SlideShare a Scribd company logo

How to Keep your Atlassian Cloud Secure

Cprime
Cprime

The Atlassian Cloud suite of collaborative tools is becoming the central nervous system for many organizations. Along with the multiple benefits in productivity, innovation, and collaboration that Atlassian Cloud brings, it also introduces new considerations and challenges in securing the organization’s data, mitigating security risks, and avoiding a potentially damaging breach. In this webinar, you will learn about native security features and configuration elements to reduce your security risks in Atlassian cloud. We will cover key permissions and access controls, governance process and structure, and how to audit your usage. Join Cprime’s Brandon Huff, VP of Technology, and Lisa Barton, Director of Delivery Services-Atlassian, for a deeper dive into the fascinating world of Atlassian Cloud security. We will explore: - Atlassian Security features to reduce your risk - Configuration that supports access and data management - The importance and structure around Atlassian governance - Auditing and compliance features

Technology
1 of 38
Download to read offline
©2021 Cprime, Inc. All rights reserved and no copying without express written permission. CPRIME.COM | 877.800.5221
How to Keep your Atlassian Cloud Secure
HOUSEKEEPING ITEMS Audio is streamed through your computer speakers, so make sure your audio is on and turned up. The recording and slides will be sent to everyone via email within 24-48 hours after the webinar concludes. Submit questions any time during this presentation via the Q&A box on the bottom panel of your screen.
SPEAKERS Brandon Huff VP, Technology Cprime Lisa Barton Director, Delivery Services-Atlassian Cprime
AGENDA 01 ATLASSIAN CLOUD OVERVIEW 02 ATLASSIAN CLOUD SECURITY OVERVIEW 03 SECURITY CONFIGURATION BEST PRACTICES 04 THE IMPORTANCE OF GOVERNANCE 05 KEEP THE CONVERSATION GOING/Q&A
ATLASSIAN CLOUD OVERVIEW Benefits & Considerations
SaaS as an offering from outset Experiencing significant growth and expansion Substantial investment in Cloud Infrastructure Microservices, performance, security, pricing structure, etc. Accessibility of Cloud ABOUT ATLASSIAN CLOUD
BENEFITS OF ATLASSIAN CLOUD SaaS Model Availability/Scalability Latest Releases User Management Security Apps & Extensibility Performance TCO
THINGS TO CONSIDER Backend Access Latest Releases Functionality System Admin Data Residency Support / SLAs Compliance
ATLASSIAN CLOUD SECURITY OVERVIEW Approach & Programs
• Lead peers in cloud and product security • Meet all customer requirements for cloud security and exceed requirements for industry security standards and certifications • Be open and transparent about our programs, processes, and metrics ATLASSIAN CLOUD SECURITY GOALS
ATLASSIAN CLOUD SECURITY COMMITMENT Atlassian’s Common Controls Framework supports its compliance with eight different international standards for security Its Security Detections Program and Security Incident Management process ensures fast identification and mitigation of security threats Training and development practices across the organization stress security at every level and at all times, which supports industry-standard operational practices Atlassian incentivizes both employees and users to actively seek out and bring attention to security concerns utilizing the Security Champions and Bug Bounty programs
ATLASSIAN SECURITY PROGRAMS • Security Champions/Leads within all products and service teams assume responsibility for delivering on key security initiatives among their peers on an ongoing basis and keeping communication with our central security team as open as possible. Security Champions Program • Security detection programs compliment Atlassian’s incident response processes. Embedded within our standard incident management process, we have a separate program to proactively create searches and alerts for not only the incident types we face today, but those we will face in the threat landscape of the future. Security Detections Program • Our Bug Bounty Program has consistently been recognized as one of the best in the industry, and enables us to leverage a trusted community of tens of thousands of researchers to test our products constantly and report any vulnerabilities they find. Bug Bounty Program
ATLASSIAN CLOUD SECURITY COMPLIANCE Compliance Area Atlassian Products Details ISO 27001 ISO 27018 Jira Cloud Jira Service Management Cloud Jira Align Confluence Cloud Bitbucket Cloud Opsgenie Statuspage Trello The basis of ISO 27001 is the development and implementation of an Information Security Management System (ISMS), and then implementing and managing a suite of controls covered under ‘ISO 27001: Annex A’ through that ISMS. ISO/IEC 27018 is a code of practice which provides additional implementation guidance for applicable ISO/IEC 27002 controls for the protection of Personally Identifiable Information (PII) in cloud environments. PCI-DSS Jira Cloud Jira Service Management Cloud Jira Align Confluence Cloud Bitbucket Cloud Opsgenie Statuspage Trello Halp When you pay with your credit card for Atlassian products or services, you can rest assured that we handle the security of that transaction with appropriate attention. Atlassian is a PCI-DSS compliant merchant. CSA CCM / STAR Jira Cloud Jira Service Management Cloud Jira Align Confluence Cloud Bitbucket Cloud Opsgenie Statuspage Trello Halp The CSA Security, Trust & Assurance Registry (STAR) is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings. The CSA STAR Level 1 Questionnaire for Atlassian is available for download on the Cloud Security Alliance’s STAR Registry. SOC2 and SOC3 Jira Cloud Jira Service Management Cloud Jira Align Confluence Cloud Bitbucket Cloud Opsgenie Statuspage Trello These reports help our customers and their auditors understand the controls established to support operations and compliance at Atlassian. Atlassian has achieved SOC2 certifications for many of our products. FedRAMP Cloud Enterprise Trello The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
ATLASSIAN CLOUD SECURITY CONFIGURATION Approaches & Considerations
ATLASSIAN CLOUD SECURITY CONFIGURATION APPROACH Ensure adherence company has security policies that help mitigate risk 1 Leverage configuration that will ensure security policies are followed 2 Audit the configuration and access management regularly 3 Ensure Governance is in place around your instance to enable auditing and configuration management 4
