Today cloud adoption is considered mainstream, with 83% of enterprise workloads expected to in the cloud by 2020 . As more organizations move their workloads to the cloud and to remote work from home environments, security must also evolve to meet the challenges of this new normal. According to a recent McAfee report, the average enterprise organizations utilizes 1,400 different cloud services fueling the need for solutions that are designed to secure the cloud. Further, industry analyst firm Gartner warns that “through 2025, 99% percent of cloud security failures will be the customer’s fault.”1 This has caused enterprises to look for ways to enforce additional security controls on their cloud solutions beyond what a cloud service provider (SaaS or IaaS) offers natively.
Atlassian is a SaaS software powerhouse that builds products for content management, software development & project management, widely adopted by organizations globally. McAfee MVISION Cloud is a leading Cloud Access Security Broker (CASB) that provides comprehensive visibility and control for SaaS, PaaS, and IaaS, across Content and DevOps environments. The collaboration between Atlassian and McAfee combine their joint strengths to deliver an optimized cloud security solution for customers.
Key Customer Challenges
As enterprises adopt cloud applications, they may see the following challenges related to cloud security:
- Users may unintentionally upload sensitive data on to a cloud service for e.g. health insurance claim numbers, credit card numbers, AWS keys, etc. in. Jira Software, Confluence or other cloud applications
- In the modern enterprise, traditional network parameters are dissolving. Most users now use devices that sit outside the enterprise firewall to access enterprise cloud applications such as Jira Software, Confluence, Bitbucket and Bamboo.
- Exiting employee may go rogue or leave their credentials easily accessible. Risk of insider threats, compromised user accounts or privileged access on SaaS applications need to be addressed
- Drifts in configurations of SaaS applications like Jira Software Cloud can cause unintentional exposure of sensitive data
- Infrastructure code misconfiguration or “drift,” from standard benchmarks that occur over time in a cloud environment can expose sensitive information and increase risk.
McAfee MVISION Cloud for Atlassian Solution
McAfee MVISION Cloud for Atlassian products help organizations securely accelerate their business in the following ways:
- MVISION Cloud (MVC) prevents sensitive or regulated data from being uploaded or shared with unauthorized parties in real-time, while using Atlassian’s Jira Software or Confluence Cloud products. For example: detecting PII (Social Security Numbers), PCI (credit card numbers), HIPAA classified data (health insurance claim number) or other Confidential Data (Mergers & Acquisitions related documents)
- MVISION Cloud limits download/sync to unmanaged devices and gain total control over user access to Atlassian applications by enforcing context-specific policies limiting specific end-user actions.
- MVISION Cloud captures the complete audit trail of all user activity enriched with threat intelligence to facilitate post incident forensic investigations. MVC detects threats from compromised accounts, insider threats, privileged access misuse and malware infection.
- Customers use a source code repository & CI/CD tools for building Cloud Native applications. McAfee MVISION Cloud integration with Atlassian’s Bitbucket Cloud and Bamboo products helps detect drifts in configuration from standard CIS benchmarks. It also ensures that data is protected on misconfigured resources or just simply within these applications
Atlassian-McAfee Collaboration Benefits
To summarize, a chain is only as strong as its weakest link. The collaboration between Atlassian and McAfee combines their joint strengths to deliver an optimized cloud security solution that is a win-win for the customer as well as the cloud provider.
Shared Right: Security is a shared responsibility between Customers and Cloud Providers
Atlassian’s cloud tools are mission critical to customer businesses and places where they may be storing sensitive information in Jira Software, Confluence and Bitbucket. One of the reasons that 99% of issues are expected to be attributed to the customer, is that while cloud providers (including Atlassian) have invested very heavily in security and have directly addressed core challenges that an on-prem solutions may cause (with updates, vulnerability monitoring, incident response, etc.), their customers may be much earlier on in their security journey. Here’s where McAfee MVISION Cloud steps in to secure the delta, by helping customers deliver on their share of the security responsibility.
For example, a large healthcare customer is using McAfee MVISION Cloud to detect any sensitive data violating compliance and regulatory policies within Jira Software or Confluence Cloud.
Shift Left: Securing DevOps by Enabling DevSecOps
As a maker of tools for development teams, Atlassian wants to make it easier for developers to build and operate secure products, while responding to security incidents more quickly and effectively. McAfee MVISION Cloud “Shift Left” can help Atlassian customers ensure that the infrastructure and the myriad of configurations options available, are deployed according the security and regulatory compliance best practices. “Shift Left” inline integration seamlessly incorporates these security checks without any extra steps required by the developers or DevOps teams.
To learn more about how McAfee-Atlassian products work together, please attend our joint webinar on May 20th, 2020
Join us for a webinar on May 20th
1 Source: “Smarter With Gartner” Blog, Is the Cloud Secure?, October 10, 2019, Contributor Kasey Panetta, https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/
About the Author
Categories: Cloud Security