Is Jira Secure?
Table of Contents
Jira is a powerful work management tool by Atlassian, used by more than 180,000 customers worldwide to manage issue tracking for your business. Jira is full of business-critical information that is essential to your day-to-day operations.
With so much data packed into your Jira issues, boards, projects, and more, now is the time to think about taking a proactive approach to ensuring the security of your Jira data.
So, is Jira secure?
Jira provides a secure experience for customers by keeping its security systems up to date with the best practices.
Atlassian regularly undergoes independent verification of its security, privacy, and compliance controls and has 6 different certifications as listed below:
- ISO/IEC 2700: ISO 27001 is a specification for an information security management system (ISMS), which is a framework for an organization’s information risk management processes.
- SOC 2: SOC 2 (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a cloud service.
- SOC 3: SOC 3 (System and Organization Controls) is a regularly refreshed report that focuses on internal controls as they relate to security, availability, and confidentiality of a cloud service.
- FedRAMP: The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. federal government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
- PCI DSS: The Payment Card Industries Data Security Standard is an information security standard for the handling of credit card information.
- VPAT: The Voluntary Product Accessibility Template is a document used by providers to self-disclose the accessibility of a particular product.
Jira Account Security
The best way to approach data security for a cloud-based tool like Jira is the Shared Responsibility Model:
The Shared Responsibility Model explains that keeping your Jira account’s data secure is a shared responsibility between you, the account owner, and Jira. Jira takes care of the software, infrastructure, and disaster recovery of the entire platform. You, as the user, are responsible for password security, permissions that are given to users and third-party apps, and backups of the data you put into your account.
Web app providers take extensive precautions to ensure their infrastructure won’t fail and to maintain ~99.98% service availability. They all have a security team that is dedicated to the platform’s availability. This is one of the many benefits of using a managed service like Jira.
For instance, in the unlikely event that one of Jira’s data centers is crushed by a meteorite, the Atlassian team will recover the entire platform to the last backup. You might experience a few minutes of downtime, or even none at all, depending on how fast they can react to the situation.
But Atlassian’s backups cannot be used to recover a single account back to a previous point in time or to recover just a selection of your data, like a project, epic, or issue.
While Jira recommends using native database backup tools for Jira Cloud instances as a workaround, it’s not automated or user-friendly. It also has a 48-hour back-off period, meaning you can only capture one backup every 48 hours, which isn’t ideal for those looking for faster backups.
We explain why here:
What Jira offers is a macro backup of their entire system. Jira runs an encrypted full backup every 24 hours. This covers you for incidents on their end that impact their entire user base, such as data breaches. What Rewind offers you is a micro-backup of just your account. It’s an accessible backup of your Jira data. One you can use to swiftly recover important information.
Human error, malicious attacks, and software glitches caused by 3rd-party software are just some of the reasons why people lose important information in Jira. Using an automated backup service like Rewind for your web apps makes backups and recovery simple and gives you peace of mind about the security of your business-critical data. It’s like having an insurance policy on your digital data. You don’t need to be an expert in backups, spend an afternoon each week managing your backups, or have your own IT team. It’s a set-it-and-forget-it process that helps you recover from all types of possible data disasters. That’s a pretty good deal if you ask us.
Is Jira data backed up?
Jira maintains disaster recovery backups of their entire platform – and every account on it. These backups are updated regularly. The purpose of a disaster recovery backup is to recover the entire Jira platform in case anything happens to their main data centers, such as a natural disaster causing a flood or a malicious attack by hackers. These types of disasters are extremely rare but platforms like Jira make sure they are prepared for them.
As a Jira user, it’s important to understand that Jira’s disaster recovery backup cannot be used to restore data in your individual account.
Because user data stored in Jira is on a shared infrastructure, it is not possible for us to recover a subset of that information from backups.-Atlassian Terms of Service
Remember – that backup contains the data of all 180,000 users on the Jira platform. It’s not set up in a way that allows Jira employees to pick and choose which data to restore.
That means that you run the risk of losing important data from your Jira account if:
- You or someone else with access to your Jira Project accidentally deletes an entire board, epic, or issue.
