Security, privacy, and transparency are critical pre-conditions to unlocking the benefits cloud has to offer.
If you’re migrating to cloud or already using Atlassian cloud products, chances are you’ll need to assess and manage cloud apps to meet your privacy, security, and compliance needs. With thousands of apps and hundreds of vendors to explore and vet, we know this process can be time-consuming and at times, may feel overwhelming.
To streamline the cloud app vetting process and bring more transparency and control to customers with Marketplace cloud apps, we’re excited to announce a number of recent improvements on Atlassian Marketplace and admin.atlassian.com.
Introducing: A new Privacy & Security tab on the Atlassian Marketplace
We know that evaluating apps against your company’s security requirements is an important part of the cloud app procurement process. To streamline app assessment, we’ve added a new tab on Marketplace cloud app listings: the Privacy & Security tab.
If you’re evaluating an app, the Privacy & Security tab is where you can find partner-provided information about app data management, privacy, and security details, like:
- Whether an app stores data outside of Atlassian products & services
- What type of data an app stores
- Whether an app supports data residency or has any compliance certifications
- Whether an app is part of Atlassian’s Marketplace security or trust programs
- Whether a Data Processing Agreement (DPA) is available for the app
- and more
You can even find links to more detailed information, or security contact information so you can send security inquiries to the right team member in a Marketplace Partner org.
This tab will provide a consistent place to kick off your app security evaluation, with key app privacy and security information to determine if a more in-depth security evaluation is needed.
Introducing: a new interface for app data residency on admin.atlassian.com
If you have data residency requirements, you are likely aware that you can pin or migrate your in-scope data for Jira and Confluence cloud data in the EU, USA, Australia, Germany, and Singapore. What you may not know, is that Marketplace Partners are also able to independently offer data pinning and realm migration for their apps that store data outside of Atlassian.
The new Privacy & Security tab will make it easier for you to determine which apps support data residency before you install, but what about the apps you already have installed?
With a new beta experience on admin.atlassian.com for app data residency, you can now determine if an app is pinned to the same region as the product (Jira or Confluence), and see where it supports data residency. You can even schedule data migration for eligible apps through a self-serve flow on admin.atlassian.com.
If you want to request data residency for one of your apps that does not support it, or if you want to learn more about why an app is not eligible to move, you can reach out to the partner using the contact information on their Marketplace listing.
Other improvements to streamline app management
In addition to these new features, over the past year we’ve made investments in centralizing the cloud app management experience.
On admin.atlassian.com, admins can get a more complete view of connected apps on your Atlassian sites, filter your apps by install date and installer role, install private apps, disable end-user app installs, and more.
With these changes, admins will be able to get a more complete view of your environment in the same place where you control and manage app settings.
Why is transparency important for cloud apps?
Not only is transparency fundamental to Atlassian’s values as a company, it is also necessary to ensure you have the information you need to play your role in the shared responsibility model for our cloud Marketplace.
Ultimately, cloud apps come with a shared responsibility. Atlassian, Marketplace Partners, and customers each play an important role:
- Marketplace Partners are responsible for designing apps and operational processes according to their legal obligations, Atlassian’s standards, and general industry best practices for building and maintaining reliable, compliant, and secure apps while protecting customer data. Marketplace Partners also provide support and information on their own websites, app listing, and in documentation.
- Atlassian provides documentation, security standards, and capabilities to help enable partners to build trustworthy apps in line with accepted industry practices. Atlassian is also working to provide transparency and control across a number of trust factors so that you can assess and manage individual cloud apps against your own requirements.
- You do your part to leverage the information provided by Atlassian and Marketplace Partners to assess apps and verify that apps fit within your organization’s guidelines. It’s important to acknowledge that app installation requires a relationship with a Marketplace Partner that is separate from your relationship with Atlassian, so understanding the app’s practices is key.
We will continue working to connect the dots and make sure you can find the information you need to vet apps against your company’s requirements.
These changes are just the latest steps to do just that – support you in protecting your data in cloud. Keep an eye out on our roadmap for more details as we continue to improve our Marketplace and app management experience in cloud.