Jira Align And Atlassian Trust
Jira Align and Atlassian TrustA brief overview of some of the wayswe approach Trust at Atlassian
Table of contents3Jira Align4Trust - The Atlassian Way8Standards-based approach to security is critical10Jira Align’s trust architecture19Jira Align’s interaction with Jira data20Companies around the world trust the Atlassian CloudJIRA ALIGN AND ATLASSIAN TRUST2
ATLASSIAN & JIRA ALIGNToday more than 125,000 customers use our cloud products, accounting forover 10 million monthly active users. We have over 10 years of experiencebuilding our products in the cloud for our customers. Our investments giveus the competitive advantage needed in the market that helps make yourbusiness successful. Atlassian provides enterprises with the capabilities tomanage large-scale digital programs and portfolios while embracing agileways of working with unparalleled flexibility, visibility, and effectiveness.Jira Align helps you deliver the value your customers demand by keepingyour digital evolution on track. With Jira Align you will realize true businessagility, gain improved visibility, enhance strategic alignment, and scale agilepractices up and out. Additionally, you can adapt our solution to your favoritescaled agile framework, such as SAFe, DA, LeSS, Scrum@Scale, or a hybridcollection of practices. Our solution centralizes your team level data givingyou the insights needed to make the right strategic decisions.JIRA ALIGN AND ATLASSIAN TRUST3
TRUST - THE ATLASSIAN WAYAtlassian empowers modern organizations to accelerate and scaletheir teams’ productivity to their full potential. Our cloud-based toolsand services are developed, from the ground up, with a security-centricapproach that provides you with the maximum flexibility to meet yourorganization’s objectives without compromising reliability or security.The following is a brief overview of some of the ways we approach Trust atAtlassian as a whole, not necessarily specific to any one product.We believe all teams have potential to do amazing things. Our mission is tounleash the potential of every team of every size and industry, and in turn,help advance humanity through the power of software.We know that your mission is as important to you as our mission is tous, and information is at the heart of all our businesses and lives. This iswhy customer trust is at the center of what we do and why security is ourtop priority. We’re transparent with our security program so you can feelinformed and safe using our products and services.JIRA ALIGN AND ATLASSIAN TRUST4
Atlassian Trust Management SystemThe Atlassian Trust Management System (ATMS) takes each of our customers’security requirements into consideration and arrives at a set of requirementsand initiatives unique to us and our environment. Details of our initiatives areprovided on the Atlassian Trust site.Building security into the way we workWe don’t look at security as a destination to reach — it’s an ongoing journey.We continually strive to improve our software development and internaloperational processes with the aim of increasing the security of our softwareand services. Security should not be difficult and that’s why security is builtinto the fabric of our products and infrastructure. Here are a few ways webuild security in as part of the way we work, day-to-day.Security incident managementThe Security team at Atlassian aggregates logs from various sources in thehosting infrastructure and makes use of a Security Information and EventManagement (SIEM) platform to monitor and flag any suspicious activity.Our internal processes ensure these alerts are triaged, investigated further,and escalated appropriately. Our customers and the wider community areencouraged to report suspected security incidents through Atlassian Support.In the event of a serious security incident, Atlassian has access to theexpertise internally — and through external subject matter experts — toinvestigate incidents and drive them until closure. The database of oursecurity incidents is cataloged against the VERIS Framework.JIRA ALIGN AND ATLASSIAN TRUST5
