Security - Jira Cloud
Overview
The solution is a Single Page Application running directly in the browser.
Data
- Jira Data is fetched from the Jira instance to Agile project running in the browser. Then all data aggregation is done directly in the browser without any remote servers or databases
- Saved projects from within Agile Project is stored on Google firebase. The data saved are only issue references so that projects can load e.g. issue key and JQL query. These references cannot be used extracting information outside Jira.
Data Encrpyption
All data at rest and in transit are protected with full encryption
- At rest - This means that data is stored encrypted in Google Firebase database.
- In transit - This means that the connection to Google Firebase and Jira is encrypted and authenticated
using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).
Database Security
The solution is using Google Firebase Realtime database. The data is secured using built in database security rules. A logged in user can only access data belonging to the user and the database automatically blocks all other access.
Security Policy - Jira Server/Data Center
Overview
The solution is a Single Page Application running as a Windows or Mac desktop Electron web app.
Data
- Jira Data is fetched from the Jira instance to Agile project running as a desktop app. Then all data aggregation is done directly in the app without any remote servers or databases
- Saved projects from within Agile Project is stored on Google firebase. The data saved are only issue references so that projects can load e.g. issue key and JQL query. These references cannot be used extracting information outside Jira.
Data Encrpyption
All data at rest and in transit are protected with full encryption
- At rest - This means that data is stored encrypted in Google Firebase database.
- In transit - This means that the connection to Google Firebase and Jira is encrypted and authenticated
using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).
Database Security
The solution is using Google Firebase Realtime database. The data is secured using built in database security rules. A logged in user can only access data belonging to the user and the database automatically blocks all other access.