PROVISIONING 17 SECURITY RISK BEST PRACTICE • Management overhead and complexity to manage access to each Atlassian application • User creation in Atlassian provides permissions and initial access • Bad provisioning can expose sensitive data to new users who should not have that access • Clear group-based permissions, roles, and provisioning enable clear application of needed permissions • Leverage access management application to ensure consistent provisioning is applied (Atlassian Access, Active Directory, etc.) and reduce human error
SINGLE SIGN-ON (SSO) 18 • No way to enforce password changes or policies • Unsafe passwords with infrequent changes increase risk • High password-related calls to IT increasing cost of support • Leverage access management application to centrally manage access to Atlassian (through Atlassian Access, Active Directory, etc) and reduce human error SECURITY RISK BEST PRACTICE
USER MANAGEMENT & CLEAN UP 19 • Users have access they don’t need or shouldn’t need • User don’t have access they need • Users are no longer at the company but still have an account • May be paying for licensing for users not longer at the company • Clear group-based permissions, roles, and de-provisioning enable appropriate permissions • Leverage access management application to ensure consistent de-provisioning, changes, and deprovisioning is applied (through Atlassian Access, Active Directory, etc) SECURITY RISK BEST PRACTICE
IP WHITELISTING* 20 • People outside of the company may be able to access applications in your network • Unable to separate intended users from potential threats by IP address • Enable security policies that ensure only appropriate users have access to your network • Leverage IP whitelisting functionality to allow specific IP addresses or domains * Atlassian Access is required for this functionality SECURITY RISK BEST PRACTICE
PERMISSIONS 21 • Users have access to sensitive projects and/or data through applied permissions • Unclear ability to fix access issues due to lack of permissions architecture or documentation • Leverage permissions groups and roles to set highest level permissions which minimize risky project level permission changes • Leverage access management application to ensure consistent provisioning, deprovisioning, and permissions changes are applied (through Atlassian Access, Active Directory, etc) SECURITY RISK BEST PRACTICE
CONNECTORS & INTEGRATIONS 22 • Insecure or poorly configured connectors or integrations can expose system data • Lack of review process to ensure connectors or integrations can inadvertently create a data security breach • Ensure you are using Cloud Fortified connectors from the Atlassian Marketplace that meet the all Atlassian security requirements • Review all application connectors with intended connected internal systems to ensure data is passing as planned SECURITY RISK BEST PRACTICE
AUDIT LOG 23 • Changes to your configuration have introduced security risks that you are unable to troubleshoot • Unclear what configuration changes have been made to ensure security policies have been followed • Use the Organization audit log in Atlassian Access to view configuration changes, timing, and who did them across all Atlassian applications • Leverage marketplace applications to provide a consolidated view of changes • Use a governance process to review and mitigate all changes that may impact to your security SECURITY RISK BEST PRACTICE
CHANGE MANAGEMENT 24 • Unclear policies make requested changes hard to evaluate for security risks • Changes may be implemented that don’t meet security standards introducing security risks • Implement a governance process that supports effective change evaluation, tracking, reporting, approval and communication SECURITY RISK BEST PRACTICE
ATLASSIAN CLOUD SECURITY GOVERNANCE Approaches & Considerations
WHY GOVERNANCE MATTERS There’s a lot at stake – strong governance practices help: • Mitigate risk and maintain compliance • Ensure data integrity and improve data quality • Set, maintain, and implement standards and best practices • Evaluate the impact and manage changes to the Atlassian tools ecosystem (like clean up and optimization) • Maintain the health and long-term continuity of the Atlassian tools ecosystem • Ensure your users can leverage the features and benefits of the Atlassian platform for your organization
GOVERNANCE FOUNDATION POLICIES & STANDARDS GOVERNANCE COMMITTEE TRAIINING & ENABLEMENT PROCESS & PROCEDURES
GOVERNANCE FOUNDATION POLICIES & STANDARDS COMPLIANCE & AUDIT SEPARATION OF DUTIES BUSINESS STANDARDS
GOVERNANCE FOUNDATION GOVERNANCE COMMITTEE ROLES RESPONSIBILITIES CENTER OF EXCELLENCE
GOVERNANCE FOUNDATION PROCESSES & PROCEDURES BUSINESS PROCESS GOVERNANCE CEREMONIES CHANGE MANAGEMENT GOVERNANCE COMMITTEE
GOVERNANCE FOUNDATION TRAINING & ENABLEMENT PROCESS ENABLEMENT ROLE-BASED ENABLEMENT COMMUNITY SUPPORT
ENSURE COMPLIANCE Maintaining Your Atlassian Ecosystem Regular updates to Policies and Standards Custom dashboards and reports to identify Compliance risks Clean up and maintain your instances (Leverage admin insights, scheduled releases, and project archiving) Manage human risk (Training, enablement, imbedded Governance Team Members)
CHANGE MANAGEMENT • Formal Intake Process • Formal Committee Discussion • Within vs Outside of Policy Limits • Formal Committee Vote • Objection vs Non-Objection Vote • Documentation • Decision vs Recommendation • Communication Change Management Process Elements Intake Communication Action Decision
Atlassian has built in features, policies, and programs to ensure the Cloud applications have the highest levels of security Leverage best practice configurations that ensure good change management, permissions, and access management Ensure governance practices are in place to evaluate, approve, and manage configuration changes Visit the Atlassian Trust security site for details on all aspects of Atlassian Cloud security KEY TAKEAWAYS
KEEP THE CONVERSATION GOING… Connect with our speakers on LinkedIn Check out Cprime upcoming webinars, read our blog, download whitepapers/case studies & more: cprime.com/resources Share with us what topics you are interested in, ask us questions or give us feedback! learn@cprime.com
FOLLOW US ON SOCIAL MEDIA Share in the conversation & keep updated on thought leadership, events & more! on LinkedIn, Twitter, Facebook, & YouTube
QUESTIONS? CPRIME.COM | 877.800.5221 QUESTIONS?
QUESTIONS? CPRIME.COM | 877.800.5221 THANK YOU CPRIME.COM | 877.800.5221

