How secure is your Atlassian instance? What security best practices can you take to protect your business’s sensitive data? What are the security benefits of managed hosting?
These are questions every Atlassian administrator needs to consider. Your Jira and Confluence systems contain valuable information: software development projects, business plans, employee information, customer data, product roadmaps, source code, IT inventory and more. You can’t afford to let this data fall into the wrong hands. This article outlines several best practices you can follow to harden your Atlassian systems and strengthen your security posture.
1) Know Your Compliance Requirements
PCI, HIPAA, FedRAMP. Each of these standards has a different set of security controls in place. The first step to compliance is simply understanding your requirements. Do you need a business associate agreement for HIPAA compliance? Does your hosting provider have a FedRAMP ATO? There are a lot of questions you’ll need to answer.
Fortunately, you don’t need to become an expert in compliance. A good managed hosting provider will have the compliance expertise you need to navigate these complex requirements. Our team of security experts has over a decade of experience dealing with PCI, HIPAA, and FedRAMP, as does our hosting partner Contegix.
2) Limit Your Administrator Accounts
With great power comes great responsibility—carefully consider who you give it to.
A common problem we see with our Atlassian customers is that there are too many admins. This can cause administrative headaches—and it can also be a major liability. Rogue admin accounts are a major threat to organizations. Take the simple step to protect yourself by limiting the number of administrators. Use project and space administrators whenever possible. This gives users the flexibility to control their data, while reducing the potential for unwanted breaches. As an added precaution, make sure all of your administrators are properly trained, so they know how to keep your systems in order and not expose them to dangers.
3) Keep Your Applications Up-to-Date
Every Atlassian app comes with a support entitlement that includes free updates, but it only protects you if the updates get applied. Also remember to stay up-to-date with Java, Linux and other security bulletins, and patch your machines as soon as possible. Smart administrators adopt a forward-looking security posture and schedule these updates on a quarterly or, even better, monthly basis. This can be time consuming, but it’s a critical step to protecting your Atlassian systems from unwanted breaches. Struggling to find time for this critical task? Consider working with a hosting provider who can handle these updates to keep your systems secure.
4) Perform Regular Security Assessments and Audits
Proper governance is essential. This can be difficult and time consuming, but it’s better for you to discover a security weakness than a malicious hacker. Pay special attention to service accounts used for API access, use proper API authentication techniques (OAuth whenever possible), and know which add-ons are pulling data and how they’re using it. This is one area where you’ll want to consider working with an expert. They’ll help you find blind spots in your security readiness and accelerate the entire process.
5) Partner with Experts
Security is a high-stakes game, with the global average cost of a data breach nearing $4M in 2018. Protecting your systems isn’t a part-time job. Security threats are constantly emerging. And hacker networks have far more time and resources than you’ll ever be able to spare. Fortunately, you don’t have to go at it alone. An experienced Atlassian Solution Partner like 6kites, and security-minded hosting provider like Contegix can help you with everything from configuration and compliance to system administration and security patching.
Secure Your Atlassian System Today
Smart admins understand that security threats are everywhere. Take the simple steps outlined here to start hardening your Atlassian applications. For additional security tips, check out the Contegix blog.
And, of course, let us know if you need any help.