In the previous article in this series, we took a quick look at the impressive security features baked into the Atlassian Cloud infrastructure as well as the internal processes and industry standards Atlassian follows to maintain and continually improve these features. And, it covered the value of a professional security assessment prior to moving forward with a migration to the Atlassian Cloud.
One of the key points made in that discussion was that, even with so many powerful measures in place, ensuring the security of your data is a shared responsibility. Your organization must also take important measures to get the most out of what Atlassian is providing and to stave off security issues on your end.
The majority of your responsibilities can be summarized in three key areas:
All three are intermingled and codependent. This article will only scratch the surface of all the information you need to know, but it will also include links to extensive supplementary material so you can dive deeper as needed.
Proper Atlassian Cloud configuration and auditing
The choices you make when configuring your new cloud instances of Jira, Confluence, and other tools will substantially impact the overall security of your data. For obvious reasons, your security strategy (which should be documented in detail and continually evaluated as part of your governance procedures) will guide your configuration decisions.
To illustrate, we’ll use Jira (the most popular of Atlassian’s cloud products), but the principles apply to all the Cloud tools in the Atlassian stack.
Effectively managing all configuration objects within Jira requires balancing customization with the need for standardization, consistency, and ease of maintenance across the organization. The simpler, the better. Your job will be easier with fewer custom workflows, screens, fields, and issue types. Consolidating around a small number of variations on schemes will make it easier for users to understand how to use the system. It will also reduce the overall complexity and cost of administration.
Another obvious but often overlooked or misunderstood aspect of configuration that plays a huge role in data security is access management.
Precise access controls are needed to avoid accidental or malicious changes to your configuration. This will align security standards and governance needs. All Atlassian products include robust access management features, but you may also need additional control. One feature available to support this is IP allowlisting, which is available on Cloud Premium and Enterprise instances. It allows you to specify which IP addresses users must use to access content for various tools.
The right combination of your own access controls, configurations, and tools such as Atlassian Access can help ensure the best possible access management for your organization, granting access to the right people for the right products.
Finally, it’s vital to continually monitor your configuration settings and overall security integrity to ensure it’s safe now and prepared for necessary changes in the future. As we all know, data security is a constantly evolving field.
The Atlassian Cloud platform offers a powerful audit log to augment this effort. And, additional reporting functions can and should be used to monitor the health and integrity of your cloud instances routinely.
Atlassian Cloud Governance
Effective governance is vital to many aspects of successful tooling and IT services. But, it’s much more than just documentation. Governance, done right, provides a technical “instruction manual” for all current and future activity around your IT infrastructure. An effective governance process will make the migration process smoother, faster, and more secure when you move to Atlassian Cloud. But, more importantly, it will ensure that security (and every other aspect of your future activity on the cloud) runs optimally, safely, and efficiently.
An optimal governance strategy will:
- Mitigate risk and maintain compliance
- Ensure data integrity and improve data quality
- Set, maintain, and educate on standards and best practices
- Evaluate the impact and manage changes to the Atlassian tools ecosystem (like clean up and optimization)
- Maintain the health and long-term continuity of the Atlassian tools ecosystem
- Protect the company investment in the Atlassian tools ecosystem
Here are the fundamental aspects of governance as they pertain to the Atlassian Cloud. Each is linked to a resource that goes in-depth into the topic. You’ll want to keep these in mind as you prepare for the move.
In the final article of this series, we’ll look at compliance and how regulated industries can use the Atlassian Cloud tools to help maintain it.