Recommended

CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0CloudSecurityAllianceAustralia
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development SummaryCloudSecurityAllianceAustralia
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloudJulian Knight
 
Cloud Security 101 by Madhav Chablani
Cloud Security 101 by Madhav ChablaniCloud Security 101 by Madhav Chablani
Cloud Security 101 by Madhav ChablaniOWASP Delhi
 
Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will loveZscaler
 
Workshop on CASB Part 2
Workshop on CASB Part 2Workshop on CASB Part 2
Workshop on CASB Part 2Priyanka Aash
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Scalar Decisions
 

Recommended

CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0CloudSecurityAllianceAustralia
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development SummaryCloudSecurityAllianceAustralia
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloudJulian Knight
 
Cloud Security 101 by Madhav Chablani
Cloud Security 101 by Madhav ChablaniCloud Security 101 by Madhav Chablani
Cloud Security 101 by Madhav ChablaniOWASP Delhi
 
Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will loveZscaler
 
Workshop on CASB Part 2
Workshop on CASB Part 2Workshop on CASB Part 2
Workshop on CASB Part 2Priyanka Aash
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Scalar Decisions
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Symosis Security (Previously C-Level Security)
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
Jazoon'12 Enterprise-wide Cloud Governance
Jazoon'12 Enterprise-wide Cloud GovernanceJazoon'12 Enterprise-wide Cloud Governance
Jazoon'12 Enterprise-wide Cloud GovernanceNetcetera
 
Governing in the Cloud
Governing in the CloudGoverning in the Cloud
Governing in the CloudRolf Frydenberg
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJSherry Jones
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerAnkit Dua
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinarAlgoSec
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraZscaler
 
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Flexera
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsSBWebinars
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applicationsForcepoint LLC
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraZscaler
 
SplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunk
 
Application Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesApplication Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesRightScale
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarAlgoSec
 

More Related Content

What's hot

NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
Jazoon'12 Enterprise-wide Cloud Governance
Jazoon'12 Enterprise-wide Cloud GovernanceJazoon'12 Enterprise-wide Cloud Governance
Jazoon'12 Enterprise-wide Cloud GovernanceNetcetera
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJSherry Jones
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerAnkit Dua
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinarAlgoSec
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraZscaler
 
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Flexera
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsSBWebinars
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applicationsForcepoint LLC
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraZscaler
 
SplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunk
 

What's hot (20)

Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Jazoon'12 Enterprise-wide Cloud Governance
Jazoon'12 Enterprise-wide Cloud GovernanceJazoon'12 Enterprise-wide Cloud Governance
Jazoon'12 Enterprise-wide Cloud Governance
 
Governing in the Cloud
Governing in the CloudGoverning in the Cloud
Governing in the Cloud
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
 
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
 
SplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNow
 

Similar to How to Keep your Atlassian Cloud Secure

Application Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesApplication Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesRightScale
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarAlgoSec
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...Amazon Web Services
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfVishnuGone
 
Future of Your Atlassian Platform - Data Center and Cloud Migration
Future of Your Atlassian Platform - Data Center and Cloud MigrationFuture of Your Atlassian Platform - Data Center and Cloud Migration
Future of Your Atlassian Platform - Data Center and Cloud MigrationAUGNYC
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation finalAlgoSec
 
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513Tiffeny Price
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementAlgoSec
 
Cybersecurity Architect For Cooperatives Designs Multi-Factor Authentication ...
Cybersecurity Architect For Cooperatives Designs Multi-Factor Authentication ...Cybersecurity Architect For Cooperatives Designs Multi-Factor Authentication ...
Cybersecurity Architect For Cooperatives Designs Multi-Factor Authentication ...RobinLilly5
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfErikHof4
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
DACHNUG50 HCL BigFix mobile.pdf
DACHNUG50 HCL BigFix mobile.pdfDACHNUG50 HCL BigFix mobile.pdf
DACHNUG50 HCL BigFix mobile.pdfDNUG e.V.
 
tibbr Security Overview
tibbr Security Overviewtibbr Security Overview
tibbr Security Overviewtibbr
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesControlCase
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Kimberly Macias
 
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...Amazon Web Services
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 

Similar to How to Keep your Atlassian Cloud Secure (20)

Application Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesApplication Security in the Cloud - Best Practices
Application Security in the Cloud - Best Practices
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinarBuild and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdf
 
Future of Your Atlassian Platform - Data Center and Cloud Migration
Future of Your Atlassian Platform - Data Center and Cloud MigrationFuture of Your Atlassian Platform - Data Center and Cloud Migration
Future of Your Atlassian Platform - Data Center and Cloud Migration
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
 
Cybersecurity Architect For Cooperatives Designs Multi-Factor Authentication ...
Cybersecurity Architect For Cooperatives Designs Multi-Factor Authentication ...Cybersecurity Architect For Cooperatives Designs Multi-Factor Authentication ...
Cybersecurity Architect For Cooperatives Designs Multi-Factor Authentication ...
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdf
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
DACHNUG50 HCL BigFix mobile.pdf
DACHNUG50 HCL BigFix mobile.pdfDACHNUG50 HCL BigFix mobile.pdf
DACHNUG50 HCL BigFix mobile.pdf
 
tibbr Security Overview
tibbr Security Overviewtibbr Security Overview
tibbr Security Overview
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3
 
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton Ravindran
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 

More from Cprime

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Improving IT Investment Decisions and Business Outcomes with Integrated Enter...
Improving IT Investment Decisions and Business Outcomes with Integrated Enter...Improving IT Investment Decisions and Business Outcomes with Integrated Enter...
Improving IT Investment Decisions and Business Outcomes with Integrated Enter...Cprime
 
Harnessing Atlassian's Power Through Cloud Transformation and Adoption
Harnessing Atlassian's Power Through Cloud Transformation and AdoptionHarnessing Atlassian's Power Through Cloud Transformation and Adoption
Harnessing Atlassian's Power Through Cloud Transformation and AdoptionCprime
 
AI-powered Service Management: Streamlining Incident Management in JSM using ...
AI-powered Service Management: Streamlining Incident Management in JSM using ...AI-powered Service Management: Streamlining Incident Management in JSM using ...
AI-powered Service Management: Streamlining Incident Management in JSM using ...Cprime
 
Enterprise Migration from Data Center to Atlassian Cloud: Start with an Asses...
Enterprise Migration from Data Center to Atlassian Cloud: Start with an Asses...Enterprise Migration from Data Center to Atlassian Cloud: Start with an Asses...
Enterprise Migration from Data Center to Atlassian Cloud: Start with an Asses...Cprime
 
AI for Everyone: Demystifying Large Language Models (LLMs) Like ChatGPT
AI for Everyone: Demystifying Large Language Models (LLMs) Like ChatGPTAI for Everyone: Demystifying Large Language Models (LLMs) Like ChatGPT
AI for Everyone: Demystifying Large Language Models (LLMs) Like ChatGPTCprime
 
From Project to Product - The Need for Speed
From Project to Product - The Need for SpeedFrom Project to Product - The Need for Speed
From Project to Product - The Need for SpeedCprime
 
