Care about security? We do too. Learn what Atlassian does and what you can do too.
Need to test security settings? Learn how with authentication policies.
Eager to configure? Read on about single sign-on.
Manage password policies for users? Set up two-step verification and idle session duration.
Stay on top of data across your organization with all the reports and tracking options we offer.
Learn about where your cloud product data is hosted and the types of data you can move.
Control how users and apps access your Atlassian cloud products.
Use classification levels to identify and categorize sensitive information in your organization.
Set up and manage BYOK encryption to add protection for your sensitive data.
Set up and manage data security policies to secure your organization’s data.
BYOK encryption for Jira Software is available to all customers with Enterprise plans.
BYOK encryption for Confluence is available through an early access program (EAP) to a number of customers with Enterprise plans. If you're interested in participating in the EAP reach out to your Enterprise account representative.
Bring Your Own Key (BYOK) encryption lets you encrypt Jira Software product data with keys hosted in your external AWS account. If you're participating in the Confluence EAP, you can also encrypt Confluence product data.
The encryption keys are provisioned and managed in AWS Key Management Service (KMS).
Benefits of BYOK encryption
BYOK encryption gives you:
Added security for sensitive data. By hosting your own encryption keys, you manage and control the keys at all times.
Increased control over access to data. Revoking access to the keys suspends access to all your products. With the ability to revoke access to encryption keys at any time, you can reduce risk of unauthorized access.
Visibility into account activity across your AWS infrastructure. Record activity and access audit logs using AWS CloudTrail.
BYOK encryption vs Atlassian-managed encryption
If you don’t use BYOK encryption, your data is encrypted using Atlassian-managed keys.
The keys are provisioned and managed in the customers’ own AWS accounts.
Atlassian generates keys in an Atlassian-owned AWS account, and the keys are shared among customers.
Who can use BYOK encryption?
To use our BYOK encryption for Jira Software, you need a Cloud Enterprise or a Cloud Enterprise trial subscription.
To use our BYOK encryption for Confluence, you also need to participate in the Early Access Program (EAP).
What BYOK encryption involves
You first need to set up an AWS account and create an IAM role.
Next, contact your Enterprise account representative and provide us with information such as your AWS account ID, where you want to host your product data, and the products you want to encrypt using BYOK. We’ll set up BYOK encryption for you and add BYOK-encrypted products to your Enterprise plan. Learn how to set up BYOK encryption
Was this helpful?