Data protection in linkyard's operating models
linkyard makes great efforts to ensure data protection in our managed services. In this article, we present the various features and variants.
Linkyard hosting models
Under the name Atlassian-as-a-Service, we offer our customers the licensing and provision of Atlassian products as a managed service. It is important that this is hosting. This means that, in contrast to providing software as pure cloud software, we license each customer system separately, store customer data in encrypted form on separate disks and operate the services as separate containers on the virtual servers. In this way, we ensure that every customer is guaranteed access only to their own instance.
On the infrastructure side, we support three deployment scenarios, which we briefly present below.
Standard variant: Operation in the linkyard cloud
In our standard version (linkyard cloud), we offer the operation of the software in an ISO 27001:2013 certified data center of our sub-suppliers. We currently offer three regions: EU (standard), Germany and Switzerland. For each region, we have contracts with two independent providers. Normally, we operate in the primary provider's data center. However, we store an off-site backup at the secondary provider's location. In the event of a loss of the primary provider (large-scale network failure, insolvency, force majeure, etc.), our business continuity plan enables us to restart the system with the secondary provider within a few hours.
However, it is almost impossible today to offer the best prices without relying on the infrastructure of large hyperscalers (AWS, Azure, Google). We therefore rely in part on these modern cloud infrastructures in the cheapest offers. However, for customers who explicitly do not want sub-contractors from third countries such as the USA to be used for data processing, we offer the option of using only European sub-contract data processors at an additional cost. For customers from Switzerland, such as the state or Swiss banks, we also offer the option of using only subcontracted data processors from Switzerland. Customers interested in such options Please get in touch with us for a non-binding offer.
We are now monitoring the general effects of Invalidity of the EU-U.S. Privacy Shield by the European Court of Justice. Since we did not base our contracts on the equivalence decision of the EU Commission on the EU-U.S. Privacy Shield, but based on the standard contractual clauses on data protection, which remain in force, there is no direct worsening of the situation for our customers. Our contractual partners are also the subsidiaries of these providers based in Europe, which is why the legal situation in this regard requires further clarification. On the possibility that the American state could only access data via American companies We already pointed out at this point two years ago. In this respect, the situation has not completely changed as a result of the court decision. However, we are also examining our situation and options for action in this regard over the next few weeks and will inform you of any adjustments.
Option: public cloud
More and more customers have their own accounts with either Azure, AWS or Google. It can then have advantages if we run the application as a managed service on public cloud infrastructure provided by the customer. For the major public cloud providers Azure, AWS and Google, we have a prepared standard setup for operation. We use our automated deployment processes and monitoring tools as in the linkyard cloud and thus benefit from synergies.
With regard to data protection, the starting point is similar to operating in the linkyard cloud, if we rely on the cloud infrastructures of American providers there. The difference is that the customer is the direct contractual partner of the corresponding public cloud providers and they do not act as sub-data processors. Accordingly, there is a different contract constellation and it is at the sole discretion of the customer who concludes which contracts with.
Option: Custom private cloud or on-premise operation
On request, we can also operate the system on a private cloud solution or on-premise on Linux VMs provided by the customer. With this option, too, we use our automated deployment process and integrate the environment with our tools. However, the installation is always customer-specific and many aspects must be individually designed, built and operated. This therefore usually only makes sense if the customer has a larger environment and the benefits from this exceed the resulting additional costs.
Marketplace Apps
Most Atlassian products can be functionally extended through apps. This gives third-party software manufacturers the opportunity to expand Atlassian's products for further use cases. In our experience, most customers are using a handful of additional apps within a few weeks of starting operations, as they help their use cases even better. The available apps can be found in Atlassian Marketplace be rummaged through. In Contrary to Atlassian Cloud apps are added to our installation and then operated by us. We do not grant any software manufacturer, Atlassian or app manufacturer, access to customer data.
ISO/IEC 27018 certification of data protection
Linkyard is already after ISO/IEC 27001:2013 certified. We are due for external certification again next year, after having now passed two years of maintenance audits. For next year, we are also planning to carry out an additional external audit of data protection in accordance with ISO 27018, after our accreditation body has created the basis for auditing this new standard this year.
--
linkyard is a specialist in the secure operation of collaboration services. Around 100 customers — including many from industries with particularly high information security and data protection requirements, such as banks, insurance companies, public administration or other critical infrastructures — count on our services. linkyard's information security management system is certified in accordance with ISO 27001:2013.