Versions Compared

Old Version 6

changes.mady.by.user Sam HABBAL

Saved on

compared with

New Version 7

changes.mady.by.user Sam HABBAL

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview
Atlassian Cloud is the hosting platform designed and used by us to deliver Atlassian applications as a service. Each subscriber's Atlassian Cloud applications are physically located on a server in a dedicated, locked cage at our data center partners. Our data center partners provide power, network and backup services. Atlassian owns the servers and is responsible for provisioning, monitoring, and managing the servers, and for providing support to Atlassian Cloud subscribers.

 

Data storage

...


Our Atlassian Cloud platform was designed and optimized by us specifically to host Atlassian applications and has multiple levels of redundancy built in. The applications themselves run on a separate front-end hardware node than that on which the data is stored. Hardware failure of the compute node is recovered automatically. Application data is stored on a RAID 10 (mirrored and striped) storage node which is replicated to a secondary storage node every four hours. If the primary storage node has a problem or becomes unavailable, the applications can be switched over to the secondary storage node.

 

Facilities
Access to the data centers is limited to authorized personnel only, as verified by biometric identity verification measures. Physical security measures include: on-premises security guards, closed circuit video monitoring, man traps, and additional intrusion protection measures. Within the data center, all Atlassian equipment is stored in locked cages designed to be earthquake-proof.

Our data centres are located in geographically diverse locations across the United States.

 

People and access
Our global support team maintains an account on all cloud systems and applications for the purposes of maintenance and support. This support team accesses hosted applications and data only for purposes of application health monitoring and performing system or application maintenance, and upon customer request via our support system. Within Atlassian, only authorized Atlassian employees have access to application data. Authentication is done via individual passphrase-protected public keys, rather than passwords, and the servers only accept incoming SSH connections from Atlassian and internal data center locations. Atlassian Cloud is designed to allow application data to be accessible only with appropriate credentials, such that one customer cannot access another customer's data without explicit knowledge of that other customers' login information. Customers are responsible for maintaining the security of their own login information.

The Atlassian operations team monitors the Atlassian Cloud platform 24x7 from operation centers in Sydney, San Francisco, and Amsterdam. Information about system uptime is publicly available here.

 

Certification
To augment 3rd party application penetration testing we have performed, we have selected data center providers that maintain industry-standard certifications.

Our data centers are SOC-1 (formerly SAS 70) compliant. These certifications address physical security, system availability, network and IP backbone access, customer provisioning and problem management.

 

Backups
Application database backups for Atlassian Cloud occur on the following frequencies: On-site backups are performed daily and retained for seven days; Tape backups are taken weekly, which are then stored off-site and retained for four weeks. All backup data is encrypted.

 

Privacy
Atlassian understands the importance of ensuring the privacy of your personally identifiable information. For more information, please see our Privacy Statement.

NOTE: This Security Statement applies to the Atlassian Cloud service. For questions regarding Atlassian's legacy hosted services (such as JIRA Studio, JIRA Enterprise Hosted and Confluence Enterprise Hosted), please contact us.

 

 

 

  • Backups: Explain your backup and recovery policy for customer data. You should publish your RTO andRPO targets, and explain if and when data is moved offsite. For cloud products, backups are made daily, and stored offsite on a weekly basis.

 

 

 

  • Account removal and data retention: Explain how a customer can close an account and completely remove their data from your service. For Atlassian cloud applications, customer data is retained for 15 days after account removal and then unrecoverably deleted after that time.

 

 

 

  • Data portability: Explain if and how a customer can extract their data from your service. For example, is it possible to move from your hosted service to a downloaded version of your software?

 

 

 

  • Application and infrastructure security: Explain what security measures you've taken in your application and infrastructure, for example on-disk data encryption or encrypted data transfer between servers.

 

 

 

  • Security disclosure: Explain how and under what circumstances you would notify customers about security breaches or vulnerabilities. You should also indicate how a user or security researcher should disclose a vulnerability found in your add-on to you. (Example from Atlassian: How to report a security issue)

 

 

 

  • Privacy: Explain that data collected during the use of your add-on will not be shared with third parties except as required by law.