As the world we live in becomes increasingly digitised and connected, it has never been more important to protect sensitive data and the reputation of an organisation from the growing array of attack vectors, through ensuring that adequate security strategies are implemented. The Atlassian stack is no exception to this – while it bolsters growth through enabling good record-keeping, encouraging knowledge-sharing and facilitating collaboration, mismanaged setups and configurations could jeopardise valuable assets.
Automation Consultants has much experience in performing security audits on Atlassian applications such as Jira, Confluence and Bitbucket for all three available deployment options. We have a tried and tested approach developed from our successful framework for application audits and health checks which consist of three phases: identification, presentation and enhancement.
During this phase, our consultants will conduct a detailed examination of each application in your Atlassian stack, including any third-party Apps and external integrations. We will document the configurations and interdependencies of your assets and compare them with our list best practices. Depending on how your Atlassian stack is deployed, below are some examples of what this may reveal:
|The landscape of the Atlassian stack and its interfaces with external applications||✓||✓||✓|
|The architecture of the Atlassian stack, including test and development instances, and connections to the public internet||✓||✓||N.A.|
|Any Atlassian applications or associated Apps with invalid licences or incompatibilities with each other||✓||✓||✓|
|Any components of the Atlassian stack which are no longer supported (End of Life reached)||✓||✓||N.A.|
|Vulnerabilities arising from application-level settings, such as public sharing options, global permissions, access token lifecycle and configurations in third-party Apps||✓||✓||✓|
|Unpatched critical security vulnerabilities due to defects in certain application versions||✓||✓||N.A.|
Based on our findings, we will produce an executive report which details the state of the existing system. We will also highlight any security vulnerabilities and provide recommendations on mitigation strategies to address them. These suggestions will be broken down into two parts: one advising immediate actions for critical vulnerabilities and one proposing less urgent amelioration for remaining issues. To aid you with estimating the resources and schedule for any patches required, we will provide an assessment on the downtime required and how this would impact regular users in the organisation as well.
If you prefer to have the peace of mind to have everything taken care of for you, our consultants are happy to implement the necessary changes to tighten security based on the approaches discussed in the presentation stage. Alternatively, if you prefer effecting part or all of the recommendations with in-house resources, we could also offer support and guidance for your teams. If you are looking to optimise the inner workings of your Atlassian stack, thinking to set up a project in mind, or seeking someone reliable to support your instances, feel free to look through our other offerings as well and let us know how else we can assist with your needs.