I hope you'll understand that we cannot go into details about some of the details of our security measures, and especially not in a public forum, but some of the most obvious safeguards we deploy are not allowing customers access to the file system of their instance and we also do not give system-administrator permissions to customer admin users to prevent privelege escalation.
Other measures that we employ to prevent the possibility of privelege escalation is to prohibit the installation of plugins, (unless they are bundled by our developers), and prohibit the use of arbitrary scripts to mitigate potential security risks. In fact, many of the restricted functions have been restricted for security reasons: https://confluence.atlassian.com/display/AOD/Restricted+Functions+in+Atlassian+OnDemand
Finally, we run a regular update schedule which means that fixes are released promptly and the code is constantly being reviewed to ensure that the applications and the platform remains secure. We also have monitoring and other protective measures that are implemented to monitor for suspicious activity on the platform to ensure that the integrity of customer instances remains intact at all times.
All the best,
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot