An essential benefit of having your own environment and using servers is that you always know what is happening with your data and where it is stored. Data security in the Atlassian cloud is one of the core factors for many companies when considering a migration to the cloud.
However, since Atlassian is now in its cloud roadmap has announced that server products will only be supported until early 2024. Ask yourself, many companies are wondering what your options are now. On the one hand, you and your company have the choice to migrate natively to Atlassian's cloud. Or to host Atlassian products like Jira or Confluence via a data center (AWS, Azure, on-premises). Either way, you're using a cloud solution and reaping some benefits.
Want to learn more about the benefits of moving to the cloud? Our article '5 reasons to move to the cloud' goes into this in more detail.
Guaranteed data security in the Atlassian Cloud?
Depending on which system or "cloud type" you ultimately decide on, your data should be secure in any case and secured according to data protection guidelines such as DSGVO or GDPR.
Secure data in the cloud?
A globally active company like Atlassian must of course also comply with the data protection guidelines of the EU or Germany. This means that if products like Jira or Confluence are offered in the local market, all guidelines must be followed.
Atlassian states that under significant effort, "assist customers in [complying with] GDPR-related requirements and local laws." (More about Atlassian privacy). In addition to DSGVO and GDPR compliance, Atlassian has established additional security measures to further secure access to the cloud.
Below we have summarized the most important precautions for data security in the cloud for you:
- DSGVO: The internal handling of sensitive customer data is DSGVO compliant. Tools are provided to comply with legal obligations and local laws.
- Data classification: Internal control for access restrictions to customer data.
- ISO 27001 certification: information security management system.
- ISO 27018 certification: data protection in the cloud.
- Encryption of dormant data: All of your data is fully encrypted in the cloud.
- Mandatory two-factor authentication: Ability to enable two-factor authentication.
- Multiple authentication policies per domain: configure different authentication requirements; e.g. SSO, two-factor authentication, password policy)
For more information about cloud security and Atlassian's precautions, please visit here.
Where is your data stored?
Atlassian Cloud (Native)
When using the native cloud, i.e. cloud hosted by Atlassian, there is currently no option for the levels Standard and Premium to choose a specific location where your data is stored. This means that despite DSGVO and GDPR compliance, it cannot be ensured that your company's data is also stored in Germany.
Furthermore, it is stated that data is secured in such a way that latency is minimized. For companies in Germany, it is therefore logical (but not guaranteed) that your data is stored in Frankfurt or Dublin.
For Enterprise customers, Atlassian offers the option to assign data to a "realm". This means that if your company is located in Germany, you can pin your data to the Frankfurt or Dublin realm.
You can find more information about this here.
Confluence and Jira in Data Center
In addition to the native cloud environment, there is also the option to use the Atlassian Data Center and host the products using a cloud solution provider such as AWS or Azure. This allows you to choose where your data is stored and be compliant with the GDPR.
Furthermore, Atlassian Data Center products offer similar security measures to protect your sensitive company data, plus the ability to customize Confluence and Jira according to your needs.
Summary: Data security in the cloud
Depending on what security factors end up being most important to you and your business, you have two options for migrating to the cloud. Both offer similar options to protect your data. If the location factor is important to you. And you would like to ensure 100 % that your company data is stored in Germany, then a data center solution is the better choice for you.
Need help migrating to the cloud or want some initial advice on your options? On our cloud services page you will find more information on the topic. We would also be happy to advise you in a first personal meeting.
