Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Data Privacy and Security in Third-Party Integrations: A Guide for Atlassian Users

Dimitris Sylligardakis
Dimitris Sylligardakis
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 24, 2024

As Atlassian users, we all love the power and flexibility that third-party apps bring to our favourite apps. These apps help us automate tasks, improve workflows, and gain valuable insights. But with great power comes great responsibilityespecially when it comes to making sure our data is safe.

92EK61.gif

The Evolving Threat Landscape

Today, data breaches and cyberattacks are a daily headline. The consequences of a breach can be devastating, including financial losses, reputational damage, and even legal repercussions. As Atlassian users, we need to be proactive in protecting our data.

Why Third-Party Integrations Need Extra Scrutiny

Third-party apps, by their nature, access and process your Atlassian data. This makes them a potential entry point for malicious actors or a source of accidental data leaks. That's why it's essential to evaluate the security practices of any app you integrate into your Atlassian ecosystem.

Checklist for Choosing Secure Apps

  1. Vendor Reputation: Opt for apps from established vendors with a solid track record in security. Look for companies that are transparent about their practices and actively engage with the Atlassian community.

  2. Data Encryption: Ensure the app encrypts your data both in transit and at rest (using industry-standard algorithms).

  3. Access Controls and Permissions: The app should provide granular controls so you can define exactly who can access and modify your data.

  4. Privacy Policy: Thoroughly review the app's privacy policy to understand how your data is collected, used, stored, and shared.

  5. Compliance: Look for apps that adhere to relevant data privacy regulations like GDPR and CCPA, as well as security frameworks like SOC 2 and ISO 27001.

  6. User Reviews and Ratings: Check the Atlassian Marketplace for reviews and feedback from other users. This can offer valuable insights into the app's reliability and security. But also, offer reviews and feedback on apps you already use, that way you can help others in the ecosystem make more informed decisions.

Proactive Measures to Enhance Security

  • Regular App Audits: Periodically review the list of installed apps and remove any that are unused or outdated.

  • Keep Software Updated: Ensure your Atlassian instances and third-party apps are always running the latest versions to benefit from security patches.

  • Data Minimisation: Share only the necessary data with third-party apps. Avoid granting excessive permissions.

  • Backups: Maintain regular backups of your Atlassian data in case of accidental deletion or a security incident.

  • Incident Response Plan: Have a plan in place to respond quickly and effectively in the event of a data breach or security incident.

Here to Help!

If you have any questions or concerns about data privacy and security in third-party integrations, feel free to reach out. Also, feel free to share your opinions and thoughts, it's always great to hear what other people think, and share knowledge. 

Comment
Watch
Like # people like this
592 views

1 comment

Comment

Log in or Sign up to comment
Vish Reddy {Revyz}
Vish Reddy {Revyz}
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 24, 2024

Hi @Dimitris Sylligardakis 

Nicely captured, if I could add in a couple more signals to consider:

1. Cloud Fortified Badge

2. Use of Standard Legal Terms endorsed by Atlassian such as Bonterms

3. App vendors has filled out the Privacy & Security questionnaire 

4. Information on where is the app is hosted - public cloud vs private data center, if it is public cloud which public cloud AWS, Azure, GCP etc..

5. Geographic location where the data will reside

 

Thank you

Vish

Like # people like this
Reply
Dimitris Sylligardakis
Dimitris Sylligardakis
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 24, 2024

Thanks for the additions, always great to get your input @Vish Reddy {Revyz}4 & 5 are close to my heart as it's super important from a compliance perspective and we all need to be very aware of these to avoid such risks. 

Like Vish Reddy {Revyz} likes this
groups-icon
Trust & Security
TAGS
AUG Leaders

Atlassian Community Events

    See all events