Atlassian Cloud Q&A Series: Security and Data Regulations

As you probably know by now, Atlassian has announced the end of life for their Server line of products. If not, here’s a snippet of our original announcement,

  • New Server licenses will not be sold after Feb 2, 2021, and Server support will end by Feb 2024
  • Price increases were announced for Server(renewals) and Data Center starting Feb 2, 2021

Shortly after this announcement, we held a webinar further explaining the changes coming to Atlassian Server and Data Center products. In essence, Server customers are going to either have to upgrade to Data Center or Cloud products. And, due to price increases, some Data Center customers may even want to shift to Cloud. 

With Atlassian and many others making a strong push for Cloud adoption, many questions have emerged from concerned customers who question whether Atlassian Cloud products are a good fit. 

To avoid confusion and help customers make a wise decision, we’re introducing a series of posts dedicated to responding to the most common questions about Cloud adoption. 

The first part of this series is going to be around security and data regulations, and that’s what we’re going to be discussing today. So let’s get started.

Atlassian Cloud Security, Regulations, and Certifications

One of the more obvious red flags about the end of Atlassian Server products is that many companies can’t move to the cloud due to regulations by which they must abide. Yet they’re not large enough for a move to Data Center to be cost-effective. So how will Atlassian support these customers when server support ends in February 2024? 

Well, we went straight to the source when our very own Jira Guy interviewed Atlassian’s Harsh Jawharkar and asked him what Atlassian was planning to do to add the security and certifications to the cloud that would allow these customers to use it effectively while maintaining compliance.

Harsh helped to explain cloud security at Atlassian and the lengths they have taken to obtain, and maintain, all industry-accepted certifications required to comply with current industry standards and regulations. 

Atlassian Cloud Security Planning Considerations and Certifications

Harsh believes Cloud customers can be confident that their company and data are secure and compliant. To uphold strong infrastructure security in cloud computing, Atlassian maintains a robust program to comply with SOC2, ISO27001, ISO27018, PCI DSS, and CSA STAR for Jira Cloud Security as well as many of their other products. 

Atlassian has also completed a comprehensive GDPR compliance program and offers a Data Processing Addendum for customers. Furthermore, they receive routine third-party audits to validate compliance. 

At the time of this post, Trello has received FedRAMP certification, and Jira Cloud FedRamp and Confluence Cloud FedRamp certifications are currently being evaluated. Atlassian is also working on achieving Jira Cloud HIPAA, BaFin, and APRA compliance for Jira Software, Jira Service Management, and Confluence Cloud.

For privacy concerns, Atlassian allows cloud users to choose where their primary data is located and prevent it from unauthorized access with industry best-practices.

You can see more of their progress and plans from now to February 2024 on their cloud platform and services roadmap

Taking Security Into Your Hands with Atlassian Access

Another powerful resource available for customers is Atlassian Access. Atlassian Access delivers enterprise-grade security and management functionality for your administrators. 

With Access, customers have a centralized system to manage security and governance across their entire organization. Along with Confluence, Bitbucket, and Trello, Jira Cloud Access features include SAML single sign-on, SCIM, user provisioning, enforced 2FA (two-factor authentication), and auditing. 

To learn more about how Access enables organizations to enhance their security measures, maintain compliance, and unify user management check out our Atlassian Access Security Guide.

Cloud Alternatives for Atlassian Server Customers

For some organizations, there may still be mitigating circumstances that will prevent them from maintaining their strict compliance standards through Atlassian Cloud products. For these customers, they have the option of deploying Data Center products in a non-clustered environment to maintain their infrastructure. 

However, at this time, the entry point for Data Center remains the 500 user license tier with no plans to add lower tiers. 

Cloud Security Consulting 

As veteran IT consultants and Atlassian Platinum Solutions Partners, we understand that changing your infrastructure or migrating entirely can be a complex endeavor. One that requires careful planning and expert execution. 

If you’re still unsure as to whether or not an Atlassian Cloud migration is appropriate for your specific compliance needs, or if you’re looking for help with managed cloud security, please reach out so we can set up a time to talk through your infrastructure and requirements.