We Need a Hero — How to Find and Support Your Next Superstar Product Owner
We Need a Hero — How to Find and Support Your Next Superstar Product OwnerWe Need a Hero — How to Find and Support Your Next Superstar Product Owner
We Need a Hero — How to Find and Support Your Next Superstar Product OwnerCprime
 
How to Unlock Productivity and Innovation with Generative AI and ChatGPT
How to Unlock Productivity and Innovation with Generative AI and ChatGPTHow to Unlock Productivity and Innovation with Generative AI and ChatGPT
How to Unlock Productivity and Innovation with Generative AI and ChatGPTCprime
 
Modern Learning for Enterprises: How to Empower Your Teams
Modern Learning for Enterprises: How to Empower Your TeamsModern Learning for Enterprises: How to Empower Your Teams
Modern Learning for Enterprises: How to Empower Your TeamsCprime
 
Enterprise Service Management for Finance, HR, and Marketing
Enterprise Service Management for Finance, HR, and MarketingEnterprise Service Management for Finance, HR, and Marketing
Enterprise Service Management for Finance, HR, and MarketingCprime
 
ESM Webinar Series Part 2 | The Keys to Optimal ESM are Automation and Integr...
ESM Webinar Series Part 2 | The Keys to Optimal ESM are Automation and Integr...ESM Webinar Series Part 2 | The Keys to Optimal ESM are Automation and Integr...
ESM Webinar Series Part 2 | The Keys to Optimal ESM are Automation and Integr...Cprime
 
Perfecting Customer Management Using Jira Service Management
Perfecting Customer Management Using Jira Service ManagementPerfecting Customer Management Using Jira Service Management
Perfecting Customer Management Using Jira Service ManagementCprime
 
From Project to Product: Leaders, Here's What It Means to You
From Project to Product: Leaders, Here's What It Means to YouFrom Project to Product: Leaders, Here's What It Means to You
From Project to Product: Leaders, Here's What It Means to YouCprime
 
Using a Service Catalog and CMDB to Standardize Change Management in Jira Ser...
Using a Service Catalog and CMDB to Standardize Change Management in Jira Ser...Using a Service Catalog and CMDB to Standardize Change Management in Jira Ser...
Using a Service Catalog and CMDB to Standardize Change Management in Jira Ser...Cprime
 
6 Common Challenges RTEs Face & How to Solve Them
6 Common Challenges RTEs Face & How to Solve Them6 Common Challenges RTEs Face & How to Solve Them
6 Common Challenges RTEs Face & How to Solve ThemCprime
 
Enterprise Service Management Webinar Series Part 1
Enterprise Service Management Webinar Series Part 1Enterprise Service Management Webinar Series Part 1
Enterprise Service Management Webinar Series Part 1Cprime
 
How to Enable Change Management with Jira Service Management
How to Enable Change Management with Jira Service ManagementHow to Enable Change Management with Jira Service Management
How to Enable Change Management with Jira Service ManagementCprime
 
The Five Phases of Agile Maturity (Part 3): Phase 5
The Five Phases of Agile Maturity (Part 3): Phase 5The Five Phases of Agile Maturity (Part 3): Phase 5
The Five Phases of Agile Maturity (Part 3): Phase 5Cprime
 
A Pre-flight Checklist for Moving Your CMDB onto Jira Service Management Cloud
A Pre-flight Checklist for Moving Your CMDB onto Jira Service Management CloudA Pre-flight Checklist for Moving Your CMDB onto Jira Service Management Cloud
A Pre-flight Checklist for Moving Your CMDB onto Jira Service Management CloudCprime
 

More from Cprime (20)

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Improving IT Investment Decisions and Business Outcomes with Integrated Enter...
Improving IT Investment Decisions and Business Outcomes with Integrated Enter...Improving IT Investment Decisions and Business Outcomes with Integrated Enter...
Improving IT Investment Decisions and Business Outcomes with Integrated Enter...
 
Harnessing Atlassian's Power Through Cloud Transformation and Adoption
Harnessing Atlassian's Power Through Cloud Transformation and AdoptionHarnessing Atlassian's Power Through Cloud Transformation and Adoption
Harnessing Atlassian's Power Through Cloud Transformation and Adoption
 
AI-powered Service Management: Streamlining Incident Management in JSM using ...
AI-powered Service Management: Streamlining Incident Management in JSM using ...AI-powered Service Management: Streamlining Incident Management in JSM using ...
AI-powered Service Management: Streamlining Incident Management in JSM using ...
 
Enterprise Migration from Data Center to Atlassian Cloud: Start with an Asses...
Enterprise Migration from Data Center to Atlassian Cloud: Start with an Asses...Enterprise Migration from Data Center to Atlassian Cloud: Start with an Asses...
Enterprise Migration from Data Center to Atlassian Cloud: Start with an Asses...
 
