Security Whitepaper topics
Data and configuration transfer
How do we transfer data between CMT-CMJC using network communication?
We rely on secure communication channels (HTTPS) for all data and communication transfer.
How do we ensure the security of the network communication between CMT-CMJC?
All data in transit is encrypted.
Data analysis
What kind of data analysis do we perform?
The Cloud Migration Tool performs two phases of analysis - first, the source data integrity is checked. If there is a fatal error in the data integrity, the migration cannot continue until that error is resolved. Next, the tool analyses the existing data on Jira Cloud and shows what needs to be changed on the target instance to accommodate the migrated data.
Do we perform data analysis operations for purposes other than the migration itself?
No, all analysis is performed only for the purposes of the migration.
Do we collect and preserve customer-sensitive information in an unencrypted state for a period longer than the migration itself?
After the migration, all preserved data is securely encrypted and it is preserved for 30 days.
Do we preserve analysis results? If yes, for how long?
The analysis results are preserved only for the migration duration or up to 1 month if the migration fails.
Are the analysis data/results accessible to any 3rd party entities or organizations?
No.
Data residency
Which cloud service provider are we using for our CMT/CMJC Infrastructure?
We use Amazon Web Services.
In which region/s does our CMT/CMJC infrastructure reside?
Currently, all infrastructure resides in the US-EAST-1 region but moving forward, we’ll provide the ability to choose between regions.
What kind of cloud service are we using (Private/Shared) for our CMT/CMJC infrastructure?
Virtual Private Cloud is used for all CMJC services (AWS VPC).
What encryption service are we using to encrypt end-customer data while temporarily stored in our cloud infrastructure?
All customer data is fully encrypted and aligned with the highest industry standards during the temporary period we keep the data.
Is there any situation where we have access to customer-sensitive data or attachments during or after the migration process completes?
No one has access to customer data under any circumstances during the migration process.
Migration statistics
What kind of migration statistics do we collect?
We collect anonymized statistics about migration performance. Everything that we collect is described here.
For how long do we keep migration statistics for a certain migration?
Migration statistics may be kept for up to 12 months.
Do our migration statistics retain any customer-related data that could be associated with our end customers in the future?
No.
Where do we store our migration statistics, and are those accessible for 3rd party companies or organizations?
We store migration statistics in a 3rd party analytics platform. All statistical data is encrypted in transit and at rest.
Migration of app data
Are we planning to use the same cloud service provider and already established CMJC infrastructure for 3rd party app data migration?
Yes.
How do we handle app data during the migration process??
We do it the same way we manage the Jira core data.
Migration metadata storage
For how long do we store customer or migration-related information?
This information helps us improve the experience of future migrations so we can store it for up to 1 month after a license subscription has ended.
If you have any questions regarding the migration’s security aspects or need help during your migration process, please do not hesitate to contact us – we’ll be glad to help!