Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How do you set up your Atlassian products to be secure? What are your biggest challenges?

lauren Atlassian Team Apr 01, 2019

Not too long ago, @Bill Marriott shared some tips for keeping your Atlassian cloud products secure.

How do you manage users and maintain security for your Atlassian products? What are some of your biggest challenges? 

3 comments

In general, I'd rate Atlassian products as more secure than most. The security team does a steady job of tracking problems and communicating them to the community.

However one major challenge is the lack of information within the products about which users are doing what with the product. For example, who is running long queries. Some of the info is available in logs but that's requires a separate step to access.

A few other challenges I see:

Authentication - lack of support for load balanced Active Directory servers in Jira

Authorization - no support for Teams and hierarchies in standard Server Jira

Accounting - audit log feature has poor search capability and does not record all admin changes

Like # people like this
lauren Atlassian Team Apr 08, 2019

@Matt Doar__ LinkedIn - thank you for the feedback! cc @Jess Seitz @Shana 

+1 from me on @Matt Doar__ LinkedIn comments, esp the audit logs granularity and change tracking. Whilst its possible to use AddOns that provide a more granular and extensive AuditLog, security support would be enhanced by having this as a better baseline standard.

Hi - I'm a newb to the community. As an introduction, I'm the least technical member of the team, but I manage some really smart people who live in the tools all day every day, supporting a large environment for a complicated enterprise.

In general, my overall feedback is that it's just too hard to administer these tools - and there doesn't seem to be an "easy" button for enterprises out there looking to ensure security.

a couple of other challenges in keeping the Atlassian products (Jira and Confluence Data Center/Server) secure:

* encryption at rest - seems unsupported, or at least poorly supported by Atlassian. When we've looked (and asked for help), we've not seen decent documentation as to whether doing this is supported - only comments by people that it causes performance problems...

* Antivirus / Anti-malware - there is no "application friendly" AV or anti-malware protection out there, with one notable exception that we've been able to find in the shape of a single add-on. We found that add-on poorly documented and had to uninstall within a day of installing it. after pressing the issue, we were at least able to get a suggestion as to a path we would need to chase ourselves offline to Confluence or Jira. 

" it's just too hard to administer these tools" - no harder than many tools I'm afraid

There is no "make it secure" button in any app, just many ways to end up insecure.

Encryption at rest would be good in the long term I agree

Antivirus - do you mean the content uploaded to issues and pages?

Hi @Opher Lichter 

Our app Encryption for Jira should be able to help you with some of this. Specifically encryption at rest for attachments. 

If you need any help setting up the app please let us know via our Support Portal and one of the team will be able to help.

Thanks,
Dan

Thanks @Dan Ivory _Orah Apps_ - we'll look into it. 

Like Dan Ivory _Orah Apps_ likes this

@Matt Doar__ LinkedIn yes, I mean for infected attachments. Someone can upload an infected attachment to Jira, then a second person can download that attachment, spreading the infection to their own systems.

How do you manage users and maintain security for your Atlassian products?

  • In my company, we use jira Server
  • we also use Active Directory
  • The jira data is hosted on our Servers and not in a Cloud
  • jira is only accsessible via intranet
  • I use different unsergroups for the jira projects, so everyone can only see their relevant data
Like lauren likes this

Comment

Log in or Sign up to comment
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you