Jira Align And Atlassian Trust

8m ago
2 Views
1 Downloads
676.79 KB
19 Pages
Last View : 1m ago
Last Download : 1m ago
Upload by : Javier Atchley
Transcription

Jira Align and Atlassian TrustA brief overview of some of the wayswe approach Trust at Atlassian

Table of contents3Jira Align4Trust - The Atlassian Way8Standards-based approach to security is critical10Jira Align’s trust architecture19Jira Align’s interaction with Jira data20Companies around the world trust the Atlassian CloudJIRA ALIGN AND ATLASSIAN TRUST2

ATLASSIAN & JIRA ALIGNToday more than 125,000 customers use our cloud products, accounting forover 10 million monthly active users. We have over 10 years of experiencebuilding our products in the cloud for our customers. Our investments giveus the competitive advantage needed in the market that helps make yourbusiness successful. Atlassian provides enterprises with the capabilities tomanage large-scale digital programs and portfolios while embracing agileways of working with unparalleled flexibility, visibility, and effectiveness.Jira Align helps you deliver the value your customers demand by keepingyour digital evolution on track. With Jira Align you will realize true businessagility, gain improved visibility, enhance strategic alignment, and scale agilepractices up and out. Additionally, you can adapt our solution to your favoritescaled agile framework, such as SAFe, DA, LeSS, Scrum@Scale, or a hybridcollection of practices. Our solution centralizes your team level data givingyou the insights needed to make the right strategic decisions.JIRA ALIGN AND ATLASSIAN TRUST3

TRUST - THE ATLASSIAN WAYAtlassian empowers modern organizations to accelerate and scaletheir teams’ productivity to their full potential. Our cloud-based toolsand services are developed, from the ground up, with a security-centricapproach that provides you with the maximum flexibility to meet yourorganization’s objectives without compromising reliability or security.The following is a brief overview of some of the ways we approach Trust atAtlassian as a whole, not necessarily specific to any one product.We believe all teams have potential to do amazing things. Our mission is tounleash the potential of every team of every size and industry, and in turn,help advance humanity through the power of software.We know that your mission is as important to you as our mission is tous, and information is at the heart of all our businesses and lives. This iswhy customer trust is at the center of what we do and why security is ourtop priority. We’re transparent with our security program so you can feelinformed and safe using our products and services.JIRA ALIGN AND ATLASSIAN TRUST4

Atlassian Trust Management SystemThe Atlassian Trust Management System (ATMS) takes each of our customers’security requirements into consideration and arrives at a set of requirementsand initiatives unique to us and our environment. Details of our initiatives areprovided on the Atlassian Trust site.Building security into the way we workWe don’t look at security as a destination to reach — it’s an ongoing journey.We continually strive to improve our software development and internaloperational processes with the aim of increasing the security of our softwareand services. Security should not be difficult and that’s why security is builtinto the fabric of our products and infrastructure. Here are a few ways webuild security in as part of the way we work, day-to-day.Security incident managementThe Security team at Atlassian aggregates logs from various sources in thehosting infrastructure and makes use of a Security Information and EventManagement (SIEM) platform to monitor and flag any suspicious activity.Our internal processes ensure these alerts are triaged, investigated further,and escalated appropriately. Our customers and the wider community areencouraged to report suspected security incidents through Atlassian Support.In the event of a serious security incident, Atlassian has access to theexpertise internally — and through external subject matter experts — toinvestigate incidents and drive them until closure. The database of oursecurity incidents is cataloged against the VERIS Framework.JIRA ALIGN AND ATLASSIAN TRUST5

Policy Management ProgramThe basis of the Trust Management System is our Policy ManagementProgram (PMP). We have structured our policies to cover the domainsincluded in both the ISO27001 standard as well as the Cloud SecurityAlliance (CSA) Cloud Controls Matrix (CCM). We have developed a couple offoundational principles to our Policy Management Program:········Posted and availableSupported by the security team to make it easy for you to complyOutlines our security objectivesShows commitment to meet our regulatory obligationsFocuses on continual iteration and improvementProvides for an exception processReviewed annuallyRisk management programIn order to continuously evaluate risks to our environments and our products,we perform ongoing risk assessments. In many cases, especially in the caseof our products, these are performed as technical risk assessments or codereviews. However, we also evaluate each of our entire product stack or aportion of our organization to uncover higher-level business risks. Generally,we have adopted the ISO27005 or ISO31010 Risk Management methodologyand apply that methodology to a particular scope.Privacy programYou own your data, and we’re committed to protecting the privacy of thatdata. Our Privacy Policy explains what information we collect about you andyour users, why we collect that data, what we do with that information, howwe share it, and how we handle the content you use with our products andservices. Our Guidelines for Law Enforcement Requests outlines our processfor how we receive, scrutinize, and respond to government requests forcustomer information.JIRA ALIGN AND ATLASSIAN TRUST6