AI for Everyone: Demystifying Large Language Models (LLMs) Like ChatGPT
AI for Everyone: Demystifying Large Language Models (LLMs) Like ChatGPTAI for Everyone: Demystifying Large Language Models (LLMs) Like ChatGPT
AI for Everyone: Demystifying Large Language Models (LLMs) Like ChatGPT
 
From Project to Product - The Need for Speed
From Project to Product - The Need for SpeedFrom Project to Product - The Need for Speed
From Project to Product - The Need for Speed
 
We Need a Hero — How to Find and Support Your Next Superstar Product Owner
We Need a Hero — How to Find and Support Your Next Superstar Product OwnerWe Need a Hero — How to Find and Support Your Next Superstar Product Owner
We Need a Hero — How to Find and Support Your Next Superstar Product Owner
 
How to Unlock Productivity and Innovation with Generative AI and ChatGPT
How to Unlock Productivity and Innovation with Generative AI and ChatGPTHow to Unlock Productivity and Innovation with Generative AI and ChatGPT
How to Unlock Productivity and Innovation with Generative AI and ChatGPT
 
Modern Learning for Enterprises: How to Empower Your Teams
Modern Learning for Enterprises: How to Empower Your TeamsModern Learning for Enterprises: How to Empower Your Teams
Modern Learning for Enterprises: How to Empower Your Teams
 
Enterprise Service Management for Finance, HR, and Marketing
Enterprise Service Management for Finance, HR, and MarketingEnterprise Service Management for Finance, HR, and Marketing
Enterprise Service Management for Finance, HR, and Marketing
 
ESM Webinar Series Part 2 | The Keys to Optimal ESM are Automation and Integr...
ESM Webinar Series Part 2 | The Keys to Optimal ESM are Automation and Integr...ESM Webinar Series Part 2 | The Keys to Optimal ESM are Automation and Integr...
ESM Webinar Series Part 2 | The Keys to Optimal ESM are Automation and Integr...
 
Perfecting Customer Management Using Jira Service Management
Perfecting Customer Management Using Jira Service ManagementPerfecting Customer Management Using Jira Service Management
Perfecting Customer Management Using Jira Service Management
 
From Project to Product: Leaders, Here's What It Means to You
From Project to Product: Leaders, Here's What It Means to YouFrom Project to Product: Leaders, Here's What It Means to You
From Project to Product: Leaders, Here's What It Means to You
 
Using a Service Catalog and CMDB to Standardize Change Management in Jira Ser...
Using a Service Catalog and CMDB to Standardize Change Management in Jira Ser...Using a Service Catalog and CMDB to Standardize Change Management in Jira Ser...
Using a Service Catalog and CMDB to Standardize Change Management in Jira Ser...
 
6 Common Challenges RTEs Face & How to Solve Them
6 Common Challenges RTEs Face & How to Solve Them6 Common Challenges RTEs Face & How to Solve Them
6 Common Challenges RTEs Face & How to Solve Them
 
Enterprise Service Management Webinar Series Part 1
Enterprise Service Management Webinar Series Part 1Enterprise Service Management Webinar Series Part 1
Enterprise Service Management Webinar Series Part 1
 
How to Enable Change Management with Jira Service Management
How to Enable Change Management with Jira Service ManagementHow to Enable Change Management with Jira Service Management
How to Enable Change Management with Jira Service Management
 
The Five Phases of Agile Maturity (Part 3): Phase 5
The Five Phases of Agile Maturity (Part 3): Phase 5The Five Phases of Agile Maturity (Part 3): Phase 5
The Five Phases of Agile Maturity (Part 3): Phase 5
 
A Pre-flight Checklist for Moving Your CMDB onto Jira Service Management Cloud
A Pre-flight Checklist for Moving Your CMDB onto Jira Service Management CloudA Pre-flight Checklist for Moving Your CMDB onto Jira Service Management Cloud
A Pre-flight Checklist for Moving Your CMDB onto Jira Service Management Cloud
 

