Atlassian Enterprise Cloud - SASCHA WISWEDEL | PRE-SALES SOLUTIONS ENGINEER
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Atlassian Enterprise Cloud SA SC HA W I SW EDEL | PRE- SALE S SO L U T I O NS EN G I NE ER
Unlock new ways of working People Practices Tools
OUR MISSION Unleash the potential of every team
THE ATLASSIAN PLATFORM SOLUTIONS AGILE & DEVOPS ITSM WORK MANAGEMENT NEW SOLUTIONS EXTENSIBILITY EXPERIENCE COLLABORATION CONNECTION ANALYTICS AUTOMATION ADMIN DATA COMPLIANCE INFRASTRUCTURE
Innovation, unleashed by Cloud Jira Work Management Jira for Business Teams Confluence Trello Atlas BETA Compass BETA Jira Software Bitbucket Engineering inventory management Dynamic status reporting INNOVATIVE & FUTURISTIC PROVEN & EXPERIENCED (“POINT A” PROGRAM) Jira Align Jira Product Discovery BETA Halp Product idea and decision management Conversational ticketing Opsgenie Statuspage Atlassian Analytics EAP Business Intelligence (chartio acquisition) Atlassian’s R&D focus: strategic, integrated, extensible
Today’s topics Atlassian Cloud Premium Plan Enterprise Plan
Why Atlassian Cloud? TIME TO VALUE ROI INNOVATION Move fast, accelerate time Refocus resources and Future-proof your to value and investments to maximize strategy & tools with speed to market your business ROI continuous innovation REVENUE PROFIT GROWTH
ATLASSIAN PREMIUM
CLOUD PREMIUM IS BACKED BY GUARANTEED UNLIMITED PREMIUM SLA STORAGE SUPPORT 99.9% availability No more file size or limits 24x7 dedicated support
Scale with Premium JIRA SOFTWARE CONFLUENCE Analytics Advanced roadmaps Team Calendars SCALING TEAMS Automation Automation COMING SOON Capacity planning External collaboration COMING SOON Archive pages Automation SCALING ADMINS Bulk space permissions Archive projects Advanced permissions IP allowlisting SCALING Sandbox ORGANIZATIONS Release Tracks
Some need more
INTRODUCING… CLOUD ENTERPRISE atlassian.com/enterprise-cloud Jira Software Confluence Jira Service Management CLOUD ENTERPRISE CLOUD ENTERPRISE CLOUD ENTERPRISE
Cloud Enterprise Value Enterprise-grade Global Scale Powerful Apps and Security & and Reliability Governance Extensibility Compliance Controls
SECURITY & COMPLIANCE
Security features for everyone Included with Enterprise Encryption at rest & in transit SAML Single Sign-on (SSO) Data Residency User lifecycle management with SCIM Mobile Device Management (MDM) Organization Audit Logs Secure Application Tunneling Shadow IT insights Improved backup and restore Nested groups flattening COMING SOON Data Residency for apps COMING SOON Selective user claim COMING SOON External User Security COMING SOON
Atlassian Enterprise Plan adds Governance Multiple Identity Providers in Atlassian Access User activity audit log
Atlassian Enterprise Plan adds Compliance * COMING SOON
Atlassian Enterprise Plan adds Security Bring your own Key COMING SOON Data Leakage Protection FUTURE
Atlassian Enterprise Plan adds Analytics & Data Lake Atlassian Analytics COMING SOON Atlassian Data Lake Data Warehouse COMING SOON BI tools (eg. Tableau and Power BI)
CLOUD ENTERPRISE SLA 99.95%
ENTERPRISE SUPPORT DEDICATED PHONE 24/7 SUPPORT SUPPORT 30 MIN IRT FOR CRITICAL ISSUES
Cloud scale per site 60000 50.000 48000 35.000 36000 24000 20.000 12000 10.000 5.000 2.000 0 2018 2019 2020 2021 2022 2023 Maximum number of users (per Cloud site)
UNLIMITED SITES ORGANIZATIONAL DATA ENVIRONMENT AUTONOMY SEGREGATION CUSTOMIZATION
Scale globally with unlimited sites Cloud Enterprise Centralized Admin Console - Manage users, products, security policies, insights and billing Centralized user licensing - pay for user once and grant access to multiple instances Corporate Regions Acquisitions Business Units Security Customize instances with marketplace apps based on team needs
MINIMUM REQUIREMENTS FOR ENTERPRISE OR 801+ users 201+ agents Financial Services Special 501+ users 51+ agents
Cloud migration support MIGRATION PROGRAM Cloud Trust Center Migration Partners Cloud loyalty Resources, tools, discount offers, and support to guide your journey
Jour (guided) Journey to cloud Assess Plan Prep Test Launch MIGRATE Optimize
Migration Helpers Migration Migration Solution Partners Migration Center Manager Assistant App Help you with the Resources, best Dedicated team Helps assessing apps hand-on-keyboard practices & migration to help you assess and and migrating core work before, during tools for every stage of and after the migration the migration journey. plan your migration content from Server to Cloud
atlassian.com/roadmap/cloud
Next up: Daniel Meisen
Appendix
