Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

How do you set up your Atlassian products to be secure? What are your biggest challenges?

lauren
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Apr 01, 2019

Not too long ago, @Bill Marriott shared some tips for keeping your Atlassian cloud products secure.

How do you manage users and maintain security for your Atlassian products? What are some of your biggest challenges? 

3 comments

Comment

Log in or Sign up to comment
Matt Doar
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Apr 04, 2019

In general, I'd rate Atlassian products as more secure than most. The security team does a steady job of tracking problems and communicating them to the community.

However one major challenge is the lack of information within the products about which users are doing what with the product. For example, who is running long queries. Some of the info is available in logs but that's requires a separate step to access.

A few other challenges I see:

Authentication - lack of support for load balanced Active Directory servers in Jira

Authorization - no support for Teams and hierarchies in standard Server Jira

Accounting - audit log feature has poor search capability and does not record all admin changes

Like # people like this
lauren
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Apr 08, 2019

@Matt Doar - thank you for the feedback! cc @Jess Seitz @Shana 

+1 from me on @Matt Doar comments, esp the audit logs granularity and change tracking. Whilst its possible to use AddOns that provide a more granular and extensive AuditLog, security support would be enhanced by having this as a better baseline standard.

Hi - I'm a newb to the community. As an introduction, I'm the least technical member of the team, but I manage some really smart people who live in the tools all day every day, supporting a large environment for a complicated enterprise.

In general, my overall feedback is that it's just too hard to administer these tools - and there doesn't seem to be an "easy" button for enterprises out there looking to ensure security.

a couple of other challenges in keeping the Atlassian products (Jira and Confluence Data Center/Server) secure:

* encryption at rest - seems unsupported, or at least poorly supported by Atlassian. When we've looked (and asked for help), we've not seen decent documentation as to whether doing this is supported - only comments by people that it causes performance problems...

* Antivirus / Anti-malware - there is no "application friendly" AV or anti-malware protection out there, with one notable exception that we've been able to find in the shape of a single add-on. We found that add-on poorly documented and had to uninstall within a day of installing it. after pressing the issue, we were at least able to get a suggestion as to a path we would need to chase ourselves offline to Confluence or Jira. 

Matt Doar
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Jun 20, 2019

" it's just too hard to administer these tools" - no harder than many tools I'm afraid

There is no "make it secure" button in any app, just many ways to end up insecure.

Encryption at rest would be good in the long term I agree

Antivirus - do you mean the content uploaded to issues and pages?

Dan Ivory (Orah Apps)
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
Jun 21, 2019

Hi @Opher Lichter 

Our app Encryption for Jira should be able to help you with some of this. Specifically encryption at rest for attachments. 

If you need any help setting up the app please let us know via our Support Portal and one of the team will be able to help.

Thanks,
Dan

Thanks @Dan Ivory (Orah Apps) - we'll look into it. 

Like Dan Ivory (Orah Apps) likes this

@Matt Doar yes, I mean for infected attachments. Someone can upload an infected attachment to Jira, then a second person can download that attachment, spreading the infection to their own systems.

Alexander Pappert
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Aug 08, 2019

How do you manage users and maintain security for your Atlassian products?

  • In my company, we use jira Server
  • we also use Active Directory
  • The jira data is hosted on our Servers and not in a Cloud
  • jira is only accsessible via intranet
  • I use different unsergroups for the jira projects, so everyone can only see their relevant data
Like lauren likes this
TAGS
AUG Leaders

Atlassian Community Events