The Threat is Real
Sometimes finding a loophole or a creative workaround is a great thing. Life hacks, such as using a cupcake liner on a popsicle stick as a drip catcher, exist to improve our lives. However, in our always-connected digital world, hacks and exploits are often high-risk cybersecurity threats that you should address as soon as they are discovered. In 2020, as the COVID-19 pandemic became a global concern, the FBI reported a 300% increase in cybercrime, and in 2021, businesses faced 50% more cyber intrusion attempts per week than the year prior. A recent Gartner survey found that while eighty-eight percent of Boards of Directors (BoDs) view cybersecurity as a business (as opposed to technology) risk, only twelve percent have a dedicated board-level cybersecurity committee. Ransomware, malware designed to deny a user or organization access to files on their computer, is so prevalent it’s now become a household word. While you might be tempted to snooze your alerts and can delay applying those patches, they are essential to protect your organization from potential intrusion. When it comes to cybersecurity, procrastination can be costly.
Atlassian Security Advisories
When a critical severity security vulnerability in a self-hosted (Server or Data Center) Atlassian product is discovered and resolved, Atlassian will inform customers through the following mechanisms:
- Atlassian will post a security advisory and release a fix for the vulnerability.
- Atlassian will send a copy of all critical security advisories to the ‘Alerts’ mailing list for the affected product(s). To ensure you are on this list, please update your email preferences at https://my.atlassian.com/email.
Taking Action
When running Atlassian tools in a self-hosted environment, maintaining compliance and keeping your tools up to date with the latest security updates is your responsibility. The first step is always to keep an eye on security advisories. If a security advisory is released, you need to create an action plan that answers the following questions:
- What is required to remain secure? Do I need to upgrade the application, or can I apply a patch?
- How long will it take to implement the fix?
- Do I need to test the fix in a staging environment? If so, what is the test plan, who will I call on, and how long will it take?
- Is downtime required? If so, how much?
- What is the fallback plan in case the patching or upgrade operation fails?
Addteq strongly recommends testing all application changes in a staging environment before applying them to production, whether a patch or a complete application upgrade.
Sometimes, you can patch your application by shutting it down and updating one or more files on the file system before restarting. This approach will work in a pinch if you are not ready or able to perform a complete upgrade. However, Atlassian generally recommends upgrading to a fully fixed version of their tools as they will include all other security fixes to date.
If you do decide to upgrade your application to a new version, you should review these best practices for upgrades before proceeding. Rather than automatically choosing the latest release, Addteq recommends that you upgrade to the latest long-term support (LTS) release as these releases receive bug fixes and patches for an extended period than a standard feature release. As you plan, you should review the release notes and supported platforms for the version you plan to upgrade to. Will your plugins work with this version of the application? Do they also need to be upgraded, and are there any factors to consider? Is your database supported? Document all incompatibilities along with the corrective actions taken.
Managed Hosting Relieves the Administrative Burden
Keeping up with the latest security patches, application versions, and compliance mandates is no small task, and managing your products incurs expenses beyond renewing maintenance. Your total cost of ownership includes operational overhead like infrastructure, IT labor, and planned downtime. Hosting Atlassian tools in your server room or Data Center is not your only option. You can move your tools to a managed, hosted environment. By doing so, the administrative burden is lifted off your shoulders. The hosting provider handles patches, upgrades, compliance, and more.
If you want to move away from hosting your tools in your infrastructure, you have two paths to choose from:
- You can migrate your tools and data to the Atlassian Cloud
- You can host Atlassian’s products through cloud providers like AWS and Azure.
With the Atlassian Cloud, you get immediate access to the latest features, security updates, and more without planning, effort, or downtime. Atlassian manages all aspects of hosting and deployment, freeing you from the responsibilities of maintaining servers, buying and renewing software licenses, data storage, and more.
While the Atlassian Cloud has a fantastic and robust feature set, some customers must comply with regulatory standards that the Atlassian Cloud does not yet meet. Others may need to retain data in an isolated environment. While you can host Atlassian’s products through cloud providers like AWS and Azure, you are still responsible for the administrative overhead: applying patches, upgrading software, and more. That is where Addteq’s Codefactori comes in.
Codefactori is a complete solution for software development teams, offering a hosted and managed software development solution centered around your Atlassian – and other – DevOps tools. Codefactori, coupled with Addteq’s professional services, provides the best features of the Atlassian Cloud – a hosted, maintenance-free platform in which all updates and patches are managed by Addteq – while allowing customers to reap all of the benefits of the Atlassian Data Center. All applications running on Codefactori are kept up to date with the latest security patches and long-term support releases, so when Atlassian – or any other DevOps vendor you rely on – issues a security advisory, we act on it IMMEDIATELY. All applications running on Codefactori are monitored 24/7. Backups are taken automatically every 30 minutes and stored in a separate geographical location with full encryption. Codefactori offers a world-class SLA: 99.95% uptime with 30 min RPO and 2 hours RTO. By combining the power of Atlassian Data Center products with the power of Codefactori’s managed environment, you get the best of both worlds, without compromise.
Addteq – Your Migration Partner
Moving to a SaaS-based solution sounds great! Still, it’s not as simple as flipping a switch. No matter your destination – the Atlassian Cloud, Codefactori, or another cloud provider – migrations are delicate and complex operations. To guarantee success, you need to work with an experienced partner who will be with you every step of the way on your migration journey.
With over 15 years of experience providing custom solutions to many customers, Addteq would love to be your migration partner. We have performed many migrations spanning organizations of all sizes, from small, independent businesses to enterprise-level organizations. We have successfully migrated over 500 thousand Atlassian and DevOps users across on-premise and cloud environments. As your partner, we will work closely with you and your teams to assess your current environment, recommend a migration strategy, build and execute a migration plan, and provide support once you have transitioned to the Cloud. If a custom solution is required, we can create one for you that meets your every need.
By investing time, implementing the right resources, and focusing on open communication, our Atlassian experts have what it takes to provide solutions that best fit the needs of your business, regardless of size or type. We’ve been there and done this – and we’d love the opportunity to help with your migration. To get you started, Addteq will provide a FREE Migration Readiness Assessment of your current environment, including license & app assessment, migration steps, major blockers, and much more. This assessment will help you determine:
- The right environment for your organization
- If the Atlassian Cloud, which subscription = plan – Standard/Premium or Enterprise – best suits your organization
- Which apps can be migrated and which you may need to find alternatives for
- How you can maintain GDPR or other forms of compliance