Shared responsibilityIn the cloud, the security of your data on our systems is a joint responsibility.At a high level, Atlassian manages security of the applications themselves,the systems they run on, and the environments those systems are hosted in.You – our customers – manage the information within your accounts, managethe users accessing your accounts and related credentials, and control whichapps you install and trust. You must ensure your business is meeting itscompliance obligations in using our systems.Atlassian ResponsibilityHostingShared ResponsibilitySystemApplicationJIRA ALIGN AND ATLASSIAN TRUSTUsersPolicy &ComplianceMarketplaceAppsInformation7

STANDARDS-BASED APPROACHTO SECURITY IS CRITICALAt Atlassian we have placed trust and data security at the core of ourbusiness model. Our products integrate security considerations as well asregulatory and legal requirements by design to empower technical teamswith the highest level of security assurance.To maintain and constantly improve our security maturity, we make full useof centralized security functions. We have over 80 cybersecurity professionalsacross the globe working around the clock to continuously deployimprovements to our security practices, and the team continues to growrapidly. This constant effort ensures that vulnerabilities and risks have beenfully addressed, no matter the size, industry or location of our customers. Allcustomers benefit from this ongoing investment.Over the years, we have allocated significant financial and human capital todevelop and optimize our unified security control framework. Using a sharedframework enables us to optimize each individual control, which translates ina higher level of security assurance across our product suite.JIRA ALIGN AND ATLASSIAN TRUST8

We have also established a dedicated team for the sole purpose of buildingsophisticated tools across our platform. Our centralized logging andvulnerability management pipelines illustrate how this approach providesmaterial value to our customers.While all our customers can leverage the investments made in our platformby adopting our common controls framework, customizations and uniquecontrols naturally diverge from these investments. Meeting unique securitycontrol requirements for a subset of customers also results in a significantincrease in the complexity of our security controls, processes, resourcesand infrastructure. This complexity increases the risk that processes arenot followed consistently across multiple heterogenous security controlenvironments, and rather than increasing security it instead introduceschallenges in maintaining a consistent level of assurance across theseenvironments. We believe that contractual variations to our informationsecurity terms leads to poorer outcomes for the customer.We encourage any customers with concerns about our security clauses tospeak to our team so we can provide further assurance on our informationsecurity capabilities, compliance and regulatory frameworks, or discuss anyspecific areas of concern.JIRA ALIGN AND ATLASSIAN TRUST9

JIRA ALIGN’S TRUST ARCHITECTUREIn early 2019 we welcomed AgileCraft into the Atlassian family, rebrandedas Jira Align. We have been working diligently to bring Jira Align into theAtlassian Trust way of working. To stay up to date on our progress, pleasefollow our Trust Roadmap.Security through Continuous DeliveryThe Jira Align Team is a continuous-delivery software engineering organizationwith automated unit and API testing. We provide bi-weekly updates to all ourSaaS customers during pre-arranged maintenance windows, keeping yourorganization up to date with the latest features and benefits of Jira Align.Platform architectureJira Align utilizes common data architecture patterns of multi-tenant SaaSdatabase applications that run in a cloud environment. Tenants can access theapplication service and have full ownership of their data stored as part of theapplication, while completely safe and isolated from other tenants’ data. Wealso provide a REST-based API to enable robust and secure integration withour business logic and data.JIRA ALIGN AND ATLASSIAN TRUST10

Platform-wide availability and redundancyWe operate multiple geographically diverse data centers. Jira Align, alongwith several of our other cloud products, is hosted with the industry-leadingcloud hosting provider Amazon Web Services (AWS), resulting in optimalperformance with redundancy and failover options globally. Their data centershave been designed and optimized to host applications, have multiple levelsof redundancy built in, and run on a separate front-end hardware node onwhich application data is stored.ImplementationJira Align is designed to operate with a range of cloud vendors to providemaximum flexibility for our customers, based on their existing relationships orbusiness requirements:Amazon Web Services (AWS) provides a geographicallydistributed solution to host VMs that leverage the latest faulttolerances, performance enhancements and security.We care about high availability of your data and services. We focus onproduct resiliency through standards and practices that allow us to minimizedowntime.Jira Align supports both multi-tenant anda dedicated virtual private cloud.Standard vs. DedicatedStandardDedicatedMulti-tenant web tierCustomer Managed Keys forencryption at restMulti-tenant AWS RDS instanceAbility to audit at willPenetration testingImproved capacity overheadJIRA ALIGN AND ATLASSIAN TRUST11

