Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do you set up your Atlassian products to be secure? What are your biggest challenges?

lauren
lauren
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 1, 2019

Not too long ago, @Bill Marriott shared some tips for keeping your Atlassian cloud products secure.

How do you manage users and maintain security for your Atlassian products? What are some of your biggest challenges? 

Comment
Watch
Like # people like this
1996 views

3 comments

Comment

Log in or Sign up to comment
Matt Doar
Matt Doar
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 4, 2019

In general, I'd rate Atlassian products as more secure than most. The security team does a steady job of tracking problems and communicating them to the community.

However one major challenge is the lack of information within the products about which users are doing what with the product. For example, who is running long queries. Some of the info is available in logs but that's requires a separate step to access.

A few other challenges I see:

Authentication - lack of support for load balanced Active Directory servers in Jira

Authorization - no support for Teams and hierarchies in standard Server Jira

Accounting - audit log feature has poor search capability and does not record all admin changes

Like # people like this
Reply
lauren
lauren
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 8, 2019

@Matt Doar - thank you for the feedback! cc @Jess Seitz @Shana 

Like
Brian Hill
Brian Hill
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 16, 2019

+1 from me on @Matt Doar comments, esp the audit logs granularity and change tracking. Whilst its possible to use AddOns that provide a more granular and extensive AuditLog, security support would be enhanced by having this as a better baseline standard.

Like
Opher Lichter
Opher Lichter
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 20, 2019

Hi - I'm a newb to the community. As an introduction, I'm the least technical member of the team, but I manage some really smart people who live in the tools all day every day, supporting a large environment for a complicated enterprise.

In general, my overall feedback is that it's just too hard to administer these tools - and there doesn't seem to be an "easy" button for enterprises out there looking to ensure security.

a couple of other challenges in keeping the Atlassian products (Jira and Confluence Data Center/Server) secure:

* encryption at rest - seems unsupported, or at least poorly supported by Atlassian. When we've looked (and asked for help), we've not seen decent documentation as to whether doing this is supported - only comments by people that it causes performance problems...

* Antivirus / Anti-malware - there is no "application friendly" AV or anti-malware protection out there, with one notable exception that we've been able to find in the shape of a single add-on. We found that add-on poorly documented and had to uninstall within a day of installing it. after pressing the issue, we were at least able to get a suggestion as to a path we would need to chase ourselves offline to Confluence or Jira. 

Like
Reply
Matt Doar
Matt Doar
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 20, 2019

" it's just too hard to administer these tools" - no harder than many tools I'm afraid

There is no "make it secure" button in any app, just many ways to end up insecure.

Encryption at rest would be good in the long term I agree

Antivirus - do you mean the content uploaded to issues and pages?

Like
Dan Ivory
Dan Ivory
Atlassian Partner
June 21, 2019

Hi @Opher Lichter 

Our app Encryption for Jira should be able to help you with some of this. Specifically encryption at rest for attachments. 

If you need any help setting up the app please let us know via our Support Portal and one of the team will be able to help.

Thanks,
Dan

Like
Opher Lichter
Opher Lichter
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 21, 2019

Thanks @Dan Ivory - we'll look into it. 

Like Dan Ivory likes this
Opher Lichter
Opher Lichter
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 21, 2019

@Matt Doar yes, I mean for infected attachments. Someone can upload an infected attachment to Jira, then a second person can download that attachment, spreading the infection to their own systems.

Like
Alexander Pappert
Alexander Pappert
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 8, 2019

How do you manage users and maintain security for your Atlassian products?

  • In my company, we use jira Server
  • we also use Active Directory
  • The jira data is hosted on our Servers and not in a Cloud
  • jira is only accsessible via intranet
  • I use different unsergroups for the jira projects, so everyone can only see their relevant data
Like lauren likes this
Reply
groups-icon
Trust & Security
TAGS
AUG Leaders

Atlassian Community Events

    See all events