How Atlassian Cloud Meets Your Security Needs

Top 10 Cloud Security Challenges

When our clients are planning their cloud migration, the most common cloud security concerns we hear from them are:

1. How can we control who accesses sensitive data?
2. Can we get full visibility into cloud application data?
3. How do we prevent data theft?
4. Will shadow IT cause cloud security issues?
5. Do we need to add new cloud security talent and skills to our development teams to manage our cloud apps? How do we attract the best cloud security experts?
6. How do we prevent misuse of data internally?
7. Will we be able to meet our industry standards and wider governance, risk and compliance requirements, such as  ISO 27001 or  adhering to the data security requirements of the GDPR to protect end users' personal data?
8. How do we know if our cloud providers’ internal operations are sufficiently secure and how do we remain secure in the event of a cyberattack against our cloud provider?
9. Can we implement DevOps and agile ways of working when managing our cloud apps, minimising unplanned work and wasted effort and ensuring optimised workflows?
10. How do we choose the right cloud vendor to meet all of our needs?

In addition to ensuring that you choose a cloud service provider that meets all of these security and efficiency needs (and any other security requirements specific to your business), you need to create a strong cloud migration roadmap and a cloud adoption roadmap to implement an overarching cloud strategy that prioritises built-in cloud security.

Cloud Migration Overview

The Cisco Security Outcomes Study 2021 shows that, when considering the NIST (National Institute of Standards and Technology) Cybersecurity Framework (which originated in the USA but contains some very useful guidance for global application), the majority of IT decision makers deem the Identity Function to be the most important. So, this is worth bearing in mind when making a decision about which cloud service will meet your cloud security needs. Similarly government departments and UK businesses can seek guidance from the Technology Code of Practice created by the National Cyber Security Centre (NCSC) and The Institution of Engineering and Technology to help inform their decision.

1. Ensure your security team are part of the decision making process when it comes to examining the available cloud products, potential vulnerabilities and security threats; and choosing a cloud solution.
2. Assess the maturity and efficacy of your current cybersecurity strategy.
3. Determine your desired overarching and specific cloud security outcomes and regulatory compliance requirements and pinpoint the gaps.
4. Identify your top 3 cloud solutions and analyse the risks and benefits to see which is likely to perform best for your particular cloud security and other needs.
5. Determine a clear business case based on business outcomes and the cloud solution benefits to get buy-in from your executives. Focus on user experience, speed, productivity and efficiency to get the rest of the workforce on board and ensure enterprise-wide adoption.
6. Formulate a plan to create a solid culture of cloud security, whereby it’s embedded into the everyday fabric of the business through knowledge-sharing, skills transfer and enabling all voices to be heard, so everyone feels responsible and accountable.
7. Ensure your tech stack can be fully integrated.
8. Consider how you need to manage cloud security differently for employees who work in the office and those who work from home.

Taking a proactive stance on refreshing your technology and ensuring tech stack integration will help align IT and the business. It will also facilitate and support business growth, helping to future proof your business. These factors are also key for attracting and retaining top security talent. The building blocks of a solid security culture are resilient modern equipment, tools and infrastructure; a clear set of rules and procedures available to all; accurate real-time security alerts and updates; and a clear strategy for fast and efficient response to issues and breaches.

Cloud Security - Working from Home

This overview would not be complete without acknowledging the impact of the COVID-19 pandemic. With a large proportion of the workforce still working from home, and potentially doing so for the foreseeable future, the opportunity for breaches and attacks has increased. It’s therefore essential to formulate a work from home strategy that focuses heavily on cloud security and, as visibility over their set up and day to day operations is lower, conduct regular checks and periodic audits to ensure security best practises are being followed.

Atlassian's Security in the Cloud

Atlassian Cloud for Enterprise streamlines and centralises cloud security and administration, enabling scalability without compromising security, agility and collaboration. It also offers a choice of US and EU data regions to give you as much control as possible over storing your essential product data and other content.

Top 5 Security Benefits of Atlassian Cloud

1. Stronger authentication and simpler login with SAML single sign on
2. An impressive 99.95% uptime SLA
3. Unlimited customisation instances
4. 24/7 support team providing 30 minute response time for urgent issues, plus support from a dedicated team of Customer Success Managers
5. Centralised hub enabling easier management of user roles and permissions

Advanced Content Security

Atlassian Cloud also has powerful content security capabilities. Audit logs, for example, allow you to review user management, login history and administrative activity across all your products. IP “allowlists” enable you to control where sensitive content can be viewed and minimise risk by configuring which IPs can access what information on a per-instance basis.

Centralised Administration & Advanced Insights

The Atlassian Cloud ‘Admin Hub’ allows you to manage thousands of users via a simple, purpose-built, cross-product central administration platform. It enables you to easily access key administrative actions like managing users and product access, and managing product changes, updates and testing, by accessing release track configuration and sandbox instances all in one place. Though the platform is currently limited to instances of Jira and Confluence, they are introducing compatibility for applications like Trello, OpsGenie, and Bitbucket this year.

Using admin insights, you can find an overview of your enterprise usage – both the plans and licence utilisations – and see how often it’s used and what it’s used for. You can also take advantage of the deeper cloud security insights, such as how many users are signing in via two-step verification or single sign on. Automatic user provisioning allows you to link both users and groups from your identity provider, whether that’s Google, Azure AD, or if you need a SCIM API for custom directories. Then you can manage all new employees from the same Atlassian administration panel making administration easier, more automated, less error prone and more secure.

New Atlassian Cloud Functionality Coming Soon

Within the next year Atlassian is planning to introduce additional functionality to their Cloud offering. BYOK (Bring Your Own Key) Encryption will allow you to encrypt select data with keys you manage. A new domain capture feature will send admins a notification if any account linked to their domain creates a new instance that’s not part of the existing central organisation. This enables admins to reduce the proliferation of shadow IT and bring those accounts back into the centrally managed deployment. Atlassian has also recently added data residency to Standard and Premium cloud subscriptions and are regularly adding new data residency locations.

Atlassian’s Cloud solution will continue to evolve and grow, future proofing your business, increasing team productivity and enabling you to deliver value faster, as both the cloud and cybersecurity landscapes mature. 

Most of our Atlassian customers are currently focused on the discontinuation of Atlassian Server licences and migrating to either Atlassian Cloud or Data Center. If you would like more information on what this means for your business and what options are available to you in terms of Atlassian Data Center, or Confluence Cloud and Jira Cloud, talk to one of our Atlassian Cloud and Data Center experts today on 0203 457 1374 or email info@catapult.cx