The diagram below highlights a typical Jira Align implementation:Jira Align Scaled Agile Management Platform ArchitectureLoadBalancerWeb AppFirewallCloudSSO/SAMLHTTPSBrowser UIScanningSolutionsUI TierWeb AppFirewallData ServicesEmailRest APITeam Reconcilliationand Extraction icesDatabase TierApp Tier·.User authentication via SSO/SAML is self-managed via our set ofopen APIs.·Connectivity to team tools is managed via a set of pre-builtconfiguration options within Jira Align. There is no need to buildor customize an integration to any third-party tools.Learn more atatlassian.com/jira-alignJIRA ALIGN AND ATLASSIAN TRUST12

The following measures highlight our security program:DATASECURITYDENIAL OFSERVICEPHYSICALSECURITYINTERNALNETWORKJira Align providesdata encryption atrest using AES 256We leverage aleading Webapplication firewalland contentdeliverynetwork service.The data centerswe leverage arefully SOC 2 certifiedfor physical securityand infrastructurefault tolerance.All traffic is sentvia encryptedcommunication,and is firewallport blockedbetween devices.SINGLESIGN ONBACKUP ANDFAILOVERSCANNINGEXTERNALNETWORKTRAFFICSAML protocolstreamlines userauthentication/authorization; wesupport ActiveDirectory FederationServices, CASiteMinder, andmore.Jira Alignautomaticallymaintainsencryptedoffsite storage ofdata backups,validated monthly.Our security policyincludes daily portscans, system andapplication loganalysis, virus andmalware scans, andautomatedapplication and OSupdates.Users must accessthe platform viaTLS 1.2 and anauthenticateduser account; weintegrate withthird-party toolsvia mutual TLScertificate-managedcommunication, andall email traffic isTLS encrypted. JiraAlign maintains aQualsys SSL labsrating of A .JIRA ALIGN AND ATLASSIAN TRUST13

Below is a diagram of Jira Align architecture witha spotlight on security protocols:Jira Align Scaled Jira Management Platform ArchitectureCloudSSO/SAML.NET, ASP, Javascript,AJAX, RESTHTTPSBrowser UISMTP withTLS 1.2Data ServicesEmailEncryptedRest APITeam Reconcilliationand Extraction .NET ServicesCustomerSegmentedDatabase2-way SSLShared HW App Tier:Each site is ApplicationPool Win64 IIS, SMTPShared HW DB Tier:Each site is unique DBinstance MicrosoftSQL serverLearn more atatlassian.com/jira-alignJIRA ALIGN AND ATLASSIAN TRUST14

Jira Align Scaled Jira Management Platform Architecture:Dedicated Hardware and Maximum SecurityCloudSSO/SAMLTLS1.2SHA256Browser UIWebAppFirewall/CDN2-factorauth.NET, ASP, Javascript,AJAX, RESTEncryptedSMTPData ServicesRest APITeam Reconcilliation andExtraction .NET ServicesActive Directory Cluster:Global Policy, keys,user managementEmailEncryptedODBCMutualCertTLS 1.2Dedicated DB Service:Microsoft SQL serverMirrored with DataEncryption at RestSecurityGroupApp Tier:Win64 IIS, SMTPNFTS EncryptionIntrusiondetection& log analyzerLearn more atatlassian.com/jira-alignApplication trustAtlassian has a secure application development approach based on elementsof a range of industry standards, and incorporated into our agile workflow. Ourteam of security engineers continually do a rolling review of all source code inour products as part of our development cycle. Both automated and manualtechniques are employed. We also utilize a mandatory dual peer review process,where multiple senior or lead developers review all commits to master. Agileworkflows let us identify and fix any vulnerabilities quickly, especially forour cloud services. We train our developers on the OWASP Best Practices fordevelopment security.JIRA ALIGN AND ATLASSIAN TRUST15

