloud products are quite different from the Server line of products. Our Cloud products are a stateless application. This is very different architecture from our Server products where you manage the database and the application yourself. For example, in our Cloud products, no customers have direct access to the SQL database in use. Whereas in Server, you might have any number of SQL administrators that have access to that database. There is a helpful page that describes many differences between Cloud and Server that might be of interest here, check out Compare Atlassian cloud vs server.
We do take security very seriously. I would invite you to review our page at https://www.atlassian.com/trust/security and the page on Product Security. It helps to explain the practices we use in our Cloud sites to protect your data.
Please let me know if you have any additional concerns here.
Hi Atlassian Team,
recently I also read about the Jira and Confluence Cloud products and found the two explainations provided above.
I understand that both explainations target a different user group. But as far as I have understood it both explain the same topic differently.
Both articles aim to describe the architecture of atlassian in the cloud:
"The architecture is also multi-tenant, which means a single instance of the software and its supporting infrastructure serves multiple customers" -> app (e.g. jira) and infrastructure is shared among tenants
"Even though cloud products can be packaged together for customers, each Jira and Confluence Cloud account is a separate instance. Although each application is isolated from a security perspective, underlying resources like hardware, CPU, and memory can be shared between many customers." -> app (e.g. jira) is not shard among tenants though infrastructure is shared.
For me it seems like the that the second explainations about Jira and Confluence is outdated.
Can you please clarify this?
Best Regards Niklas
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events