fsi compliance blog illo

Cybercrime has dramatically increased during the pandemic, with businesses suffering 50% more cyberattack attempts per week in 2021 compared with 2020. With more and more organizations moving to the cloud, organized crime groups have also evolved their operating tactics to take advantage of the digital revolution, hiring and recruiting hackers to engineer attacks and steal valuable data from organizations across the globe. These attacks don’t just affect a company’s bottom line – they also directly impact the safety of consumers, with 44% of breaches affecting customers’ personally identifiable information (PII). To protect customers and maintain their trust, regulators across the globe have instituted heightened oversight and scrutiny of institutions with massive amounts of PII. For these organizations, maintaining compliance with regional or industry standards is non-negotiable.

So how can we help? With on-prem setups, responsibility for that compliance falls to the customer, but with Atlassian Cloud, we share the load. Our products are built to address industry-leading compliance frameworks, and for customers with the most stringent requirements – those at high risk of attack by cybercriminals, and often the most heavily regulated – we offer our Atlassian Cloud Enterprise solution. Cloud Enterprise’s security and data privacy capabilities are compliant with industry-specific regulatory standards, including the European Banking Authority (EBA); Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) in Germany; and HIPAA in the US. Cloud Enterprise customers can rest assured that our solutions address their compliance needs, whether they have access to PII in the financial sector or Protected Health Information (PHI) in the US.

Addressing evolving regulation

Financial services companies are winning big with cloud migration

Moving from an on-premise environment to the cloud can be a daunting endeavor for any organization, but in a competitive market with cybercriminals that are more agile than ever, organizations need better tools to manage their obligations and protect their customers. And Atlassian Cloud offers just that. Moving from server to cloud can help companies increase productivity and remove the administrative overhead associated with the day-to-day maintenance of their security and compliance obligations.

We understand that when customers rely on Atlassian to manage the safety of their mission-critical products, they are entrusting us with their brand equity and the privacy of their company and customer data. So we’ve devoted the time and resources to fortifying our Cloud Enterprise products with region-specific, enterprise-grade, industry-leading security requirements.

In the last year, Atlassian has bolstered our security and data privacy protocols to give our customers:

  • greater transparency in how we store, process, and secure their data.
  • access to audit and oversee capabilities to ensure they have the information they need to do their own risk assessments.
  • improvements to our breach notification processes to abide by the latest regulations.
  • increased commitment to the continuity of service in the event of bankruptcy or termination to ensure customers have adequate time to close out their obligations.

All these improvements and more are outlined in our Compliance Resource Center. There, you can find detailed descriptions of Atlassian’s compliance controls and how they correspond to industry-specific standards like EBA, BaFin, and HIPAA. And with the rollout of new regulatory standards every day, including the most recent GDPR updates, we’ve made it easier than ever for customers to control where their data is stored using data residency.


In an update to the Schrems II ruling last year, the Court of Justice of the European Union (CJEU) updated their guidance for Standard Contractual Clauses (SCCs), the mechanism in which companies providing services to European residents could transfer data from the EU to countries like the U.S in compliance with GDPR. In response, we’ve published new, compliant SCCs, which can be found within our Data Processing Addendum.

The results speak for themselves

NCR, a global point of sale software provider with 36,000 employees, uses Atlassian Cloud products to keep all stakeholders in lockstep throughout strategic planning and daily execution to make sure they’re hitting the mark on every dimension.

If you’re using cloud-based offerings, you can focus on your core competencies – instead of worrying about infrastructure or headcount – to manage this environment 24/7/365. All that stuff you can brush aside because [Atlassian] is magically managing it.

– Arthur Meloy, VP of Innovation and Development Transformation, NCR

The value we’ve created with customers like NCR has trickled down to their customers. Atlassian helped NCR accelerate their delivery timelines from every few months to every single day by providing an integrated solution that they could use across their organization that provided them with the security and compliance that their enterprise required.

And they’re not alone – 92 percent of our financial services customers say the move to Cloud cuts admin time by at least 11 percent.

Looking forward

As we head into 2022, we’ll continue to double down on our commitment to bolster our security and compliance program in Cloud to ensure that our policies maintain the integrity of consumer data. In addition to adding new compliance capabilities, we’re working on several roadmap features and policies focused on enhancing data privacy and security. To learn more about these initiatives or how Atlassian Cloud can drive more value for your business, get in touch with our Enterprise Sales team.

The next chapter of cloud compliance