Infrastructure trustThe Atlassian Security Team performs ongoing network vulnerability scansof both internal and external infrastructure using an industry leadingvulnerability scanner on an ongoing basis. We also maintain an internalRed Team that conducts on-going penetration test operations of all ourinfrastructure, cloud services, and people. You can always find moreinformation on our Vulnerability Management program on our website.At Atlassian, we have a very limited set of engineers and architects who areallowed to install software in our production cloud environment. In mostcases, software installation is not possible. We also utilize configurationmanagement tools for our production environments to manage configurationof all servers. Any direct changes made to those systems will be over-writtenby the approved configuration ensuring consistency. We also rely on our PeerReview / Green Build (PRGB) controls to ensure multiple reviewers approve anychanges.Atlassian restricts, logs, and monitors access to our information securitymanagement systems. These restrictions include Access Control Lists (ACLs)and multi-factor authentication requirements. We restrict, log, and monitoraccess to our Atlassian Account Identity Store. Logs are stored in a logicallyseparate system and write-access to the logs is restricted to members of theSecurity Team. Alerts are sent to the Security team when specific actions orevents are identified within the logs.JIRA ALIGN AND ATLASSIAN TRUST16

Data trustAll data are backed up via AWS Relational Database Services with automatedand secure snapshot capability and stored for 35 days. With this facility, theJira Align solution can be recovered for a specific customer in case of failureor data loss. Additional controls include:··Multiple region availability, monitored in real time.Automated region failover tests performed each week onpre-production environment.·Automated configuration data restore tests performed daily onProduction.Jira Align has high availability deployments in the AWS regions where thesolution is deployed. The Amazon Elastic Block Store (EBS) spans the entiregeographic region in these data centers, with a data resiliency guarantee.All data for our services is encrypted in transit using TLS to protect it fromunauthorized disclosure or modification, whether over HTTPS or SMTPS.Atlassian’s implementation of TLS enforce the use of strong ciphers.Atlassian’s Enterprise Risk Management (ERM) Program performs anannual risk assessment which incorporates likelihood and impact for allrisk categories and is aligned with the COSO risk model. We also performfunctional risk assessments as needed based on risk profile.Visit Atlassian’s trust center to view Atlassian’s compliance programs.JIRA ALIGN AND ATLASSIAN TRUST17

JIRA ALIGN’S INTERACTION WITHYOUR DATA IN JIRAJira Align interacts with your Jira data in order to connect the work being done tothe company’s strategy. Data is mapped automatically between Jira Softwareand Jira Align during the synchronization process. Some of the data connectionssupport a two-way synchronization, outlined in the following diagram.JIRA ALIGN AND ATLASSIAN TRUST18

COMPANIES AROUND THE WORLD TRUSTTHE ATLASSIAN CLOUDAtlassian chose in 2007 to invest early in the cloud as a delivery platform forour products. We have over 10 years of experience building our products in thecloud for our customers. Our investments give us the competitive advantageneeded in the market that helps make your business successful.Today more than 125,000 customers use our cloud products, with more than90% of our new customers purchasing one of our cloud products. This accountsfor over 10 million monthly active users on our cloud products.The cloud continues to be our focus and we will continue to invest in the cloudto expand the value we provide our customers.Your trust in Atlassian is extremely important. Here are some additionalresources to consider when making your decision to go with us.·····Atlassian Trust CenterJira Align Trust PageAtlassian Security PracticesAtlassian Trust and Security Community····Cloud Security Approach and PracticesWhy Security is a Shared ResponsibilityAtlassian Transparency ReportAtlassian Privacy PolicyJira Align Cloud Security AllianceSubmissionJIRA ALIGN AND ATLASSIAN TRUST 2019 Atlassian, Inc. All Rights Reserved. SMT-2867 DRD-12/1919

Jira Align Scaled Agile Management Platform Architecture. Scanning Solutions Security Group Load Balancer HTTPS Rest API SSO/SAML Cloud Database Services App Tier Data Services UI Tier Team Reconcilliation and Extraction (T-REX) Security Group Web App Firew

Related Documents:

Atlassian JIRA Introduction to JIRA Issue and Project Tracking Software Tutorial 1 Once again, we are back with another tool tutorial. This time it’s the Issue and Project Tracking Software – Atlassian JIRA. You will learn JIRA issue tracking tool with this series of simple and easy to understand JIRA training tutorials. *****

The JIRA family of applications are built on the JIRA platform. JIRA Core is the default application of the JIRA platform, and will always be present in a JIRA instance. You may also choose to include other applications in your instance, such as JIRA Software and JIRA Se

Documentation for JIRA Service Desk 3.1 4 Created in 2016 by Atlassian. Licensed under a Creative Commons Attribution 2.5 Australia License. JIRA Service Desk Documentation Put the power of JIRA in the hands of your service desk team. Check out the latest JIRA Service Desk Server release notes here. Getting started Installing JIRA .

