Data security is a fundamental concern for tech-focused enterprises, and choosing the right protective measures is vital. Data encryption, in turn, is essential to any comprehensive security strategy, so we’ve made it a top priority to provide data encryption at rest as a part of our continuing efforts to ensure the safety of your data at all times.
We also recently announced that, as a part of our mission to deliver the best Atlassian Cloud experience possible for all teams, we now provide encryption at rest for our cloud customers.
But what is encryption, really? And why is it important? Let’s get down to the basics.
Encryption basics
At its core, encryption is the process of replacing legible data (plaintext) with unreadable code, known as “ciphertext,” ensuring that the plaintext is only accessible to authorized parties. To decrypt the ciphertext back to its original, legible form, you input the key used in the encryption algorithm. An encryption key, or cryptographic key, is a piece of information that is generated by the encryption algorithm that specifies the process for transforming plaintext to ciphertext (and vice versa) for a particular encryption.
The two most common forms of encryption for cloud SaaS tools are encryption at rest and encryption in transit.
Data encryption in transit
Data in transit, or data in motion, is data actively moving from one location to another, such as across the internet or through a private network. Encryption in transit is achieved by encrypting the data before transmission, authenticating the endpoints, and decrypting and verifying the data upon arrival. Transport Layer Security (TLS) is an industry-standard method for encrypting data in transit.
Data encryption at rest
Data at rest is inactive data stored physically in any digital format in a persistent state such as on a disk, hard drive, or laptop. Encryption at rest aims to secure data at rest, often using the Advanced Encryption Standard (AES), which is a strong, industry-accepted encryption mechanism established by the U.S. National Institute of Standards and Technology.
Encryption for Atlassian products
We have invested heavily in making encryption available for our cloud products because we believe that it is a best practice for all cloud SaaS providers to offer this additional layer of protection for their customers. We encrypt customer data in transit and at rest on Atlassian Cloud products using secure, authenticated, and industry-accepted encryption mechanisms.
All customer data stored within Atlassian Cloud products and services is encrypted in transit over public networks using TLS 1.2+ with Perfect Forward Secrecy (PFS). PFS ensures that any future disclosure of encryption keys cannot be used to decrypt any TLS communications recorded in the past.
Data drives on servers holding customer data and attachments in Jira Software Cloud, Jira Service Desk Cloud, Jira Core Cloud, Confluence Cloud, Statuspage, Opsgenie, and Trello use full-disk, industry-standard AES-256 encryption at rest.
How encryption helps secure Atlassian customer data
Okay, great, Atlassian uses encryption – so what? Why does encryption matter?
Essentially, encryption is an extra layer of defense for your data. Imagine the Ocean’s Eleven crew has successfully slipped past the guards, hacked the security system, and broken into the sophisticated, highly-secure bank vault. They’re about to start stuffing the cash into their bags, when they find a second safe stored within the bank vault – that’s encryption.
Should someone get past the myriad barriers we’ve put in place, such as our physical and network security systems, that person will face yet another obstacle: encryption. Even if an attacker obtains your data, they won’t be able to understand or decrypt it without access to the encryption keys.
Encryption in transit and at rest provide the same defense mechanism, but in different environments. If there is an attempt to obtain physical access to one of the data drives on the servers holding your Atlassian data, the attacker must also overcome the encryption protecting that data stored at rest, such as Jira issue data (details, comments, attachments) or Confluence page data (page content, comments, attachments).
Encryption in transit, on the other hand, is important should an attacker attempt to intercept data as it travels across the Atlassian network. Data moves across our network when a customer accesses Atlassian Cloud (between the customer and the edge of the Atlassian Cloud presence) and when data is being transferred between internal Atlassian services (between a Jira node and a database node, for example). Should an attacker successfully intercept your data, also known as a Man in the Middle (MITM) attack, they would not be able to access that data without overcoming the encryption that has been applied to the data in transit.
Part of a broader strategy
We’ve taken a holistic approach to encryption because data privacy is an essential component of the continuity of your business, but the story doesn’t end there. We continuously improve our operations and products to address new types of security threats and ensure vigorous protection of your data.
While encryption in transit and at rest are important and highly recommended for most organizations, they are just one tool in the arsenal of security practices we use every day to protect the data you store on Atlassian Cloud products. When developing your organization’s security strategy and evaluating potential cloud vendors, you might also consider:
- Implementing authentication and identity solutions, such as multi-factor authentication, SCIM provisioning, and SAML SSO, to reduce the risk of compromised credentials.
- Routinely auditing your activity logs to detect any suspicious activity or monitor unauthorized access to sensitive information.
- Evaluating the physical security of data centers, whether those be the data centers of your cloud vendor, the data centers supporting your private cloud, or your own managed data centers.
To learn more about managing identity and access management to reduce security risks, see the Atlassian Guide to Cloud Identity and Access Governance.