You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Thanks to all who joined us for our webinar on Privacy, security, and compliance in Atlassian Cloud. If you missed it or weren’t able to catch the whole thing, you can view the recording on-demand at any time.
And for those looking to continue exploring the topics we discussed in the webinar, we’ve compiled a list of resources that may be helpful to you. Check them out below!
Transparency report - summarizing all government requests for data
Security & compliance
Marketplace security & compliance
We also had a number of questions that we weren't able to get to. Here are some of the questions and answers we received during the session:
How can I protect my application data from being seen by an Atlassian system administrator?
Your data is encrypted at a database level and the only Atlassian staff that might have access to your instance are our cloud support engineers, who are specifically trained and certified for it and can only do so for support purposes. Please also note that support engineers can only do so if a ticket from you is raised and if you have explicitly agreed and accepted that they support you in that manner. Also, you would be notified of any sort of access in the product logs.
Atlassian maintains strict restrictions on the personnel that needs this access for their job role and responsibilities. We have enabled two-factor authentication to the hypervisor management console and AWS API and a daily audit report on all access to the hypervisor management functions. Access lists to the hypervisor management console and AWS API are reviewed quarterly. We also maintain 8-hour sync between our HR System and our Identity store.
Does Atlassian conduct pen tests?
Our Atlassian Security Team performs ongoing network vulnerability scans of both internal and external infrastructure using an industry-recognized vulnerability scanner on an ongoing basis. Jira tickets are created for tracking and remediation purposes, and due dates are assigned according to our SLO based on severity and where the vulnerability was found.
We also maintain an internal Red Team that conducts ongoing penetration test operations of all our infrastructure, cloud services, and people. For more information on our Vulnerability Management program, see https://www.atlassian.com/trust/security/vulnerability-management. Additionally, we engage with BugCrowd to maintain a Bug Bounty program, that conducts an ongoing vulnerability assessment of our publicly available Applications and Services, the program is available at: https://bugcrowd.com/atlassian. To learn more about our results visit: https://www.atlassian.com/trust/security/security-testing.
Atlassian also hires third-party specialists to review the security state of our cloud applications based on the risk of new services or new environments.
Our security team manages a Critical Security Bugfix and Security Advisory process for our products described at: https://www.atlassian.com/security/secpol
For any other questions you have related to privacy, security, or compliance, feel free to comment below!