Crowd: Security of processing
Introduction
The GDPR requires that personal data be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. What measures you use to secure the personal data depend on the type of personal data processed, the risk to the individual and relevant industry standard practices. Security measures implemented will vary on a case-by-case basis, and you should be chosen with the assistance of legal counsel. Below is a summary of security tools and configurations available to you within certain Atlassian products, along with how to implement.
Please note that Atlassian recommends our customers to implement a secure and reliable network that ensures the protection of its users' data in the infrastructure that is hosting our applications.
Infrastructure
Securing your infrastructure
Atlassian strongly recommends customers implement SSL to secure the TCP communication between Crowd and its users, or any other system interacting with it. Please read the following documentation on the subject: Run Crowd Over SSL or HTTPS.
Securing your connection between Crowd and LDAP Servers
In order to increase security of your user data, we recommend securing the communication between Crowd and remote LDAP directories by implementing SSL as described in Crowd's documentation.
Crowd Data Center + Load balancer
In Crowd Data Center, you're required to have a load balancer in place for the load to be spread across the cluster nodes. For increased security, we recommend that you secure the communication between the load balancer and the Crowd nodes.
Atlassian Security & Bug Bounty Program
Atlassian releases regular security advisory reports to inform our customers about security vulnerabilities. These can be viewed and tracked in the Crowd security overview.
Atlassian offers the community a way to contribute in enhancing the security of our products through the Vulnerability Bug Bounty Program.
Additional notes
There may be limitations based on your product version.
Note, the above-related GDPR workaround has been optimized for the latest version of this product. If you are running on a legacy version of the product, the efficacy of the workaround may be limited. Please consider upgrading to the latest product version to optimize the workarounds available under this article.
Third-party add-ons may store personal data in their own database tables or on the filesystem.
The above article in support of your GDPR compliance efforts applies only to personal data stored within the Atlassian server and data center products. To the extent you have installed third-party add-ons within your server or data center environment, you will need to contact that third-party add-on provider to understand what personal data from your server or data center environment they may access, transfer or otherwise process and how they will support your GDPR compliance efforts.
If you are a server or data center customer, Atlassian does not access, store, or otherwise process the personal data you choose to store within the products. For information about personal data Atlassian processes, see our Privacy Policy.