Optimizing for Cloud Best Practices After Migration
So far in this series, we’ve discussed how Atlassian Cloud differs from Atlassian Server, and by extension Atlassian Data Center products. We’ve also discussed the considerations that go into planning for a migration to Atlassian Cloud, and the different types of migrations paths to Atlassian Cloud. Now we’re going to discuss the next phase of the process, something that occurs after you’re up and running in your new instance, and that’s optimization.
After you’ve deployed in Atlassian Cloud, you’ll naturally want to know how you can get the most out of your new cloud instance. Not to mention the fact that optimizing for cloud computing best practices is going to set you up for greater efficiency, performance, and productivity.
In this post, we’re going to discuss all the features you’ll want to take advantage of now that you’re up and running in Atlassian Cloud. This includes security best practices, Atlassian Access, APIs, and customizations you can make to increase the functionality of your cloud environment.
We’ll dive into all that shortly, but first…
Is Your Organization Atlassian Cloud Ready?
Migrating to Atlassian Cloud is only half of the story. The other half lies in optimizing your infrastructure and your instance for cloud computing best practices. If you’d like to learn more about how you can do that, watch our on demand webinar—Is Your Organization Atlassian Cloud Ready? What You Need to Know.
In this webinar, our Atlassian experts answer your questions and walk you through all the considerations you need to make to migrate to Atlassian Cloud and optimize for best practices.
Now, let’s discuss how you can optimize your instance for best practices in the Atlassian Cloud environment.
Atlassian Cloud Security Best Practices
Assess Your Cloud Risk Profile
One of the best things you can do to get started on the right path after migrating to Atlassian cloud is to create a strong security foundation. The key to that lies in understanding what your teams use their Atlassian products for and instituting security protocols that accurately reflects that risk. This is particularly critical when you have multiple teams using multiple instances of Jira, Confluence, or Bitbucket Cloud.
Option 1: Create an “organization” for central visibility and management
So how do you get visibility into all of your Atlassian Cloud products in one place? The answer is: organizations. Organizations offer admins a central location to assert the proper controls and security measures across all Atlassian accounts at their company.
With organizations, you can verify your corporate domain, manage all Atlassian accounts and products, and enforce security protocols such as SSO and automated user provisioning. We’ll discuss more about how to implement these security protocols later in this post.
Option 2: Apply security protocols that reflect the risk-level of your data
If you elect not to create an organization, you can arrange your Atlassian infrastructure so that only certain cloud sites, products, or repositories have sensitive data stored within them. Then, you can restrict access to those particular sites, to a limited subset of users.
Incorporate an identity provider
Another Atlassian Cloud best practices is to leverate an identity provider to provide a single sign-on (SSO) and/or set up automated user provisioning and de-provisioning. Let’s take a closer look at those options now.
Option 1: Setup a SSO (single sign-on) with your identity provider
A great way to manage account access is with a single sign-on solution. This allows users a consistent login experience across all your applications and mitigates the risk associated with accumulating numerous logins across an organization. Integrating an SSO provider with your Atlassian infrastructure will give you the ability to implement just in time provisioning, centralized management of authentication policies, and automatic lockout when a user is deactivated.
Option 2: Automated user provisioning
With automated user provisioning, you can sync between your identity provider and your Atlassian Cloud products so you no longer have to manually create user accounts with you acquire a new employee or an existing employee changes teams. Likewise, automated de-provisioning reduces exposure to information breaches by removing access for any user the moment they are deactivated.
Implement security protocols
It is imperative that you have security protocols in effect and are routinely monitoring its effectiveness. Here are a few considerations for your adoption of security protocols.
Increase login security
If you opt not to use a single sign-on, you may choose to use one of the following alternatives to ensure proper user provisioning.
- Individual two-step verification
- Enforced two-step verification with a subscription to Atlassian Access. (We’ll discuss Atlassian Access more later in this document).
- Password policies with a subscription to Atlassian Access.
