Insights That Power Innovation | Praecipio

A Guide to Atlassian’s Shared Responsibility Model in the Cloud

Written by Christian Lipski | Oct 31, 2023 9:27:42 PM

Outages happen. Files get deleted. Systems get hacked. Simply put, s@%t happens, and no business is safe from downtime these days.

In fact, disruption is the new normal. Research shows that 82% of companies have experienced at least one downtime incident over the past three years. And with data being the lifeblood of the modern enterprise, it’s critical to recover that data instantaneously; there are too many financial, legal, and reputational implications at stake if you can’t. 

Building a Resilient Atlassian Cloud Ecosystem

Jira is an essential tool used by thousands of organizations worldwide to move business strategy forward. This is why it's critical to have a  plan in place to restore lost or damaged Jira data in the event of a disruption.

If your organization operates in Atlassian Cloud, you need to understand that Atlassian follows a shared responsibility model. As you approach your cloud resilience plan, you need to know the tasks and roles that Atlassian (i.e. your SaaS provider) is responsible for and which ones you handle.

What Is Atlassian's Shared Responsibility Model?

A shared responsibility model is a security and compliance framework common to SaaS offerings like Atlassian, Azure, and AWS. The SaaS vendor covers the infrastructure (the way the data is stored), and the customer covers the application actions (the way the data is affected). 

How the Shared Responsibility Model Works

A SaaS vendor like Atlassian will restore data if their infrastructure has a problem. However, a SaaS vendor will not restore data if it is altered through the software itself, which are considered "customer-initiated destructive changes." See below for examples of SaaS vendor and customer incidents:

SaaS Vendor Responsible Customer Responsible
A database shard goes down A Jira project is deleted from the admin screen
There is an AWS volume issue A change to a permission scheme affects the entire instance
Security for the database / file system is breached by hackers An API call is used to change or delete data
A change to the software causes an outage Changes can be accidental or deliberate

 

The Importance of Data Recovery Tools

The good news is there are data recovery tools available if something were to happen on the customer side. Backroads had a new administrator accidentally delete a number of Jira issues, which included critical customer-related attachments and information. Thankfully, they had the Revyz Data Manager data recovery software, which allowed them to instantaneously recover the lost Jira issues and attachments. 

An Analogy of The Shared Responsibility Model

Let’s say a bank offers a safety deposit box as a place for you to store valuable items. The bank covers the loss of your items in the event that:

  • The bank burns down and the box isn't fireproof enough to protect the contents
  • A burglar drills into the box and empties out your box
  • The lock malfunctions and your key doesn't work

On the flip side, the bank will not take responsibility for the loss of your items if a keyholder takes things out of the box and loses them, or if a keyholder opens the box and breaks your Faberge egg (or whatever else is stored inside the box).

SaaS Shared Responsibility Model vs. Data Center Self-Hosting 

When you self-host in your data center, you own both the platform and the application. You are responsible for the integrity of both the infrastructure and the data. For example, if you have Atlassian Data Center, you are self-managed. You make the rules for your infrastructure and your applications, but this also means that you are responsible for data backups when there is an issue with your infrastructure or the application. 

With a SaaS product, the application is hosted and stored in the vendor’s infrastructure. The vendor acts as your data center, and they cover backups for the service they provide, which is the platform. With Atlassian Cloud, the responsibility of taking care of application infrastructure transfers to Atlassian. 

The biggest difference between SaaS and self-hosted responsibility is in the event of an infrastructure-initiated loss, the SaaS vendor will restore your data on their own schedule. The downside to this is if numerous customers need to have their data restored, you may have to wait in line. 

Protect Your Business with Data Recovery Software

Implementing a cloud data backup solution puts the power back in your hands, allowing you to restore your system (or even a single attachment) on your own terms. Not only does data recovery software like Revyz Data Manager enable you to restore your system when the platform fails, but it also covers you in the event of accidental deletion or disruption due to human error from your users or administrators. 

Without data recovery tools in place, you could face massive downtime or potential financial loss for even a small mistake.

Achieving Data Resilience with Praecipio

Cloud is the way of the future, but as with any technology, it comes with risks and challenges that your organization needs to be prepared for. You never want to be caught in a situation where your data is lost forever or your lack of data availability interrupts continuous service to your customers. It will be a hard–and expensive–lesson to learn. 

Atlassian no longer supports their Server products, so now is the time to make sure you have a solid disaster recovery plan in place for your cloud-first business. Leveraging our vast network of industry-leading partners, Praecipio helps you build and manage a reliable and secure cloud ecosystem

We partner with companies like Revyz that offer cloud data backup solutions for Jira, Confluence, and Jira Service Management. Watch this on-demand webinar to learn more about achieving data resilience with Revyz and Praecipio. 

Contact us about implementing your disaster recovery strategies and capturing the value of your cloud investment.