Recently uploaded

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

How to Keep your Atlassian Cloud Secure

  • 1. ©2021 Cprime, Inc. All rights reserved and no copying without express written permission. CPRIME.COM | 877.800.5221
  • 2. How to Keep your Atlassian Cloud Secure
  • 3. HOUSEKEEPING ITEMS Audio is streamed through your computer speakers, so make sure your audio is on and turned up. The recording and slides will be sent to everyone via email within 24-48 hours after the webinar concludes. Submit questions any time during this presentation via the Q&A box on the bottom panel of your screen.
  • 4. SPEAKERS Brandon Huff VP, Technology Cprime Lisa Barton Director, Delivery Services-Atlassian Cprime
  • 5. AGENDA 01 ATLASSIAN CLOUD OVERVIEW 02 ATLASSIAN CLOUD SECURITY OVERVIEW 03 SECURITY CONFIGURATION BEST PRACTICES 04 THE IMPORTANCE OF GOVERNANCE 05 KEEP THE CONVERSATION GOING/Q&A
  • 7. SaaS as an offering from outset Experiencing significant growth and expansion Substantial investment in Cloud Infrastructure Microservices, performance, security, pricing structure, etc. Accessibility of Cloud ABOUT ATLASSIAN CLOUD
  • 8. BENEFITS OF ATLASSIAN CLOUD SaaS Model Availability/Scalability Latest Releases User Management Security Apps & Extensibility Performance TCO
  • 9. THINGS TO CONSIDER Backend Access Latest Releases Functionality System Admin Data Residency Support / SLAs Compliance
  • 10. ATLASSIAN CLOUD SECURITY OVERVIEW Approach & Programs
  • 11. • Lead peers in cloud and product security • Meet all customer requirements for cloud security and exceed requirements for industry security standards and certifications • Be open and transparent about our programs, processes, and metrics ATLASSIAN CLOUD SECURITY GOALS
  • 12. ATLASSIAN CLOUD SECURITY COMMITMENT Atlassian’s Common Controls Framework supports its compliance with eight different international standards for security Its Security Detections Program and Security Incident Management process ensures fast identification and mitigation of security threats Training and development practices across the organization stress security at every level and at all times, which supports industry-standard operational practices Atlassian incentivizes both employees and users to actively seek out and bring attention to security concerns utilizing the Security Champions and Bug Bounty programs
  • 13. ATLASSIAN SECURITY PROGRAMS • Security Champions/Leads within all products and service teams assume responsibility for delivering on key security initiatives among their peers on an ongoing basis and keeping communication with our central security team as open as possible. Security Champions Program • Security detection programs compliment Atlassian’s incident response processes. Embedded within our standard incident management process, we have a separate program to proactively create searches and alerts for not only the incident types we face today, but those we will face in the threat landscape of the future. Security Detections Program • Our Bug Bounty Program has consistently been recognized as one of the best in the industry, and enables us to leverage a trusted community of tens of thousands of researchers to test our products constantly and report any vulnerabilities they find. Bug Bounty Program
  • 14. ATLASSIAN CLOUD SECURITY COMPLIANCE Compliance Area Atlassian Products Details ISO 27001 ISO 27018 Jira Cloud Jira Service Management Cloud Jira Align Confluence Cloud Bitbucket Cloud Opsgenie Statuspage Trello The basis of ISO 27001 is the development and implementation of an Information Security Management System (ISMS), and then implementing and managing a suite of controls covered under ‘ISO 27001: Annex A’ through that ISMS. ISO/IEC 27018 is a code of practice which provides additional implementation guidance for applicable ISO/IEC 27002 controls for the protection of Personally Identifiable Information (PII) in cloud environments. PCI-DSS Jira Cloud Jira Service Management Cloud Jira Align Confluence Cloud Bitbucket Cloud Opsgenie Statuspage Trello Halp When you pay with your credit card for Atlassian products or services, you can rest assured that we handle the security of that transaction with appropriate attention. Atlassian is a PCI-DSS compliant merchant. CSA CCM / STAR Jira Cloud Jira Service Management Cloud Jira Align Confluence Cloud Bitbucket Cloud Opsgenie Statuspage Trello Halp The CSA Security, Trust & Assurance Registry (STAR) is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings. The CSA STAR Level 1 Questionnaire for Atlassian is available for download on the Cloud Security Alliance’s STAR Registry. SOC2 and SOC3 Jira Cloud Jira Service Management Cloud Jira Align Confluence Cloud Bitbucket Cloud Opsgenie Statuspage Trello These reports help our customers and their auditors understand the controls established to support operations and compliance at Atlassian. Atlassian has achieved SOC2 certifications for many of our products. FedRAMP Cloud Enterprise Trello The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
  • 16. ATLASSIAN CLOUD SECURITY CONFIGURATION APPROACH Ensure adherence company has security policies that help mitigate risk 1 Leverage configuration that will ensure security policies are followed 2 Audit the configuration and access management regularly 3 Ensure Governance is in place around your instance to enable auditing and configuration management 4
  • 17. PROVISIONING 17 SECURITY RISK BEST PRACTICE • Management overhead and complexity to manage access to each Atlassian application • User creation in Atlassian provides permissions and initial access • Bad provisioning can expose sensitive data to new users who should not have that access • Clear group-based permissions, roles, and provisioning enable clear application of needed permissions • Leverage access management application to ensure consistent provisioning is applied (Atlassian Access, Active Directory, etc.) and reduce human error
