Atlassian Jira and Defense – Supporting the Agile U.S. Warfighter

Atlassian Jira and Defense – Supporting the Agile U.S. Warfighter

Last week, Ascend Integrated accompanied Atlassian and Carahsoft and attended the AFCEA West 2019 event in San Diego, CA. The conference is an excellent event to attend, whether you are an IT professional or working in some way with the United States Military / Department of Defense. The conference was attended by many ranking officers, leaders, and program / project managers.

Vice Admiral Mathias “Mat” Winter, Director of the Joint Strike Fighter Program, emphasized the importance of being agile, and its applicability across the DoD. With new equipment coming online utilizing a combination of IT systems and the implementation of Open System Architecture (OSA), the necessity to “Adapt or Die” to changing political and military climates has never been more important. Bug fixes, new features / capabilities, and maintenance must be tracked and managed in a centralized and secure repository.  

While attending, Atlassian (and specifically Jira / Confluence) were referenced repeatedly by multiple programs in speeches and working sessions, including Space and Naval Warfare Systems Command (SPAWAR) and members of the United States Air Force (USAF). Many enjoyed using the tool for project and requirements management, but spoke directly to us regarding ways they would like to see it improved, adapted, and implemented across multiple teams.

Ascend Integrated reviewed this feedback and determined three ways we can best adopt the Atlassian Tool Suite to supporting our Warfighters.

1. Interoperability: Enforce Widespread Adaption & Consistency

Interoperability is a key objective of many of the military programs. This extends not only to the systems being implemented through these programs, but also the supporting systems and DevOps implementations, such as the Atlassian Tool Suite. With Jira and Confluence containing the majority of the project management components, other tools utilized for testing and deployment should integrate directly with the suite at both a system and process level. If you’re looking for integrations, try reviewing the Marketplace or REST API capabilities. Keep all your data centralized, secure, consistent and easily accessible for your team.

2. Lean Governance & Continuous Improvement

We all know, governance may add bureaucracy, but it’s important when implementing large scale implementations of any tool. Jira and Confluence have multiple ways of implementing lean governance to support continuous improvement and enhancements to the tool. One simple way of implementing lean governance and continuous improvement, is creating a specific Jira project to track, plan, and implement enhancements to the Atlassian Tool Suite based on feedback received by your users.

3. Training

For any software tool, training is key. Users will learn how to consistently administer, develop, or track / manage their projects and programs. Ensure your users are trained, using consistent training at both the administration and project levels. This can be completed by using a combination of Atlassian University courses and enlisting the help of Certified Training Partners.

Ascend Integrated is a U.S., DC based Atlassian Solution Partner providing support services to multiple branches of the DoD for Atlassian, FedRAMP and Security support. How would you suggest supporting the Agile Warfighter? Contact Us Today!    

Safeguarding PHI / PII in Jira & Confluence

Safeguarding PHI / PII in Jira & Confluence

We know it is something you shouldn’t be doing, storing personally identifiable information (PII) or protected health information (PHI) in your Jira issues. But, mistakes happen, or maybe you are required by your organization to securely store / access this information. Throughout Ascend Integrated’s time as an Atlassian Solutions Provider, we’ve worked across Healthcare and Financial organizations looking to protect their highly sensitive information, including PII and in the case of Healthcare, PHI.

Here we explore several key factors to maintaining HIPAA Compliance with your instance, along with ensuring data is stored correctly. 

How to keep PHI / PII secured? 

HIPAA compliance is made up a group of safeguards, including Administrative, Physical, and Technical safeguards, defining processes and procedures for guarding and securing your PHI / PII. Atlassian has already come out and stated the Cloud is not meant for PHI / PII compliance. A server, or data center instance is absolutely required for maintaining this type of information (or if your Jira / Confluence system touches this data in any way). 

What techniques can you use with the Atlassian Tool Suite?

Use a SSL Certificate

While its basic, installing and configuring a SSL certificate with your Jira / Confluence suite is an absolute necessity when implementing HIPAA compliance. Ensuring all data is encrypted and accessed only through a secure connection is step 0!

Control Access Tightly Using Permission Schemes and SSO

There are several options here, including restricting who can access projects / spaces using advanced permission scheme configurations, or implementing a SSO / Active Directory authentication and authorization step will ensure only those users within your organization will have access to your data. Ensure groups are properly set up and controlled across both applications.

Make use of Issue Security

Out of the box, Jira allows you to restrict the viewing of issues to specific individuals / team members or groups. Similarly in Confluence, ensure only specific users have access to any pages containing links to, or actual PII / PHI. 

Explore Add-ons / Apps: PII Protector for Jira

A plug for the hard working folks at Enhancera, the PII protector will help you maintain PII securely, hiding data from users who are not required to view / manage the data. Auditability and traceability is built right into the tool as well. You can find additional information on this app here: PII Protector for Jira.

Enable Database Encryption

While not supported by Atlassian, Database encryption provides an extra layer of security. All Jira / Confluence applications sit atop a RDBMS (i.e. MySQL, PostgreSQL, SQL Server, Oracle). Enable encryption, and ensure backup / copies are maintained in a secure location. 

Conduct Regular Security Audits

Regular security audits (monthly / quarterly, etc.) will help you determine where your flaws may be, and what you can do to alleviate / reduce the risk of exposure. Ensure your security team understands and documents the use of Jira and Confluence in your system. 

What Next?

Interested in learning more, or have Ascend Integrated review your instance? Contact Us Today!