Policy Management ProgramThe basis of the Trust Management System is our Policy ManagementProgram (PMP). We have structured our policies to cover the domainsincluded in both the ISO27001 standard as well as the Cloud SecurityAlliance (CSA) Cloud Controls Matrix (CCM). We have developed a couple offoundational principles to our Policy Management Program:········Posted and availableSupported by the security team to make it easy for you to complyOutlines our security objectivesShows commitment to meet our regulatory obligationsFocuses on continual iteration and improvementProvides for an exception processReviewed annuallyRisk management programIn order to continuously evaluate risks to our environments and our products,we perform ongoing risk assessments. In many cases, especially in the caseof our products, these are performed as technical risk assessments or codereviews. However, we also evaluate each of our entire product stack or aportion of our organization to uncover higher-level business risks. Generally,we have adopted the ISO27005 or ISO31010 Risk Management methodologyand apply that methodology to a particular scope.Privacy programYou own your data, and we’re committed to protecting the privacy of thatdata. Our Privacy Policy explains what information we collect about you andyour users, why we collect that data, what we do with that information, howwe share it, and how we handle the content you use with our products andservices. Our Guidelines for Law Enforcement Requests outlines our processfor how we receive, scrutinize, and respond to government requests forcustomer information.JIRA ALIGN AND ATLASSIAN TRUST6
Shared responsibilityIn the cloud, the security of your data on our systems is a joint responsibility.At a high level, Atlassian manages security of the applications themselves,the systems they run on, and the environments those systems are hosted in.You – our customers – manage the information within your accounts, managethe users accessing your accounts and related credentials, and control whichapps you install and trust. You must ensure your business is meeting itscompliance obligations in using our systems.Atlassian ResponsibilityHostingShared ResponsibilitySystemApplicationJIRA ALIGN AND ATLASSIAN TRUSTUsersPolicy &ComplianceMarketplaceAppsInformation7
STANDARDS-BASED APPROACHTO SECURITY IS CRITICALAt Atlassian we have placed trust and data security at the core of ourbusiness model. Our products integrate security considerations as well asregulatory and legal requirements by design to empower technical teamswith the highest level of security assurance.To maintain and constantly improve our security maturity, we make full useof centralized security functions. We have over 80 cybersecurity professionalsacross the globe working around the clock to continuously deployimprovements to our security practices, and the team continues to growrapidly. This constant effort ensures that vulnerabilities and risks have beenfully addressed, no matter the size, industry or location of our customers. Allcustomers benefit from this ongoing investment.Over the years, we have allocated significant financial and human capital todevelop and optimize our unified security control framework. Using a sharedframework enables us to optimize each individual control, which translates ina higher level of security assurance across our product suite.JIRA ALIGN AND ATLASSIAN TRUST8
We have also established a dedicated team for the sole purpose of buildingsophisticated tools across our platform. Our centralized logging andvulnerability management pipelines illustrate how this approach providesmaterial value to our customers.While all our customers can leverage the investments made in our platformby adopting our common controls framework, customizations and uniquecontrols naturally diverge from these investments. Meeting unique securitycontrol requirements for a subset of customers also results in a significantincrease in the complexity of our security controls, processes, resourcesand infrastructure. This complexity increases the risk that processes arenot followed consistently across multiple heterogenous security controlenvironments, and rather than increasing security it instead introduceschallenges in maintaining a consistent level of assurance across theseenvironments. We believe that contractual variations to our informationsecurity terms leads to poorer outcomes for the customer.We encourage any customers with concerns about our security clauses tospeak to our team so we can provide further assurance on our informationsecurity capabilities, compliance and regulatory frameworks, or discuss anyspecific areas of concern.JIRA ALIGN AND ATLASSIAN TRUST9
