Revyz Security & Compliance Overview
Revyz provides Atlassian native backup and restore functionality for Atlassian’s Jira Software cloud application. The following is a summary of the Revyz security architecture of its infrastructure.
Revyz is architected for scale and performance and separates the control plane and the data plane, both which are built on Amazon Web Services (AWS).
The control plane provides features and functionality such as backup and restore job management, site insights, tenant security administration, and more. The control plane provides a web-based interface within Atlassian Jira software console for administrative access.
The data plane encompasses all features and functionality of data protection and management operations. It ensures that backup data flows can be optimized to protect and manage production data.
Data backed up Revyz is stored in Revyz’s storage which is built on AWS. To provide high durability and availability, the underlying AWS infrastructure synchronously replicates data among three availability zones in a primary region where the data resides. This provides a high level of resiliency, while ensuring data is never replicated outside specified regions to meet compliance with data residency requirements. Revyz supports the following AWS regions:
US East (N. Virginia) | us-east-1
Europe (Frankfurt) | eu-central-1
Asia Pacific (Sydney) | ap-southeast-2
The data residency is determined by where your data is pinned for your Atlassian applications. The default region is US East (Virginia). Reference the below link to understand where your data is currently residing within your Atlassian app -
Revyz leverages a hardened, multi-layered approach to data protection, providing robust controls that prevent various types of threats on backup data. Backup copies and operations live in a virtually air-gapped location, in an isolated security domain, decoupled from source environments. Retention locks are also applied to prevent unwarranted modifications to data retention policies. Revyz does not expose any mechanism for the user to delete or overwrite backed-up data, in addition Revyz utilizes the AWS S3 object lock functionality, thus providing additional safeguards to the backed-up data. Multi-factor authentication, dual AES 256 bit at-rest encryption, firewalls, and zero-trust access controls block internal and external movement of data by unauthorized parties. All security protocols employed adhere to security best practices and are based upon SOC2 type II guidelines and compliance requirements.
Deduplication and Compression
Revyz’s compression, object-level deduplication and incremental data retrieval system improves network bandwidth utilization and reduces storage footprint. Atlassian APIs are used to efficiently send and retrieve data.
Networking and Communications
All network communications are managed via TLS (mTLS) using TLS 1.2 connections. Connections between Atlassian cloud and Revyz cloud use HTTPS on port 443. Data is always encrypted in transit and at rest within the Revyz cloud.
Revyz employs a DevSecOps approach to enhance end-to-end information and operational security. This includes following industry best practices to isolate test, dev, staging and production environments. Testing and review for security risks are performed regularly by both in-house and external third parties, including routine penetration testing, red team activities, vulnerability assessments and system and process audits.
Revyz service deployment uses layered security including firewalls, WAF and MFA to prevent any unauthorized and malicious access. Application Security assessments and vulnerability checks are regularly performed to maintain security hygiene and posture. Revyz also follows Open Web Application Security Project (OWASP) Top 10 best practices to secure web services and APIs, and maintains SOC2 Type II certifications.
Separate Security Domain
Revyz leverages a 100% cloud-native architecture and maintains backup and restore operations outside of customer environments – in a separate security domain. One-way, TLS-encrypted secure tunnels, are used to secure data traversing public networks. Air-gapping controls within the solution include the ability to turn off connectivity to data stores when not needed, effectively severing the data path and reducing the risk of attacks in production environments impacting backup copies.
Revyz is a secure multi-tenant SaaS Platform with built in-segregation between tenants. Customer data is completely isolated and stored in separate locations, with unique data encryption keys per tenant. Revyz also leverages zero-trust access controls, only permitting data owners (customer) access through the Revyz Service.
Encryption is an integral part of Revyz. All backup data is compressed, deduplicated, and encrypted by default from the source, on the network, and dual encrypted at rest using AES 256 bit encryption. Data at rest is encrypted with a tenant specific Data Encryption Key (DEK) before transferring the data into our storage system. Compression and deduplication also obfuscate data, providing additional security. The following are the steps taken to encrypt data:
Transport Layer Security (TLS) 1.2 to protect data in-motion over the internet
TLS is terminated in Revyz’s cloud compute process
Tenant specific and unique key encryption key (KEK) is created and stored in AWS Key Management System (KMS)
A unique data encryption key (DEK) is generated per “n” objects used to encrypt data at-rest stored in S3. Objects references Jira issues, attachments and configuration elements within Jira
DEK is further encrypted using KEK and is stored in S3 along with the corresponding objects that were encrypted with that specific DEK
Customer data backed up within Revyz is encrypted and not accessible or readable by Revyz employees. Access to data stored within Revyz is solely subject to policies and authorized user permissions established and managed by the customer.
Data Owner Right to Delete Backup Data
Data that has been backed-up can be permanently deleted so that it is no longer available for browsing and recovery. Data can only be deleted/purged based on retention policies. Once data has been securely deleted, it cannot be restored.
Key Management and Generation
Revyz utilizes AWS’s Key Management System (KMS) to generate and store encryption keys. Key management includes the ability to both generate random encryption keys for backup data and also manage the secure storage of these keys. The envelope encryption scheme used at Revyz with a tenant specific Key Encryption Key (KEK) and Data Encryption Key (DEK), KEK is created per tenant in AWS KMS whereas DEK is created per object with unique IV per frame in object data. Data at rest is encrypted using AES 256 bit key, AES-GCM mode, HKDF-512 bit key derivation and commitment, ECDSA with P-384 and SHA-384.
Identity and Access Management
Access control is based on the Principle of Least Privilege and Zero Trust models in place designed to limit privileged and unauthorized access to both data and service infrastructure. We employ industry standard security best practices aligned to NIST 800-53 security guidelines for all access to our services with tight audit-controls managed via best-in-class security and DevSecOps tools, services, and processes.
User Application Access
Only Atlassian administrators on the customer's side can get access to the Revyz application. Revyz is dependent on the Atlassian authentication and authorization system to allow for only authorized administrators to access the application.
Revyz is a Software as a Service utilizing the cloud’s shared responsibility model, Revyz helps ensure all data and access to the data is secured, while leveraging the cloud service provider for perimeter and physical access controls.
Governance and Risk Management
Revyz is SOC 2 type II compliant, maintaining and implementing industry standard security and privacy policies aligned to NIST 800-53 security guidelines. Best-in-class cloud and SaaS service configuration management tools are employed to ensure any deviations from configurations detected are remediated automatically. All access is logged for audit and compliance reasons. Compliance with information security policies and procedures is strictly enforced and all Revyz’s employees receive training to ensure they remain aware of their role in maintaining the security, availability, and confidentiality of customer data among their other job responsibilities.
Revyz audit trails allow customers to track administrator’s actions within Revyz’s application and can help in determining the root cause or source of operations performed within the environment. All changes are logged per Revyz’s SRE and DevSecOps requirements and follows SOC2 Type II compliances and standards.
Incident Response Plans
Revyz has a comprehensive Incident Response Plan (IRP) program, tested annually by a certified third party as part of our normal SOC2 certification requirements. Daily scanning is performed and procedures are tested through internal and external audits.
Revyz Disaster Recovery (DR) procedures encompass all production services within Revyz’s infrastructure, these procedures are well-established, reviewed every year, and continuously enhanced at scale to support our customers.