Atlassian is forcing us to move to the cloud.
For now, customers can move to Data Center if they don't want to move to the Cloud.
But by looking into the Atlassian trend, Atlassian will stop Data Center support as well in the future and ask customers to switch the cloud.
In Cloud, you can't add additional security. It means for security you are totally depends on the Atlassian. Which is the thing I really don't like.
Customer like me for which Security is very important will face a many problem.
Cloud security is tight, but it’s not infallible. Cybercriminals can get into those files, whether by guessing security questions or bypassing passwords.
But the bigger risk with cloud storage is privacy. Even if data isn’t stolen or published, it can still be viewed.
I hear you on your concerns. I do want to address a few points to ensure we communicate what options are available and what's already in place around your security concerns.
Firstly, it’s very important we have the trust of all customers when handling customer data. With this said we wanted to ensure everyone is aware of the Atlassian Trust Center. Within this page, you will see our current list of Compliance at Atlassian (Please visit the page for a detailed listing of current compliance program).
In regards to not having the ability to add security within Cloud, I wanted to clarify this, within our cloud offering you’re able to have SAML SSO, enforced 2FA, and SCIM. More can be found at Security at Atlassian. Atlassian also has an active bug bounty program to ensure our platform and product stay safe, secure, and available for customers. You may find more about this at Atlassian Bug Bounty Program.
To ensure we close the loop of trust with customer data, I would like to quote our Product Security stance:
Encryption in transit
All customer data stored within Atlassian cloud products and services is encrypted in transit over public networks using Transport Layer Security (TLS) 1.2+ with Perfect Forward Secrecy (PFS) to protect it from unauthorized disclosure or modification. Our implementation of TLS enforces the use of strong ciphers and key-lengths where supported by the browser.
Encryption at rest
Data drives on servers holding customer data and attachments in Jira Software Cloud, Jira Service Desk Cloud, Jira Core Cloud, Confluence Cloud, Statuspage, OpsGenie, and Trello use full disk, industry-standard AES-256 encryption at rest. Bitbucket does not offer encryption at rest for repositories at this time.
For encryption at rest, specifically we encrypt customer data that is stored on a disk such as Jira issue data (details, comments, attachments) or Confluence page data (page content, comments, attachments). Data encryption at rest helps guard against unauthorized access and ensures that data can only be access by authorized roles and services with audited access to the encryption keys.
Encryption key management
Atlassian uses the AWS Key Management Service (KMS) for key management. The encryption, decryption, and key management process is inspected and verified internally by AWS on a regular basis as part of their existing internal validation processes. An owner is assigned for each key and is responsible for ensuring the appropriate level of security controls is enforced on keys.
I hope the above information helps to clarify how serious we take the handling, storing, and transporting of your data and the lengths we’ll go to ensure it continues to stay safe.
Not happy with your answer. I don't want to move to either DC or Cloud at any cost.
For me Server is the best option. I used Jira as well as Confluence server on my end. Also, 90% of our customer used servers & they also don't want to move to the DC or Cloud.
Now, with this decision I don't want to move with Atlassion. Now I am looking for alternative solutions for Jira & Confluence which I can run on my private network.
You will lose too many customers with this decision.
Not happy with this decision. Due to this, we are losing our business.
I don't really understand that Atlassian decision. Does the Server Version make so much trouble / effort to Atlassian ? Or are they just looking for more money ??
I'm using JIRA plus Confluence for more than 10 years now - in 3 different companies.
All of them:
* put a lot of effort into their installation / customization
* have specific privacy requirements and are looking for installation on their own servers
* I can't talk for the last 2 employers - but I'm pretty sure that both will look for alternatives.
* and I can talk for my current employer - and we are definetely looking for something else.
Besides this I would say that quite a few addons we currently use are not even ready for the Cloud environment.
JIRA plus Confluence + Bitbucket may not be the best solution - but I got used to it. There are a lot of feature requests ignored by Atlassian pending for years - sometimes I would say even very basic ones.
So now time has come to look for something different - still hosted on our servers.
Yes... this decision from Atlassian is very unpleasant for us too.
Security and privacy issues guided us to choose server versions for Atlassian applications.
Knowing that our internal and customer's data travel out of our local servers is a bit scary for us.
We are afraid that such a decision will force us to start looking for other tools, therefore leaving Atlassian products.
Totally agree with you. We also don't want that our customer data should be available on Internet. Which is not acceptable at all.
Also, for Cloud security that we cannot control. For this, we need to totally depends on Atlassian.
Because of this, I am also leaving Atlassian products & looking for alternatives for this.
If you know any alternative then can you please provide details here.
Trying to get us all on the same page across all of these threads.
It appears, based on their earnings report, that the future of DC is uncertain too. They claim to have all of their data center customers moved to the cloud in the medium term.
You can read it for yourself here...
All of our Atlassian products are Data Center based versions or local servers. Because of the nature/security of the work we are involved in, we cannot use Cloud offerings. This is a very bad decision on Atlassian's part and I really hope they reconsider.
We will have to look for alternative tools from other companies and dump all of our Atlassian products if this comes to pass. Atlassian will lose a LOT of customers, especially across the entire defense industry/DoD if they stick to this plan of forcing everyone to the cloud.
Knowing who you are is very important. Life depends on how you define yourself. Be yourself; everyone else is already taken. — Oscar Wilde You might have seen come across quotes like: I am here fo...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events