Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Security safeguards for OnDemand Confluence?

Kevin Buchs2
Kevin Buchs
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 19, 2012

What data storage safeguards are used to protect a customer's data from access by other customers?

Has anyone outside Atlassian validated these?

Answer
Watch
Like Be the first to like this
234 views

1 answer

1 accepted

1 vote
Answer accepted
JohnA
JohnA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 19, 2012

Hi Kevin,

I hope you'll understand that we cannot go into details about some of the details of our security measures, and especially not in a public forum, but some of the most obvious safeguards we deploy are not allowing customers access to the file system of their instance and we also do not give system-administrator permissions to customer admin users to prevent privelege escalation.

Other measures that we employ to prevent the possibility of privelege escalation is to prohibit the installation of plugins, (unless they are bundled by our developers), and prohibit the use of arbitrary scripts to mitigate potential security risks. In fact, many of the restricted functions have been restricted for security reasons: https://confluence.atlassian.com/display/AOD/Restricted+Functions+in+Atlassian+OnDemand

Finally, we run a regular update schedule which means that fixes are released promptly and the code is constantly being reviewed to ensure that the applications and the platform remains secure. We also have monitoring and other protective measures that are implemented to monitor for suspicious activity on the platform to ensure that the integrity of customer instances remains intact at all times.

All the best,
John

View More Comments
Kevin Buchs2
Kevin Buchs
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 9, 2012

John, just a note: from what I have read, it seems like it is common today to consider revealing security measures in detail as a means of improving security and user trust.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events