The Atlassian Admin’s Security Dilemma: Balancing Security vs Performance

Posted by Marce Aparicio on November 15, 2019

In 2017, data surpassed oil as the most valuable resource in the world. Naturally, applications like those housed in the Atlassian environment became enviable targets for digital pirates. Administrators responsible for managing their Atlassian instance are keenly aware of the increased risks of operating in a digital economy but often find it difficult to strike a balance between keeping costs in check and maintaining a high level of security without impacting performance. 

So, what are IT and business leaders to do? Many are looking outside their organizations to Managed Services and Managed Security Service Providers (MSPs and MSSPs, respectively) for guidance and support.

But why?

Most common security concerns in the Atlassian environment

As digital toolboxes grow and apps are increasingly more interconnected, the greater the opportunity for bad players to try and get their hands on data that isn’t theirs. Cybercrime is increasingly sophisticated and malicious, as cybercriminals use a dizzying array of tactics like exploiting vulnerabilities, phishing, or social engineering tactics to get their hands on credentials and other sensitive information.

Worse, no system or environment is immune to attack. Docker Hub was recently compromised and lost keys and tokens for nearly 200,000 accounts that impacted both direct Docker customers and end users alike. Even historically secure environments like Atlassian can be probed for vulnerabilities. 

In fact, one such bug in Jira left exposed private server keys through a vulnerable proxy that could be exploited to carry out cross-site scripting (XSS) attacks and server-side request forgery (SSRF) attacks. Even though this loophole was quickly fixed in subsequent updates, teams using outdated versions are still vulnerable to cyber-attacks.


With the onslaught of digital threats, it can be difficult to plan how to effectively minimize risk in a cost-effective manner and without taking a team’s focus away from their primary job responsibilities. There are three main ways teams go about software safety: trust a software’s built-in security measures, hire an in-house security team or agent, or contract with an external team of security professionals such as Managed Service Providers (MSPs). 



The cost of poor security 

Despite the absolute importance of securing systems and apps, doing it poorly or incompletely can be exceedingly high. Research suggests that the average cost of a data breach is $3.86 million, enough to sting a large organization and completely cripple a smaller one. 

Yet even in cases where the breach didn’t result in stolen data, it can still be costly in other ways — like unexpected downtime that costs businesses over $400,000 per instance or over $300,000 per hour

The scary numbers don’t stop there. On average, mid-sized and large organizations suffer 545 hours of downtime a year, often as a result of security-related issues. Sadly, small businesses, which account for 58% of data breach victims, are the most likely victims of a digital attack but are also the least likely to be able to recover from the financial repercussions.

And the damage isn’t just financial. Breaches enabled by poorly configured permissions can result in user lockouts that cause longer response times and missed deadlines. New product rollouts are delayed, response times to customer demands increase, and the confidence customers have in a business to keep their information safe drops precipitously — potentially destroying the reputation a company spent years cultivating.  

Bridging the security gap with MSPs 

Many businesses are recognizing the value of entrusting much or all of their security-related strategies to an MSP.  In particular, Atlassian customers recognize that partnering with an Atlassian Solution Partner can help solidify plans and execute strategies around identity and permissions management, as well as install security patches and proactively monitor the environment for potential vulnerabilities. 

Organizations are drawn to the in-depth expertise and robust industry experience MSPs offer, enabling them to implement security best practices in the background without impacting productivity or the user experience — all for a fraction of what it would cost if they tried to do it all internally.

Partnering with an Atlassian MSP can save you both time and money while ensuring security standards are in place and met. They can help mitigate risks and the financial implications of a security breach while helping teams better balance resources, including time and talent. Most of all, because of their extensive training and working knowledge of the software, Atlassian MSPs offer peace of mind and predictable expenses to their customers.

Learn more about how MSPs can help Atlassian admins balance security and budget to protect and grow your business in our latest eBook, “Unshackled: How managed services are key to unlocking Atlassian’s full potential.” 


Topics: Atlassian Partner, Atlassian Platinum Partner, Managed Services

Subscribe To
Our Newsletter

Interested in writing for the Software Adoption Blog?

We love connecting with software leaders and writers who can help us fulfill our mission to create entertaining AND educational resources that people can put to use.

Find Out How ➝

Recent Posts

Posts by Topic

see all