Hi all,
Thank you for your patience since our last update. We know that transparent communication about Atlassian’s FedRAMP program is critical to your future plans.
Over the past 5 months, Atlassian has re-evaluated our company priorities and taken steps to rebalance our talent to accelerate what we believe are our largest opportunities. I’m happy to share that one of these is FedRAMP.
To that end, Rajeev Rajan, our CTO, will serve as the executive sponsor of the program and we’re working with Coalfire, a leading cybersecurity consulting firm that specializes in FedRAMP authorization to help ensure smooth delivery of our FedRAMP program. We’ve already made significant progress in building out a segregated FedRAMP environment and implementing the controls we need for attestation.
Our current focus is on achieving an “In Process” designation on the FedRAMP Marketplace via attestation from a sponsoring agency by early 2024. Once we have finalized a sponsoring agency and have agreed on a timeline for the sponsor to submit an attestation letter on our behalf, we will share an updated timeline for our full ATO. We expect to share this next update around September.
In the meantime, we encourage you to evaluate Atlassian Data Center, which remains an integral offering in our portfolio. We’ve increased investments in Data Center’s core tenants - security and compliance, performance and scale, and infrastructure and operations, and are expanding our investment to focus on product experience improvements and usability for both admins and end users. For server customers, upgrading to Data Center can take as little as 2 minutes to unlock all these benefits and more. Join our latest webinar to learn more about our investments and how easy it is to get the benefits of Data Center.
That’s all for now folks! In our next update, you’ll hear from our new senior leader for our global public sector product strategy, Joe Elgabalawi.
Kind regards,
Dave Meyer
Head of Product, Enterprise Cloud
Hi Atlassian Community,
Since the launch of Atlassian Cloud nearly five years ago, we’ve been laser-focused on building enterprise-grade products, and in the last 12 months, we’ve:
Rolled out data residency across all plans
Reinforced our compliance efforts with HIPAA and financial services
Introduced support for 35K users in a single instance, with 50K poised to launch in early 2023
Enhanced our admin controls with features like mobile app management, release tracks, and user activity logs
We also have dozens of other enterprise capabilities available or in active development, including BYOK encryption, enhanced audit logs, and expansion of our data residency program.
In that time we’ve deepened our understanding of what it takes to build world-class solutions for customers in highly regulated industries, especially those in the public sector. As we’ve better understood your expectations and what it takes to meet these needs, we’ve realized that we will not be able to achieve FedRAMP Moderate authorization in 2023. FedRAMP continues to be a top priority for our business and we will share an updated timeline for authorization in the coming months. In line with our company value of “open company, no BS” we wanted to share this update as soon as possible. We understand that this is disappointing news, but we remain committed to a cloud future that is in service of government customers' and suppliers’ long-term success.
While we rebuild our FedRamp strategy, we are also increasing our investment in Marketplace apps and Data Center to ensure that all elements of our public sector offering can support your teams.
To deliver a solution that truly meets the needs of many of our government customers and suppliers, we need to support our Marketplace Partners as they build the foundational controls required to achieve authorization. We’ve started addressing some of the known gaps by adding marketplace data controls like data residency, rolling out stricter security requirements, and bringing greater transparency to customers around the security, privacy, data handling, and compliance of Atlassian Marketplace apps. Increased investment - and time to work with our partners - will mean a more complete solution.
Given the delay of FedRAMP authorization in our cloud products, we understand that the journey to cloud for those still on server will be delayed. We’re seeing growing use of our Data Center deployment option in the public sector, therefore we’ve decided to increase our investment in our Data Center products to support you. To ensure that Data Center continues to evolve and scale with you into the future we’ve:
Introduced new licensing options
Teams of all sizes within the US public sector can now take advantage of dedicated licensing options for Data Center via our partnership with Carahsoft.
Increased investment in security and user experience
We’re working on improvements to accessibility, data privacy, and how we address software supply chain risks. This will mean improved resolution times for vulnerabilities and greater transparency on the status of vulnerabilities.
Addressing usability feedback and ensuring our products support modern ways of working
Continued to invest in performance, administration, and software quality
With new customizable controls and features that improve cleanup, monitoring, and integrations
More automation, easier administration, and increased scalability and resilience
Increased quality and support to ensure our products assist you in reaching your mission-critical goals
Strengthened our deployment options
To ensure that teams continue to have the technical flexibility to deploy your Data Center applications using infrastructure as a service (IaaS) platforms: AWS, Azure, and Google Cloud. This includes streamlined administration and greater automation, by using our helm chart templates to deploy Data Center in a Kubernetes cluster that runs on top of any approved public cloud provider.
In addition to the improvements mentioned above, server customers can migrate to Data Center in a manner of minutes, unlocking out-of-the-box features, such as advanced auditing, support for CDN, and rate limiting.
We’ll continue to share updates in this group as well as on our roadmap on a quarterly basis. In the meantime, if you have any questions please add them down below.
Dave Meyer
Dave Meyer
Head of Product, Jira
Atlassian
Boise, Idaho
77 accepted answers
44 comments