Fast-forward
- Backups stored within the same platform are vulnerable: Backing up platform data in the platform you’re trying to protect creates a dangerous single point of failure.
- A resilient backup strategy requires independence: Real protection means long-term data retention, granular recovery, and off-platform storage to ensure recoverability and compliance.
- Atlassian BRIE lacks essential recovery controls: It only supports full-site restores, with no item-level rollback, limited data retention, and broad restore restrictions.
Atlassian recently released its long-promised BRIE Backup and Restore Internal Experience in beta.
This might sound funny coming from a company that offers backup and recovery for Atlassian’s Confluence, Jira, and Bitbucket (along with many other SaaS apps), but this is good news.
This is a major SaaS platform clearly acknowledging that user data protection is a gap that needs to be bridged in SaaS. By getting more organizations to think about data resilience in the cloud, Atlassian has done all of SaaS a service (a SaaSS?).
Atlassian BRIE backup itself is limited. Backup retention falls short of enterprise needs (just 14 days on Atlassian servers or 30 days in a customer’s S3). BRIE backup doesn’t offer the immutable logs required to prove data compliance in an audit. But more than even those limitations, BRIE doesn’t meet the most basic 3-2-1 rule for backup: don’t store your backup in the same place as the data you’re trying to protect.
Still, it does raise important problem awareness.
SaaS backup has an awareness problem
There remains a common misconception that “in the cloud” means “backed up and always available.” It doesn’t. 79% of IT leaders surveyed in our 2024 State of SaaS Data and Recovery report believed that SaaS platforms can recover user data. BRIE beta notwithstanding, they can’t. Considering that 85% of organizations reported a SaaS data loss in 2024, that’s a lot of IT leaders playing bad odds.
Data is the lifeblood of modern organizations. SaaS platforms are where modern organizations work, and where they store their critical data. Gartner data shows that 15% of forward-thinking organizations already prioritized SaaS platform backup this year. That number is predicted to grow to 75% by 2028. Awareness—of the problem; of the risks; of the Shared Responsibility Model for SaaS data and the fact that organizations are responsible for protecting their own data in SaaS platforms—is the missing link.
A partial backup solution is better than no backup solution. In that sense, some organizations will probably decide that Atlassian BRIE backup is good enough.
For any organization looking to build compliance audit-ready data resilience, drive return time and return point objectives (RTO/RPO), and avoid the astronomical cost of downtime due to data loss, “good enough” is not good enough.
You wouldn’t back up your hard drive to your hard drive…
The 3-2-1 rule for SaaS backup is clear. You need:
3 copies of your data in
2 different locations in the cloud
1 of which is not your SaaS provider
Backing up your SaaS data with the same SaaS platform you need to protect is akin to backing up your hard drive to your hard drive. A data resilience strategy cannot have a single point of failure. Or, for fans of malaphor, a chain is only as strong as the weakest eggs in one basket.
Backup is important, restore is everything
The Shared Responsibility Model for SaaS data is clear: user data is the user’s responsibility. That hasn’t changed.
Atlassian BRIE backups offer a layer of platform-level redundancy but do little to build organizational resilience or support data restoration or recovery at the account level. For example, Atlassian backups with BRIE expire after 14 days. Customer S3 hosted backups expire after 30 days.
Restoring from a BRIE backup is all or nothing; users can roll back everything to a point in time but BRIE is not designed for granular data restoration or to recover from common errors like accidental deletion, bad imports, or agentic AI overwrites.
Real risks, real consequences
Relying solely on SaaS platform backup—like BRIE but not just BRIE—is risky.
If:
- A team deletes a Jira project: BRIE can’t recover it without restoring the entire site into a new instance.
- A Confluence page gets overwritten: You can roll back everything but you can’t recover just the affected page.
- You need to pass a compliance audit: 14-day retention might not meet regulatory standards.
- You want to seed a test environment: BRIE won’t restore into a sandbox that already contains data.
- You get hit with ransomware: Having your backup in the same environment as your production data likely means the attackers have that too.
What a real backup strategy looks like
The gold standard for backup isn’t “whatever’s cheapest and easiest.” After all, you’re protecting your business here. Rather, it’s a strategy that ensures business continuity, audit readiness, and operational agility, even (especially) when the unexpected happens.
Here’s what to look for:
- Granular restores: Undo a mistake without rolling back your entire environment.
- Long-term retention: Keep data for months or years, not just days.
- Independent storage: Your backups should live outside the platform they protect.
- Air-gapped resilience: A problem shouldn’t be able to take down your live data and your backup data in one fell swoop.
- Cross-platform protection: Secure your Atlassian environment and the other SaaS tools your organization relies on, including, GitHub, Azure DevOps, and more.
Atlassian BRIE backup
Atlassian’s built-in backup might check the “backup” box for some organizations but real data resilience and compliance aren’t just checkboxes.
Atlassian BRIE backup will help grow awareness around the need for a SaaS backup plan, but it falls short of actually meeting that need.
Want to build a real SaaS data resilience strategy? Start with independence, visibility, and control.
Get started with Rewind with a 14-day free trial or book a demo to learn more about how backups can mitigate risk, build resilience, and support compliance for your organization.
Rewind Backups vs. Atlassian BRIE Backup
| Rewind Backups | Atlassian BRIE Backups | |
|---|---|---|
| Tier requirements | • Available to all Atlassian orgs | • Enterprise tier required |
| Security | • ISO/IEC 27001:2022 certified • SOC 2, type 2 certified • AES-256 encryption at rest • TLS 1.2 in transit • Independent AWS accounts (air-gapped) • Role-based access controls (RBAC) • Data residency options (US, CA, EU, UK, AU) | • Inherits Atlassian certifications • Stores data in Atlassian infrastructure or customer’s AWS S3 (same auth boundary) • Org-level admin required (no RBAC) • No configurable data residency options |
| Data retention | • 365-day rolling retention (all plans) • Unlimited retention with local or cloud export (AWS, Azure, GCP) • Meets long-term compliance needs (HIPAA, SOX) | • 14 days (Atlassian storage) • 30 days (customer S3) • 60 days for manual exports (50GB limit, local only) • Does not meet long-term compliance needs |
| Data restoration | • Full or granular restore • Restore in-place or to new instance • Cross-instance restores (e.g., prod → sandbox) • No restore frequency limits • Avg. RTO: 9.5 hours for 100GB | • Only full restore to empty instance • No granular restore • One restore every 7 days • Avg. RTO: 12 hours for 60GB |
| Compliance | • Meets 3-2-1 backup rule • Detailed audit logs exportable for compliance • Flexible data residency for GDPR, HIPAA, PCI DSS | • Stores data in same platform environment by default (not compliant with 3-2-1 backup rule) • No audit logging or exportable job records • No data residency guarantees |
| Event log | • Full, exportable audit trail of backup and restore events • API access for automation & compliance tracking | • No audit logging or exportable records |
| Backup scope | • Includes attachments, automation rules, all supported resources • Supports Jira, Confluence, Jira Service Management, Bitbucket, GitHub, Azure DevOps, and other platforms | • Does not back up attachment content • No automation rule backup • Supports Jira, Confluence, Jira Service Management (no Bitbucket) |
| Backup frequency | • Daily incremental backups • On-demand “Backup Now” option | • Daily full backups only • No on-demand backup |
| Export limits | • Unlimited exports, unlimited file size • Export to AWS, Azure, GCP | • Max 50GB per export • Max 3 downloads per backup |
Andrew Moore-Crispin">