Chapter 2: Starting a local JIRA test instance Introduction For starting a JIRA test instance on a local machine, the Atlassian-SDK is the way to go. This is useful for testing JIRA itself, developing and debugging JIRA plugins. The SDK is available for Windows, Linux and Mac. See the installation guide for the Atlassian SDK.

The Intuitive Jira Guide For Users (2018) . iDalko. This Jira tutorial will cover features and functionality suitable for everyone using Jira. Jira is a self-hosted project management tool developed by Atlassian. It may seem a little

Documentation for JIRA Core 7.3 4 Created in 2017 by Atlassian. Licensed under a Creative Commons Attribution 2.5 Australia License. JIRA Core documentation JIRA Core is a customizable workflow solution that simplifies any business process such as change management, approvals, asset management and more. Try it here. Getting .

Documentation for JIRA Core 7.1 4 Created in 2016 by Atlassian. Licensed under a Creative Commons Attribution 2.5 Australia License. JIRA Core documentation JIRA Core is a customizable workflow solution that simplifies any business process such as change management, approvals, asset management and more. Try it here. Getting .

Portfolio for Jira is tightly integrated with your Jira Software project data and boards. Every time you calculate your Portfolio plan, Portfolio pulls the latest data from your work in Jira Software. This ‘pull’ from Jira Software means you are always planning with the most up-to-date information. 5 & - 2

Jan 01, 2012 · Documentation for JIRA Core Server 7.2 5 Created in 2016 by Atlassian. Licensed under a Creative Commons Attribution 2.5 Australia License. automatically be assigned a workflow and a status on that workflow.

7 Steps to more effective teamwork with Atlassian and Slack 10 Ivan says, We use Slack and Atlassian massively, mainly with Jira Service Management. Among all the bells and whistles, there is a simple and powerful feature that I recently learned that helped us a lot - the ability to

Mar 29, 2011 · This is the starting point for the Atlassian Dragon Quest. By the time you reach the end of this set of instructions, you will have an awesome Atlassian integrated development suite (details below). There's a good chance that the Atlassian Integration Dragon will scorch the clo

Portfolio for JIRA Creating a vision for a product in the form of a roadmap or a list of big-ticket items is a great foundation for starting to understand how Portfolio for JIRA works. These strategic business goals and the understanding of how planning works with scope, res

2 JIRA Quick Guide Issues in progress In Progress gadget displays all issues that are currently in progress and assigned to the current user viewing the dashboard. Edit To open Issue:1. 2. Click any hyperlinked column shown. Working with Dashboard Assigned to Me The JIRA Dashbo

SPS is using Jira to keep track of subawardinvoices. Since Spring 2018, SPS is keeping track of subaward invoices in “Jira” When SPS receives a sub-contract invoice, SPS checks it for the major components, uploads it into Jira and sends it to the dept. The de

BE A JIRA HERO 6 9 10 Link related issues to each other Just be sure to assign correct link type. Links allow you to connect and maintain visibility across the various efforts related to a single project. Ensure sub-tasks are complete Set up approvals for subtasks to prevent users from moving tasks to done until all sub-tasks are complete.

Atlassian Bitbucket Data Center on NetApp for Scalable DevOps Scalability, Collaboration, Staging, and Disaster Recovery for Bitbucket (Git) on ONTAP (ONTAP 9, ONTAP Select, ONTAP Cloud) Bikash Roy Choudhury, NetApp September 2017 WP-7256 Abstract The Atlassian stack consists of a wid

Oct 10, 2012 · Documentation for Stash 1.3 4 Created in 2012 by Atlassian. Licensed under a Creative Commons Attribution 2.5 Australia License. Getting started Atlassian Stash is the on-premises

information (PHI) concerns, it would appear on-premise products would be a natural fit for the Healthcare industry. However, as of February 2021 Atlassian is no longer selling Atlassian Server products, meaning that any new or existing Server license would deprocate by 2024 at the latest. Many Marketplace Apps will likely dwindle before then.

Align is an award-winning, highly configurable lighting system, designed to accommodate the changing needs of any space. AWARDS RECEIVED FOR ALIGN: UNLIMITED . on-site to a dropped position. ALIGN 3 Suspended. ALIGN 2 — Anatomy SUSPENDED DISBELIEF A small profile lighting system with magnetic accessories, integrated indirect illumination .

Attila has been an Authorized AutoCAD Architecture Instructor since 2008 and teaching AutoCAD Architecture software to future architects at the Department of Architectural Representation of Budapest University of Technology and Economics in Hungary. He also took part in creating various tutorial materials for architecture students. Currently he .