Webinar resources: Privacy, security, and compliance in Atlassian Cloud

Hi everyone!

Thanks to all who joined us for our webinar on Privacy, security, and compliance in Atlassian Cloud. If you missed it or weren’t able to catch the whole thing, you can view the recording on-demand at any time.

And for those looking to continue exploring the topics we discussed in the webinar, we’ve compiled a list of resources that may be helpful to you. Check them out below!

The foundations

Privacy

Security & compliance

Marketplace security & compliance

We also had a number of questions that we weren't able to get to. Here are some of the questions and answers we received during the session:

 

  • How can I protect my application data from being seen by an Atlassian system administrator?

    • Your data is encrypted at a database level and the only Atlassian staff that might have access to your instance are our cloud support engineers, who are specifically trained and certified for it and can only do so for support purposes. Please also note that support engineers can only do so if a ticket from you is raised and if you have explicitly agreed and accepted that they support you in that manner. Also, you would be notified of any sort of access in the product logs. 

    • Atlassian maintains strict restrictions on the personnel that needs this access for their job role and responsibilities. We have enabled two-factor authentication to the hypervisor management console and AWS API and a daily audit report on all access to the hypervisor management functions. Access lists to the hypervisor management console and AWS API are reviewed quarterly. We also maintain 8-hour sync between our HR System and our Identity store.

  • Is data residency still only possible with the premium versions?
    • No, data residency is available across all paid versions of our cloud products; Standard, Premium, and Enterprise.
  • Are the SCCs already on the updated 2021 version?
    • Yes, we have updated our Standard Contractual Clauses as part of our Data Processing Addendum based on the latest 2021 ruling. To learn more visit our page on international data transfers.
  • Does Atlassian conduct pen tests?

    • Our Atlassian Security Team performs ongoing network vulnerability scans of both internal and external infrastructure using an industry-recognized vulnerability scanner on an ongoing basis. Jira tickets are created for tracking and remediation purposes, and due dates are assigned according to our SLO based on severity and where the vulnerability was found.

      We also maintain an internal Red Team that conducts ongoing penetration test operations of all our infrastructure, cloud services, and people. For more information on our Vulnerability Management program, see https://www.atlassian.com/trust/security/vulnerability-management. Additionally, we engage with BugCrowd to maintain a Bug Bounty program, that conducts an ongoing vulnerability assessment of our publicly available Applications and Services, the program is available at: https://bugcrowd.com/atlassian. To learn more about our results visit: https://www.atlassian.com/trust/security/security-testing.

      Atlassian also hires third-party specialists to review the security state of our cloud applications based on the risk of new services or new environments.

      Our security team manages a Critical Security Bugfix and Security Advisory process for our products described at: https://www.atlassian.com/security/secpol

  • With the release of your financial services compliance capabilities, can we expect you to unlock other industry-specific compliance standards?
    • Yes! HIPAA compliance for healthcare customers will be available in the first quarter of 2022 and FedRamp compliance for our public sector customers will be available in 2023. Check out our roadmap to learn more!

For any other questions you have related to privacy, security, or compliance, feel free to comment below! 

1 comment

Comment

Log in or Sign up to comment
Tanya Christensen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 13, 2021

Hi - regarding the question that includes this statement "With the release of your financial services compliance capabilities...", where is the public facing documentation about financial compliance?  Is it this one? https://www.atlassian.com/trust/compliance/resources/pci-dss

TAGS
AUG Leaders

Atlassian Community Events