JIRA ALIGN’S TRUST ARCHITECTUREIn early 2019 we welcomed AgileCraft into the Atlassian family, rebrandedas Jira Align. We have been working diligently to bring Jira Align into theAtlassian Trust way of working. To stay up to date on our progress, pleasefollow our Trust Roadmap.Security through Continuous DeliveryThe Jira Align Team is a continuous-delivery software engineering organizationwith automated unit and API testing. We provide bi-weekly updates to all ourSaaS customers during pre-arranged maintenance windows, keeping yourorganization up to date with the latest features and benefits of Jira Align.Platform architectureJira Align utilizes common data architecture patterns of multi-tenant SaaSdatabase applications that run in a cloud environment. Tenants can access theapplication service and have full ownership of their data stored as part of theapplication, while completely safe and isolated from other tenants’ data. Wealso provide a REST-based API to enable robust and secure integration withour business logic and data.JIRA ALIGN AND ATLASSIAN TRUST10
Platform-wide availability and redundancyWe operate multiple geographically diverse data centers. Jira Align, alongwith several of our other cloud products, is hosted with the industry-leadingcloud hosting provider Amazon Web Services (AWS), resulting in optimalperformance with redundancy and failover options globally. Their data centershave been designed and optimized to host applications, have multiple levelsof redundancy built in, and run on a separate front-end hardware node onwhich application data is stored.ImplementationJira Align is designed to operate with a range of cloud vendors to providemaximum flexibility for our customers, based on their existing relationships orbusiness requirements:Amazon Web Services (AWS) provides a geographicallydistributed solution to host VMs that leverage the latest faulttolerances, performance enhancements and security.We care about high availability of your data and services. We focus onproduct resiliency through standards and practices that allow us to minimizedowntime.Jira Align supports both multi-tenant anda dedicated virtual private cloud.Standard vs. DedicatedStandardDedicatedMulti-tenant web tierCustomer Managed Keys forencryption at restMulti-tenant AWS RDS instanceAbility to audit at willPenetration testingImproved capacity overheadJIRA ALIGN AND ATLASSIAN TRUST11
The diagram below highlights a typical Jira Align implementation:Jira Align Scaled Agile Management Platform ArchitectureLoadBalancerWeb AppFirewallCloudSSO/SAMLHTTPSBrowser UIScanningSolutionsUI TierWeb AppFirewallData ServicesEmailRest APITeam Reconcilliationand Extraction icesDatabase TierApp Tier·.User authentication via SSO/SAML is self-managed via our set ofopen APIs.·Connectivity to team tools is managed via a set of pre-builtconfiguration options within Jira Align. There is no need to buildor customize an integration to any third-party tools.Learn more atatlassian.com/jira-alignJIRA ALIGN AND ATLASSIAN TRUST12
The following measures highlight our security program:DATASECURITYDENIAL OFSERVICEPHYSICALSECURITYINTERNALNETWORKJira Align providesdata encryption atrest using AES 256We leverage aleading Webapplication firewalland contentdeliverynetwork service.The data centerswe leverage arefully SOC 2 certifiedfor physical securityand infrastructurefault tolerance.All traffic is sentvia encryptedcommunication,and is firewallport blockedbetween devices.SINGLESIGN ONBACKUP ANDFAILOVERSCANNINGEXTERNALNETWORKTRAFFICSAML protocolstreamlines userauthentication/authorization; wesupport ActiveDirectory FederationServices, CASiteMinder, andmore.Jira Alignautomaticallymaintainsencryptedoffsite storage ofdata backups,validated monthly.Our security policyincludes daily portscans, system andapplication loganalysis, virus andmalware scans, andautomatedapplication and OSupdates.Users must accessthe platform viaTLS 1.2 and anauthenticateduser account; weintegrate withthird-party toolsvia mutual TLScertificate-managedcommunication, andall email traffic isTLS encrypted. JiraAlign maintains aQualsys SSL labsrating of A .JIRA ALIGN AND ATLASSIAN TRUST13
