Get 100 US$ for 25 minutesJoin Our Remote Atlassian Forge Market Research Study
Security & Compliance

5 Reasons to Switch to 'Runs on Atlassian' Apps

Matthias Rauer
#Forge#Security#Data Protection#Compliance
A young team member with a laptop thinks about reasons for Runs on Atlassian.

5 Reasons to Switch to “Runs on Atlassian” Apps

The Atlassian Marketplace offers a gigantic selection. Thousands of apps for various use cases in Jira, Confluence, and other tools are available – from extensive functional extensions to small helpers for very specific scenarios.

Virtually every team needs one app or another to meet their individual requirements. The selection is enormous, which is one side of the coin. The other side: apps represent a blind, not to say sore, spot for customers in certain ways.

Data is transferred to servers beyond your control

The problem: Many of these apps are hosted and operated by the manufacturers themselves, in an infrastructure outside of Atlassian. Specifically, this means that external servers are involved that are outside your sphere of influence and outside Atlassian’s sphere of influence. From a security and compliance perspective, this is very problematic.

Often, extensive data (sometimes including user data) is transferred to third-party infrastructures. How this data is secured and processed there is beyond your knowledge. Your organization essentially has to hope that the developer adheres to standards such as GDPR, but this is not always verified and certified by independent authorities.

In such a situation, your company is confronted with different security and compliance guidelines, which dramatically increases the complexity of the security architecture. And above all: The transfer of data to external sources opens up an incalculable number of potential attack points for malicious actors.

How the Atlassian Marketplace supports your security strategy

Recently, Atlassian has intensified its efforts to improve the security architecture concerning the Marketplace. App developers are now encouraged to migrate their products from the outdated Connect development platform to the modern Forge solution. This natively meets higher security standards.

In addition, Atlassian offers you as a customer various filter criteria to identify apps that meet your company’s security interests. For example, the Cloud Fortified attribute means that an app meets particularly strict and comprehensive security requirements and has proven this to Atlassian.

The quality criterion Runs on Atlassian is completely new.

What does Runs on Atlassian mean?

This quality seal confirms that the app in question is fully hosted and operated within Atlassian’s infrastructure – without any data outflow. This means that no information is sent to servers outside the Atlassian cloud. The app runs under the proven, comprehensively documented, and independently certified conditions of the Atlassian platform. Vulnerabilities or security risks that could arise through communication with external servers are obsolete.

This is particularly relevant for companies that have the highest requirements for security and data protection – and who doesn’t? – as well as those that must comply with strict compliance requirements.

5 compelling reasons for Runs on Atlassian

The introduction of the new criterion on the Atlassian Marketplace is definitely a good and helpful measure for your company. Here are five reasons why you should rely on Runs on Atlassian when choosing apps and what concrete advantages this creates.

1. A clear technical fact

Runs on Atlassian stands for a clear, unambiguous statement: no data egress. If an app meets this clearly defined requirement, it receives the seal. It is a technical feature without room for interpretation or loopholes.

2. Maximum security and data protection

This seal of quality confirms that the corresponding app is fully hosted and operated in the Atlassian infrastructure. The app does not send any data to servers outside the Atlassian cloud. All security and data protection mechanisms and measures of the Atlassian infrastructure apply. Using the app does not create any risks.

3. Data Residency for Apps

One criterion for obtaining the Runs on Atlassian badge is that the app supports Data Residency. This means: If you have defined a specific geographical data storage region for the Atlassian product, this selection will be adopted by the app. You therefore have control over where the app’s data is stored.

4. Full control over any data outflow

Many development teams rely on usage data from their users to better understand use cases, fix bugs, and improve products. Therefore, some apps (including those with the Runs on Atlassian label) send logs or analytics data to external servers. Some customers may actually want to encourage this. Whatever the case for your company: During installation (and at any later time), you can specifically determine whether your app is allowed to transfer logs and/or analysis data externally or not. You can completely prevent data outflow at any time.

5. Efficient evaluation of alternatives

Your teams use their apps for good reason, namely because the use cases are important for their work. Exactly: It’s about the use cases, less about the apps themselves. For most scenarios, there are mature competitors on the Marketplace – and Runs on Atlassian offers a good evaluation option for truly secure alternatives in the difficult-to-navigate offering.

A valuable criterion for choosing your apps

With Runs on Atlassian, the manufacturer provides you with effective assistance to raise the security and compliance situation in your company to a stable and uniform foundation, even if your teams use many different apps.

The infrastructure is completely operated by Atlassian. This creates seamless transparency and control – another level of security for your Atlassian solutions.

← Back to Blog