Security at Atlassian
Security is built into the fabric of our cloud products, infrastructure, and processes, so you can rest assured that your data is safeguarded.
Cloud product security
Security is built into the fabric of our cloud products. We employ numerous controls to safeguard your data including encryption in transit and at rest across our cloud services, external vulnerability research such as our Bug Bounty program, and more.
Security operations and best practices
Our dedicated security team approaches security holistically with a common controls framework. Security threats are prevented using our Atlassian Trust Management System (ATMS), secure software development practices, and industry-accepted operational practices.
Platform and network security
We perform rigorous security testing including threat-modeling, automated scanning, and third-party audits. If an incident occurs, we resolve the issue quickly using our security incident response practices and keep you informed with real-time system status.
Availability and continuity
We maintain high levels of availability with multiple geographically diverse data centers and robust Disaster Recovery and Business Continuity programs. Physical access to our data centers is strictly controlled with comprehensive security measures by our data center hosting partners.
Key security offerings
Here’s a look at some of our most significant and highly-requested security features.
Data encryption in transit
Data encryption at rest
SAML-based SSO with all major portals
User provisioning (SCIM)
Enforced two-factor authentication (2FA)
Get more visibility into our cloud platform roadmap
We're committed to providing visibility into our upcoming security, compliance, privacy, and reliability releases wherever possible.
Our partners
We work with industry leaders in the identity provider space to help you streamline user provisioning and access management.
Fast track your vendor security assessment
Transparency is key to our security philosophy. That’s why we partner with the Cloud Security Alliance (CSA) to make our Consensus Assessment Initiative Questionnaire (CAIQ) publicly available.
Centralize your security controls
Enforce your security policies seamlessly across our cloud products. Atlassian Access provides company-wide visibility and centralized security and user management controls across your Atlassian cloud products.
Report a vulnerability
Atlassian encourages customers and the security research community to report vulnerabilities in our products to us. If you’re a security researcher, you could also be eligible for a reward through our bug bounty program.
Stay updated with security advisories
We issue advisories when security bugs are discovered so that you can take action. Learn more about when we publish security advisories and how we determine severity levels.
Meet Atlassian's CISO
Find out how our CISO, Adrian Ludwig, approaches security and what his team is working on this year and beyond.
Our compliance certifications
We certify with industry-accepted standards so you can verify that your company and customer data remain secure and compliant.
PCI DSS
SOC
ISO 27001
ISO 27018
CSA
.png?cdnVersion=1117)
Privacy Shield
GDPR
VPAT
The latest in Atlassian security
Whitepaper
Atlassian’s Cloud Security Overview
Admin Guide
Cloud security best practices
Talk
DevOps vs. Compliance: A Guide to Having it All
Blog Post
Behind the scenes of our security incident management process
Whitepaper
Why security is a shared responsibility
Blog post
Why we're letting 60,000 Bugcrowd security researchers ethically hack us
We’re here and ready to answer all of your questions.
Trust & Security Community
Join the Trust & Security group on the Atlassian Community to hear directly from our Security team and share information, tips, and best practices for using Atlassian products in a secure and reliable way.
Atlassian Support
Reach out to one of our highly-trained support engineers to get answers to your most specific security questions. You may find the answers to many of your questions on our pre-filled security questionnaires.