New: Secure Application Tunnels Connect Cloud with on-prem without opening your rewall fi
User management — centralized
Holistic view on Cost Advantages Operation Non-operation Risk (Business can not work) Hardware Attacks Maintenance windows Software Data breaches Outages/Disruptions Support Security vulnerabilities Licenses Maintenance Covered, maintenance-free and included in Atlassian Cloud
Annex: FinServ
Cloud Compliance for Financial Services customers European Union/EEA Germany specific
Included with the Financial Services Addendum Audit rights Cooperation Oversight rights Continuity of On-site audits and Commitment to Enhanced service flow-down audit cooperate with record-keeping In the event of rights over material regulators and notifications bankruptcy and after sub-outsourcers (i.e., in case of a breach termination AWS)
Eligibility requirements Operate in the EU Product Scope Cloud Enterprise Plan From regional to Only the above products > 500 users minimum multinational banks with apply presence within EEA No other editions qualify for this addendum or compliance
Your Cloud Pilot Navigate GDPR-and BaFin Compliance of the Atlassian Cloud
Daniel Meisen Shareholder & Co-CEO Atlassian Expert by Heart Atlassian Certified Instructor Atlassian Certified Professional User since Jira 2.0 EAP & Confluence 1.0 2
Moving to a cloud - Guidance on GDPR future, together… - Guidance on BaFin - Atlassian Cloud compliance - Guidance on your compliance Journey to Cloud 3
Journey to Cloud 4
Guidance on GDPR © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud 5
Disclaimer: The following statements have been carefully reviewed. I am not a laywer and this is not legal advice. This advice is general in nature and not ? to be taken as personal / professional advice TL;DR: NAL; TINLA Status Quo GDPR © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud 6
GDPR Definition GDPR What? European Union When? General Data Unified rules Starting: for all EU countries Protection May 25, 2018 Regulation © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud
Goals of EU’s General Data Protection Regulation Protection Protect personal data & strengthen privacy rights of EU individuals GOALS Give users control over their data Control © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud
Goals of EU’s General Data Protection Regulation Protection Protect personal data & strengthen privacy rights of EU individuals GOALS Give users control over their data Control https://time.com/6146178/meta-facebook-eu-withdraw-data/
Goals of EU’s General Data Protection Regulation Protection Protect personal data & strengthen privacy rights of EU individuals GOALS Give users control over their data Control https://about.fb.com/news/2022/02/meta-is-absolutely-not-threatening-to-leave-europe/
Who is affected by GDPR? All businesses collecting or holding personal data on EU citizens. No matter where they reside! © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud
Types of Personal & Private Data Name Biometric data Address Genetic data Phone Health data Sensitive Data Personal Data Bank / Credit cards Race, Gender, Religion, … Email address IP address Cookies Online identifiers … © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud
GDPR Non-Compliance - Penalties & Fines GDPR FINES If your data is breached: You must report it within Face a fine up to 72hours OR 20M € or 4% global turnover © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud
GDPR Non-Compliance - Penalties & Fines GDPR FINES If your data is breached: You must report it within Face a fine up to 72hours OR 20M € or 4% global turnover https://www.enforcementtracker.com/
Assess GDPR Compliance Analyze what you collect & where is data stored. (cookies, tracking pixels, emails, names, addresses…) 1 Check if the time you store personal data is relevant. If not, remove data. 2 Inform your clients how they can modify or delete their data. (special mailing, Privacy Policy webpage) 3 Monitor who has access to personal data. 4 © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud
Primer on GDPR SaaS assessments - Assess data flows - is there any data exported outside the EU – lawfulness, purpose limitation and ensure data minimization. - Adequacy decisions exist for certain countries (i.e. Switzerland, Canada, United Kingdom, …) but not for all (USA: Schrems II) - Decide if a data protections impact assessment (DPIA) is required required - depends on your specific use case (Art. 35 Abs. 4 DS- GVO) - Perform a Transfer Impact Assessment (TIA) – Guidance provided by Atlassian1 - Ensure up-to date DPA including “new” SCCs – grace period expires on Dec 27th, 20222 1 h"ps://www.atlassian.com/legal/data-transfer-impact-assessment 2 h"ps://www.atlassian.com/legal/data-processing-addendum 16