Below is a diagram of Jira Align architecture witha spotlight on security protocols:Jira Align Scaled Jira Management Platform ArchitectureCloudSSO/SAML.NET, ASP, Javascript,AJAX, RESTHTTPSBrowser UISMTP withTLS 1.2Data ServicesEmailEncryptedRest APITeam Reconcilliationand Extraction .NET ServicesCustomerSegmentedDatabase2-way SSLShared HW App Tier:Each site is ApplicationPool Win64 IIS, SMTPShared HW DB Tier:Each site is unique DBinstance MicrosoftSQL serverLearn more atatlassian.com/jira-alignJIRA ALIGN AND ATLASSIAN TRUST14
Jira Align Scaled Jira Management Platform Architecture:Dedicated Hardware and Maximum SecurityCloudSSO/SAMLTLS1.2SHA256Browser UIWebAppFirewall/CDN2-factorauth.NET, ASP, Javascript,AJAX, RESTEncryptedSMTPData ServicesRest APITeam Reconcilliation andExtraction .NET ServicesActive Directory Cluster:Global Policy, keys,user managementEmailEncryptedODBCMutualCertTLS 1.2Dedicated DB Service:Microsoft SQL serverMirrored with DataEncryption at RestSecurityGroupApp Tier:Win64 IIS, SMTPNFTS EncryptionIntrusiondetection& log analyzerLearn more atatlassian.com/jira-alignApplication trustAtlassian has a secure application development approach based on elementsof a range of industry standards, and incorporated into our agile workflow. Ourteam of security engineers continually do a rolling review of all source code inour products as part of our development cycle. Both automated and manualtechniques are employed. We also utilize a mandatory dual peer review process,where multiple senior or lead developers review all commits to master. Agileworkflows let us identify and fix any vulnerabilities quickly, especially forour cloud services. We train our developers on the OWASP Best Practices fordevelopment security.JIRA ALIGN AND ATLASSIAN TRUST15
Infrastructure trustThe Atlassian Security Team performs ongoing network vulnerability scansof both internal and external infrastructure using an industry leadingvulnerability scanner on an ongoing basis. We also maintain an internalRed Team that conducts on-going penetration test operations of all ourinfrastructure, cloud services, and people. You can always find moreinformation on our Vulnerability Management program on our website.At Atlassian, we have a very limited set of engineers and architects who areallowed to install software in our production cloud environment. In mostcases, software installation is not possible. We also utilize configurationmanagement tools for our production environments to manage configurationof all servers. Any direct changes made to those systems will be over-writtenby the approved configuration ensuring consistency. We also rely on our PeerReview / Green Build (PRGB) controls to ensure multiple reviewers approve anychanges.Atlassian restricts, logs, and monitors access to our information securitymanagement systems. These restrictions include Access Control Lists (ACLs)and multi-factor authentication requirements. We restrict, log, and monitoraccess to our Atlassian Account Identity Store. Logs are stored in a logicallyseparate system and write-access to the logs is restricted to members of theSecurity Team. Alerts are sent to the Security team when specific actions orevents are identified within the logs.JIRA ALIGN AND ATLASSIAN TRUST16
Data trustAll data are backed up via AWS Relational Database Services with automatedand secure snapshot capability and stored for 35 days. With this facility, theJira Align solution can be recovered for a specific customer in case of failureor data loss. Additional controls include:··Multiple region availability, monitored in real time.Automated region failover tests performed each week onpre-production environment.·Automated configuration data restore tests performed daily onProduction.Jira Align has high availability deployments in the AWS regions where thesolution is deployed. The Amazon Elastic Block Store (EBS) spans the entiregeographic region in these data centers, with a data resiliency guarantee.All data for our services is encrypted in transit using TLS to protect it fromunauthorized disclosure or modification, whether over HTTPS or SMTPS.Atlassian’s implementation of TLS enforce the use of strong ciphers.Atlassian’s Enterprise Risk Management (ERM) Program performs anannual risk assessment which incorporates likelihood and impact for allrisk categories and is aligned with the COSO risk model. We also performfunctional risk assessments as needed based on risk profile.Visit Atlassian’s trust center to view Atlassian’s compliance programs.JIRA ALIGN AND ATLASSIAN TRUST17