Run routine audits
As part of your security protocols, you should always plan routine audits to make sure your implemented measures are being enforced effectively. By reviewing your product audit logs, you can detect suspicious activity as well as troubleshoot issues. Both Confluence and Jira offer audit logs that can enable you to understand which events and actions are logged and what your configuration options are.
In addition to product audit logs, you should also routinely audit the list of users with access to your sensitive data and remove access from anyone that should no longer have it. This is true even if you’re utilizing enhanced security protocols like single sign-on, two-step verification, and password policies.
Educate your team on security best practices
It’s critical to ensure that your teams are educated on security best practices and how to mitigate risk. Here are a few key components to communicate to your users.
- Do not include credit card numbers in tickets, pages, etc.
- Restrict access to pages or tickets that include sensitive information.
- If you don’t plan on enforcing SSO or a password policy, encourage employees to use strong passwords, never repeat them, and change them regularly.
- Recommend that users enable individual two-step verification for their Atlassian account.
- Remind users that API tokens should be used for Jira and Confluence REST API basic authentication.
Understand Atlassian’s Role in Data Protection
While it’s clear you need to understand your role and responsibilities toward your own organizations security, it’s also important for you to understand Atlassian’s role in securing their cloud infrastructure.
Atlassian Cloud was built with security as its core foundation. Atlassian works continuously to improve their software and internal operations and to address new threat trends and ensure the protection of its services and your data. While it would not be prudent to rest all of your security concerns on Atlassian protocols, they do assert their own stringent controls to govern your organizations data.
You can learn more about Atlassian’s efforts to strengthen their cybersecurity and privacy here.
Atlassian Access allows you to scale your Atlassian cloud products with enterprise-grade security and centralized administration across all your Atlassian cloud products. It also allows you to centralize your security and governance across your entire organization for every Atlassian Cloud product used including Jira Software, Jira Service Desk, Confluence, Bitbucket, and soon, Trello.
Atlassian Access Features:
- SAML single sign-on (SSO): Increases security and simplifies logins
- User provisioning: Automates user lifecycle management
- Active Directory sync: For Okta, Azure, OneLogin, and more
- Organization audit log: Gives visibility into important activities
- Organization insights: Helps you to understand product adoption
- API token controls: Allows you to view and manage API access
- Enforced 2FA: Allows you to require verification upon login
- Atlassian Access Support: Enhances support from our global team
Atlassian Connect & APIs
With Atlassian Connect, you can integrate your add-ons to extend your Atlassian products. Atlassian Connect is a framework that allows you build applications for Atlassian Cloud products. Your apps can then extend your Cloud interface, access the APIs, and respond to events.
Atlassian Connect handles the discovery, installation, authentication, and integration of your applications with your Atlassian Cloud UI. Connect apps operate remotely over HTTP. To the end user, an app appears as a fully integrated part of your Cloud instance. Once the app is installed, its features are delivered right from your Cloud UI.
You can write your Connect app with any programming language and web framework, and deploy it in whatever way you like.
Rest APIs available with Atlassian Cloud include:
- Bitbucket Cloud REST API
- Confluence Cloud REST API
- Jira Cloud REST API
- Jira Service Desk Cloud REST API
- Jira Software Cloud REST API
Mobile Applications for Jira and Confluence
Atlassian offers mobile applications for both Jira and Confluence Cloud so that you can stay informed and collaborate with your organization on the go.
1,000 Atlassian Cloud applications to extend functionality
Atlassian Marketplace offers 1,000 cloud applications that can add additional functionality for your cloud products so that you can customize your instance so that it meets all of your organization’s unique needs.
You are now familiar with all the ways to get the most from Atlassian Cloud and optimize your organization for best practices. These include security best practices, implementing Atlassian Access, understanding APIs, and customizing your instance.
However, if you would feel more confident allowing a team of IT veterans and Atlassian experts to assist you in navigating your new cloud environment, we’d love to come alongside your organization and assist you with that. Reach out to us so we can set up a time to chat about what Coyote Creek can do for you.
At Coyote Creek, as an Atlassian Platinum Solution Partner, we know it’s the human connection that makes the difference in all that we do.