- Someone with access to your Jira project maliciously deletes important data.
- A 3rd-party app you’ve added to your Jira project(s) makes unwanted changes or corrupts your data.
- You import data into Jira via a CSV that contains an error.
To back up and restore data from your individual Jira account, you need an account-level backup. That’s where Rewind comes in.
Rewind automatically backs up your Jira projects, boards, epics, and issues, giving you the ability to undo mistakes and recover deleted data quickly. Backups are a great way to secure your Jira account. It’s like having an insurance policy on the workflows your business relies on.
If you’re reading this and thinking “Wait a second… I thought that Jira was able to back up and recover all my data,” you might have the wrong impression about what Jira backs up.
Can I use a JSON file as a backup for Jira?
You could, but you shouldn’t.
You might think having a JSON export is like creating a backup of your Jira account. It’s understandable why you might think that since even Jira encourages using a JSON export as a backup. However, it’s not a solution to your problem and here’s why:
1. JSON is hard to use
For a Jira user looking to quickly recover from a mistake, parsing through JSON notation can be quite cumbersome.
2. You have to remember to export new JSON files regularly.
If you make the mistake of relying on JSON files as your backup, you will have to remember to update those files on a consistent basis. In some cases, even a week-old export might be too outdated to be used to recover after a problem. This is especially true for Jira users who make important changes to their boards daily. You’ll also be responsible for securing and paying for storage for your JSON backups.
3. JSON files do not transfer images.
Images cannot be imported into JSON format. As a result, if you lose all of your attachments, you’re going to have to manually add them back, which would take hours or days of work.
You should think twice before deciding that JSON exports are a sufficient backup solution. Use Rewind to back up Jira and ensure that your information is fully protected and easily recoverable.
Can I use a CSV file as a backup for Jira?
You could, but it isn’t very effective.
Some users are under the impression that having a CSV export is like creating a backup of their Jira account. It’s understandable why you might think that since Jira encourages using a CSV export as a backup. However, this is simply bad advice, and here’s why:
1. Jira doesn’t offer a dedicated import solution.
It is not currently possible to import a CSV into Jira without using a third-party application. As a result, by importing data into Jira, you run the risk of doing more harm than good if even one column isn’t accurate. We always recommend making a backup before importing data in case something goes wrong.
2. You have to remember to update your CSV file backups regularly.
Everything about CSV files has to be done manually, including updating them. If you rely on CSV files as your backup, you will have to remember to update those files on a consistent basis. In some cases, even a week-old export might be too outdated to be used to recover after a problem.
3. CSV files don’t transfer images.
Images cannot be imported into CSV format. As a result, if you lose all of your attachments, you’re going to have to manually add them back, which would take hours or days of work.
You should think twice before deciding that CSV exports are a sufficient backup solution. Use Rewind to back up Jira and ensure that your information is fully protected and easily recoverable.
Meet Backups for Jira by Rewind
Rewind is introducing Backups for Jira, a cloud-based backup and restore solution available for Jira projects, issues, fields, and workflows. Forget everything you know about making copies of projects and let Rewind handle the heavy lifting.
With automated backups, you are only a couple of clicks away from restoring your Jira information without having to do anything else than set up your account once.
Great, well how do I get started?
You can visit https://rewind.com/products/backups/jira/ for more information, download the Backups for Jira app on the Atlassian Marketplace to start your free trial, or contact sales to get a custom quote.
How do I back up Jira?
We’re glad you asked, with Rewind it’s only a few minutes to set up your daily, automatic backups!
To start backing up your account, follow these easy steps:
- Download the Rewind Backups for Jira app on the Atlassian Marketplace.
- Install the app and link it to your Jira account. You’ll also need to create a Rewind account if you are a new Rewind customer.
- Your installation will only take a few minutes, and backups will begin automatically once installed. Backups are captured once daily, and you can kick off an additional backup whenever you’d like via the Rewind app.
- Enjoy full account protection for your Jira instance from disasters and mistakes.
Need more help with Backups for Jira? Contact our support team or view our Knowledge Centre.