Security Whitepaper topics
Data and configuration transfer
What kind/types of network communication types do we rely on for transferring data/information between CMT-CMJC?
All communication and data transfer is done over a secure communication channel (HTTPS).
How do we ensure the security of the network communication between CMT-CMJC?
All data in transit is encrypted.
Data analysis
What kind of data analysis do we perform?
The Cloud Migration Tool performs several phases of analysis - first, the source data integrity is checked. If there is a fatal error in the data integrity, the migration cannot continue until that error is resolved. The tool also analyses the existing data on Jira Cloud and shows what needs to be changed on the target instance to accommodate the migrated data.
Do we perform data analysis operations for purposes other than the migration itself?
No, all analysis is performed only for the purposes of the migration.
Do we collect and preserve customer-sensitive information in an unencrypted state for a period longer than migration itself?
All data at rest is encrypted.
Do we preserve analysis results? If yes, for how long?
The analysis result is preserved only for the migration duration or up to 1 month if the migration fails.
Are the analysis data/results accessible for any 3’rd party entities or organizations?
No.
Data residency
Which cloud service provider are we using for our CMT/CMJC Infrastructure?
We use Amazon Web Services.
In which region/s does our CMT/CMJC infrastructure reside?
Currently, all infrastructure resides in the US-EAST-1 region but moving forward, we’ll provide the ability to choose from other regions.
What kind of cloud service are we using (Private/Shared) for our CMT/CMJC infrastructure?
A VPC is used for all CMJC services (AWS VPC)
What encryption service are we using to encrypt end-customer data while temporarily stored in our cloud infrastructure?
All customer information/data is fully encrypted aligned with the highest industry standards during the temporary period we keep the information/data.
Do we, by any circumstances, have access to customer-sensitive data or attachments during or after the migration process completes?
No one has access to customer data at any time during the migration process.
Migration statistics
What kind of migration statistics do we collect?
We collect anonymized statistics about migration performance. Everything that we collect is described here.
For how long do we keep migration statistics for a certain migration?
Migration statistics may be kept for up to 12 months.
Do we preserve any customer-related data in our migration statistics to which our end-customer could be related at a later stage?
No.
Where do we store our migration statistics, and are those accessible for 3’rd party companies or organizations?
We store migration statistics in a 3rd party analytics platform. All statistic data is encrypted in transit and at rest.
Migration of app data
Are we planning to use the same cloud service provider and already established CMJC infrastructure for 3’rd party app data migration?
Yes.
Do we handle the app data during the migration the same way as Jira Core data?
Yes, we handle the app data the same way we manage the Jira core data.
Migration metadata storage
For how long do we store customer or migration-related information?
This information helps us improve the experience of future migrations so we can store it up to 1 month after a license subscription has ended.
If you have any questions regarding the migration’s security aspects or need help during your migration process, please do not hesitate to contact us – we’ll be glad to help!