This FAQ section provides answers to common questions about Atlassian's migration process, focusing on security, control, and monitoring of your data. The questions are categorized into five key areas. Select a category below to navigate directly to the respective questions and answers:
General security practices at Atlassian
How does Atlassian secure data during Server to Cloud migrations?
At Atlassian, we prioritize security in our day-to-day operations, implementing robust measures like secure protocols, stringent access controls, and regular audits. These standards are maintained during cloud migrations, ensuring your data's protection.
Learn more about our security practices on the Atlassian Trust Center
Data management and control
How does data residency operate within the migration ecosystem?
Atlassian deploys Amazon Web Services (AWS) across various regions to ensure data control. However, Data Residency controls are available for select Products and Plans. During migrations, data is temporarily stored 'in-transit' in US-WEST or US-EAST for a period of up to 14 days.
For the majority of other Atlassian products, data in transit time can be up to 30 days. This includes data such as automation rule configurations, cached content, product logs, user account information, and more.
Learn more about data residency
Who can access the tenant during and after a migration?
At Atlassian, we prioritize your data's security. Only authorized roles with an active support ticket can access a customer instance. Access to the tenant is strictly controlled and reviewed quarterly to ensure only authorized roles have access during and after migrations.
How is data purged after migration?
Upon termination or at your request, Atlassian deletes your data (including migration data) after a specified period (15 days for evaluation sites or 60 days for paid sites). The data might remain in our encrypted backups for up to 90 days according to our retention policy. If a restore is needed within this period, any deleted data is promptly re-deleted after restoration. For more details, refer to our Data FAQ.
Migration process and permissions
Who, other than an admin, can initiate a migration process?
To initiate the migration process, you need to be a system admin in the source instance and an organization admin in the destination cloud site.
How do Atlassian employees gain access to MOVE Jira tickets?
At Atlassian, we follow a structured protocol for granting employees access to MOVE Jira tickets. This involves role-based controls, management approval, and a system that links our HR and access provisioning processes. Access is granted primarily for system maintenance and support, and only upon customer request, ensuring your data's security at every step.
If my organization has an isolated (air-gapped) production infrastructure, how can we migrate data to the cloud without a direct internet connection?"
For organizations with air-gapped production infrastructures, there are a couple of ways to migrate data to the cloud:
Clone the Production Server: One approach is to create a clone of your production server within a network environment that can access the Cloud Migration Assistant (CMA) endpoints. This allows you to utilize the Jira Cloud Migration Assistant (JCMA) for moving your data to the cloud.
CSV Import: If your migration is on a smaller scale, typically involving hundreds of issues, you could consider using CSV Import. This method is independent of your server's connectivity and can be used with air-gapped servers.
Each method has its considerations and might be better suited to different circumstances. When choosing a migration strategy, it's essential to evaluate your specific situation and requirements. Contact Atlassian Support for more guidance.
Is a company’s data encrypted during the migration process, both in rest and in transit?
Atlassian employs industry-standard encryption protocols throughout the migration process, using HTTPS to secure data. While our migration teams have access to limited data for debugging purposes, this data is purged after 14 days.
Learn more about Atlassian’s security practices
How does Atlassian monitor outbound traffic to prevent data leakage?
At Atlassian, we use McAfee MVision CASB to supervise outbound traffic, adding an extra layer of security to prevent data leakage. This is part of our standard practice, including during migrations. Customers have the option to use McAfee MVision to monitor their own instances via Atlassian Access.
Learn more about CASB integrations with Atlassian Access
Is data encrypted between the CCMA or JCMA and the "Link Site" Migration Gateway, regardless of whether SSL is deployed on the local Jira or Confluence application host server?
Yes, during migrations, we ensure that your data is securely encrypted, both while it's moving and when it's stored. This applies even when it's transferred to the Migration Gateway, a tool we use to ensure a secure login to the cloud. This Gateway doesn't store your data; it simply helps us manage the migration securely.
Audit and log tracking services
What monitoring services are available during the migration from Server or Data Center to Atlassian Cloud?
Monitoring services available for Atlassian customers: Customers have access to audit logs via Atlassian Access, which provides visibility into administrative actions. Learn more about tracking org activities from the audit log. Additionally, each Atlassian cloud product includes its own audit logging for product-specific changes. Customers can also access their logs via their API; learn more about this on Atlassian Access.
Monitoring services available for Atlassian employees: Atlassian employs a separate, secure system to store logs, accessible only to our Security and Observability Teams. This system is integrated with our security analytics for automated threat detection and alerts.
Are there logs that monitor access to MOVE Jira tickets and their content?
Yes, all access to customer apps including MOVE Jira tickets is logged for auditing and security purposes. These logs, along with Windows Security events and AWS CloudTrail and Azure Logs, are sent to Splunk and Alert Logic for thorough offsite analysis. Any access triggers Alert Logic, ensuring a detailed record for security and auditing purposes.