JIRA ALIGN’S INTERACTION WITHYOUR DATA IN JIRAJira Align interacts with your Jira data in order to connect the work being done tothe company’s strategy. Data is mapped automatically between Jira Softwareand Jira Align during the synchronization process. Some of the data connectionssupport a two-way synchronization, outlined in the following diagram.JIRA ALIGN AND ATLASSIAN TRUST18
COMPANIES AROUND THE WORLD TRUSTTHE ATLASSIAN CLOUDAtlassian chose in 2007 to invest early in the cloud as a delivery platform forour products. We have over 10 years of experience building our products in thecloud for our customers. Our investments give us the competitive advantageneeded in the market that helps make your business successful.Today more than 125,000 customers use our cloud products, with more than90% of our new customers purchasing one of our cloud products. This accountsfor over 10 million monthly active users on our cloud products.The cloud continues to be our focus and we will continue to invest in the cloudto expand the value we provide our customers.Your trust in Atlassian is extremely important. Here are some additionalresources to consider when making your decision to go with us.·····Atlassian Trust CenterJira Align Trust PageAtlassian Security PracticesAtlassian Trust and Security Community····Cloud Security Approach and PracticesWhy Security is a Shared ResponsibilityAtlassian Transparency ReportAtlassian Privacy PolicyJira Align Cloud Security AllianceSubmissionJIRA ALIGN AND ATLASSIAN TRUST 2019 Atlassian, Inc. All Rights Reserved. SMT-2867 DRD-12/1919
Jira Align Scaled Agile Management Platform Architecture. Scanning Solutions Security Group Load Balancer HTTPS Rest API SSO/SAML Cloud Database Services App Tier Data Services UI Tier Team Reconcilliation and Extraction (T-REX) Security Group Web App Firew
Atlassian JIRA Introduction to JIRA Issue and Project Tracking Software Tutorial 1 Once again, we are back with another tool tutorial. This time it’s the Issue and Project Tracking Software – Atlassian JIRA. You will learn JIRA issue tracking tool with this series of simple and easy to understand JIRA training tutorials. *****
JIRA locale Introduction Pour démarrer une instance de test JIRA sur une machine locale, Atlassian-SDK est la solution. Ceci est utile pour tester JIRA, développer et déboguer les plugins JIRA. Le SDK est disponible pour Windows, Linux et Mac. Voir le guide d'installation du SDK Atlassian . Pour exécuter le SDK Atlassian correctement, vous
JIRA is a project management tool developed by Atlassian with bug tracking, issue tracking, and project management functions. There are two different types of JIRA: JIRA Core and JIRA Software. JIRA Software has stronger features for agile development processes, such as working from backlogs and processing issues using a Kanban method.
Documentation for JIRA Service Desk 3.1 4 Created in 2016 by Atlassian. Licensed under a Creative Commons Attribution 2.5 Australia License. JIRA Service Desk Documentation Put the power of JIRA in the hands of your service desk team. Check out the latest JIRA Service Desk Server release notes here. Getting started Installing JIRA .
This report does not include on-premise versions of Jira and Confluence (i.e., Jira and Confluence Server and Data Center). Overview of Products and Service Jira and Confluence Cloud is a Software as a Service ("SaaS") solution which covers the Jira Suite (Jira Software and Jira Core) and Confluence. The Jira family of products are used to
The JIRA family of applications are built on the JIRA platform. JIRA Core is the default application of the JIRA platform, and will always be present in a JIRA instance. You may also choose to include other applications in your instance, such as JIRA Software and JIRA Se
Chapter 2: Starting a local JIRA test instance Introduction For starting a JIRA test instance on a local machine, the Atlassian-SDK is the way to go. This is useful for testing JIRA itself, developing and debugging JIRA plugins. The SDK is available for Windows, Linux and Mac. See the installation guide for the Atlassian SDK.
Documentation for JIRA Core 7.3 4 Created in 2017 by Atlassian. Licensed under a Creative Commons Attribution 2.5 Australia License. JIRA Core documentation JIRA Core is a customizable workflow solution that simplifies any business process such as change management, approvals, asset management and more. Try it here. Getting .