Guidance on BaFin © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud 17
BaFin – Guidance on Outsourcing to Cloud Services - Additional requirements for all non-differentiated outsourcing according to the KAGB (Scope, Audit-Rights supervised company / supervised authorities, right to issue instructions, data security / protection, … - Chapter V) - Quick Tip: Guidance1 of the BaFin (together with Deutsche Bundesbank) in cooperation EIOPA, EBA, SSM and other national supervisory authorities - Covers outsourcing of materials and items to the Public Cloud (and private/community/hybrid) as IaaS, PaaS or SaaS. - Supervised company (you?!) are requested to have a documented process covering all relevant steps to outsource to a cloud provider. 18 1 https://www.bafin.de/SharedDocs/Downloads/EN/Merkblatt/BA/dl_181108_orientierungshilfe_zu_auslagerungen_an_cloud_anbieter_ba_en.html?nn=9866146
BaFin – Guidance on Outsourcing to Cloud Services - Review your use-case in regards to supervisory law if a case of outsourcing exists and whether its to be qualified as material - when in doubt assume outsourcing - Perform a risk analysis covering all relevant aspects of outsourcing (type, scope, complexity, risk) - Review and map all Chapter V (Contractual terms in the case of (material) outsourcing) requirements to the Atlassian contractual vehicles1 19 1 https://www.atlassian.com/trust/compliance/resources/bafin/bafin-guidance
Atlassian Cloud Compliance © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud 20
GDPR Compliance: Status Quo - Updated Standard DPA provided by Atlassian ✔ - Includes „Standard Contract Clauses“ (SCC) ✔ - Data subjects ✔ - Categories of data ✔ - Purpose of processing ✔ - Subprocessors, duties based on Art. 32-36 ✔ © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud 21
GDPR Compliance: All well then? Additional information available through additional documents - Data protection by default - Data residency controls ✔ - Content locked per realm (EU, US, Global) - Data privacy management - Incident / response management © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud 22
GDPR Compliance: Relevant documents - Data Processing Addendum https://www.atlassian.com/de/legal/data-processing-addendum - Cloud Terms of Service https://www.atlassian.com/legal/cloud-terms-of-service - Privacy Policy https://www.atlassian.com/legal/privacy-policy - Certification / Compliance https://www.atlassian.com/trust/compliance - Atlassian Common Controls Framework https://www.atlassian.com/trust/compliance/common-controls-framework - Manage Data Residency https://support.atlassian.com/security-and-access-policies/docs/understand-data- residency-and-realms/ - Vendor Security Risks https://www.atlassian.com/trust/security/vendor-security-risk-response © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud 23
GDPR: Additional Aspects - Data Residency Controls: What Primary- & Secondary data is available per region (= “Realm Pinning”) - Access restrictions: „IP Allowlisting“ vs. VPN - Varying support for different products (Trello, Jira Align / OpsGenie / StatusPage) - Third party apps – You might need indivdual DPAs - Forge „hosted by Atlassian” – Compliance in line with core products (Jira / Confluence) © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud 24
Product Content in Realm https://support.atlassian.com/security-and-access-policies/docs/understand-data-residency-and-realms/ 25
Summary - Atlassian has invested a lot in its native Cloud and offers a wide selection of Cloud plans - GDPR compliance can be assumed based new SCCs / TIA / BCRs – indivdual assessment is required - Utilizing additional documentation, guidance (BaFin, TIA) and certification a GDPR and BaFIN-compliant use is achievable - Risk-assessment (data protection impact assessment) can be simplified with Data Residency Controls implemented in Cloud Standard / Premium / Enterprise and Apps - Follow the transparency reports: https://www.atlassian.com/trust/privacy/transparency-report © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud 26
Questions? © kreuzwerker, 2022 - Navigate GDPR-and BaFin Compliance of the Atlassian Cloud 27
Thank you ! atlassian@kreuzwerker.de kreuzwerker GmbH www.kreuzwerker.de Ritterstr. 12-14 Fon +49 30 609 838 80 10969 Berlin Fax +49 30 609 838 899
You can also read