  • 18. SINGLE SIGN-ON (SSO) 18 • No way to enforce password changes or policies • Unsafe passwords with infrequent changes increase risk • High password-related calls to IT increasing cost of support • Leverage access management application to centrally manage access to Atlassian (through Atlassian Access, Active Directory, etc) and reduce human error SECURITY RISK BEST PRACTICE
  • 19. USER MANAGEMENT & CLEAN UP 19 • Users have access they don’t need or shouldn’t need • User don’t have access they need • Users are no longer at the company but still have an account • May be paying for licensing for users not longer at the company • Clear group-based permissions, roles, and de-provisioning enable appropriate permissions • Leverage access management application to ensure consistent de-provisioning, changes, and deprovisioning is applied (through Atlassian Access, Active Directory, etc) SECURITY RISK BEST PRACTICE
  • 20. IP WHITELISTING* 20 • People outside of the company may be able to access applications in your network • Unable to separate intended users from potential threats by IP address • Enable security policies that ensure only appropriate users have access to your network • Leverage IP whitelisting functionality to allow specific IP addresses or domains * Atlassian Access is required for this functionality SECURITY RISK BEST PRACTICE
  • 21. PERMISSIONS 21 • Users have access to sensitive projects and/or data through applied permissions • Unclear ability to fix access issues due to lack of permissions architecture or documentation • Leverage permissions groups and roles to set highest level permissions which minimize risky project level permission changes • Leverage access management application to ensure consistent provisioning, deprovisioning, and permissions changes are applied (through Atlassian Access, Active Directory, etc) SECURITY RISK BEST PRACTICE
  • 22. CONNECTORS & INTEGRATIONS 22 • Insecure or poorly configured connectors or integrations can expose system data • Lack of review process to ensure connectors or integrations can inadvertently create a data security breach • Ensure you are using Cloud Fortified connectors from the Atlassian Marketplace that meet the all Atlassian security requirements • Review all application connectors with intended connected internal systems to ensure data is passing as planned SECURITY RISK BEST PRACTICE
  • 23. AUDIT LOG 23 • Changes to your configuration have introduced security risks that you are unable to troubleshoot • Unclear what configuration changes have been made to ensure security policies have been followed • Use the Organization audit log in Atlassian Access to view configuration changes, timing, and who did them across all Atlassian applications • Leverage marketplace applications to provide a consolidated view of changes • Use a governance process to review and mitigate all changes that may impact to your security SECURITY RISK BEST PRACTICE
  • 24. CHANGE MANAGEMENT 24 • Unclear policies make requested changes hard to evaluate for security risks • Changes may be implemented that don’t meet security standards introducing security risks • Implement a governance process that supports effective change evaluation, tracking, reporting, approval and communication SECURITY RISK BEST PRACTICE
  • 26. WHY GOVERNANCE MATTERS There’s a lot at stake – strong governance practices help: • Mitigate risk and maintain compliance • Ensure data integrity and improve data quality • Set, maintain, and implement standards and best practices • Evaluate the impact and manage changes to the Atlassian tools ecosystem (like clean up and optimization) • Maintain the health and long-term continuity of the Atlassian tools ecosystem • Ensure your users can leverage the features and benefits of the Atlassian platform for your organization
  • 32. ENSURE COMPLIANCE Maintaining Your Atlassian Ecosystem Regular updates to Policies and Standards Custom dashboards and reports to identify Compliance risks Clean up and maintain your instances (Leverage admin insights, scheduled releases, and project archiving) Manage human risk (Training, enablement, imbedded Governance Team Members)
  • 33. CHANGE MANAGEMENT • Formal Intake Process • Formal Committee Discussion • Within vs Outside of Policy Limits • Formal Committee Vote • Objection vs Non-Objection Vote • Documentation • Decision vs Recommendation • Communication Change Management Process Elements Intake Communication Action Decision
  • 34. Atlassian has built in features, policies, and programs to ensure the Cloud applications have the highest levels of security Leverage best practice configurations that ensure good change management, permissions, and access management Ensure governance practices are in place to evaluate, approve, and manage configuration changes Visit the Atlassian Trust security site for details on all aspects of Atlassian Cloud security KEY TAKEAWAYS
  • 35. KEEP THE CONVERSATION GOING… Connect with our speakers on LinkedIn Check out Cprime upcoming webinars, read our blog, download whitepapers/case studies & more: cprime.com/resources Share with us what topics you are interested in, ask us questions or give us feedback! learn@cprime.com
  • 36. FOLLOW US ON SOCIAL MEDIA Share in the conversation & keep updated on thought leadership, events & more! on LinkedIn, Twitter, Facebook, & YouTube
  • 38. QUESTIONS? CPRIME.COM | 877.800.5221 THANK YOU CPRIME.COM | 877.800.5221