Menu Close
  • Home
  • Security | YouTrack Cloud
    •

Security | YouTrack Cloud

0 Comments

Security

YouTrack Cloud is a hosting platform that is designed and used by JetBrains to deliver YouTrack as a service. Each YouTrack Cloud instance is physically located on a server, hosted by Amazon Web Services (AWS).

The number of instances per server depends on several parameters, such as database size and number of online users. We permanently monitor each server load and activity to maintain well-balanced performance. When server activity reaches a certain level, we close this server for any new registrations.

The JetBrains Operations team is responsible for provisioning, monitoring, and managing the servers that host YouTrack Cloud instances.

The YouTrack Support team provides technical support to YouTrack Cloud subscribers.

We monitor these servers around the clock to ensure their availability and security. Even so, there are a number of things that you can do to protect your data. For more information, see Safeguard Your Installation.

Data Center Location

A new instance is created on the server with the lowest load and based on the customer preference of data center location:

US West (N. California)

Asia Pacific (Singapore)

The location of the data center is chosen by the instance owner when the instance is started for the first time.

The current data center location is displayed on the Global Settings page. To move your instance to a different data center, submit a request to YouTrack Support.

Data Storage

We use Amazon Web Services (AWS) Cloud as the hosting provider. All data is stored on the Amazon Elastic Block Store (Amazon EBS). Each Amazon EBS volume is automatically replicated within its Availability Zone to protect your data from component failure, offering high availability and durability. Amazon EBS volumes ensure consistent and low-latency performance.

Your application data is always processed within the corresponding AWS zone and is never transferred outside this geographic region without your explicit permission.

Encryption of Data in Transit

All of the instances that are hosted on the *.youtrack.cloud and *.myjetbrains.com domains use HTTPS connections to secure data in transit. For instances that use a custom domain, you have the option to use your own CA certificate. Otherwise, your instance is secured with a TLS certificate that is automatically generated and signed by Let’s Encrypt. Let’s Encrypt certificates use the SHA-2 cryptographic hash function to encrypt data in transit.

In 2017, JetBrains discontinued support for non-secure connections for YouTrack Cloud.

Encryption of Data at Rest

The databases that store information for hosted instances are encrypted. This reduces the likelihood that your data is compromised even in situations where an attacker obtains unauthorized access.

YouTrack stores passwords in the database as salted hashes. Each user’s password is hashed with a different, randomized salt. The salted passwords are hashed using the SHA-256 cryptographic hash function.

The database itself, including attachments, is encrypted with the ChaCha20 algorithm. There are several major implementations of ChaCha20, including Google’s selection of ChaCha20 as a replacement for RC4 in TLS and its inclusion in OpenSSH.

A unique encryption key is generated separately for each YouTrack Cloud instance. Access to these keys is restricted to the YouTrack Support and JetBrains Operations teams.

Certification

We run our service in the AWS Cloud. Since we cannot physically control the servers, we rely on the third-party certifications that have been undertaken by AWS.

AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). They undergo annual SOC 1 audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems.

Data Manager

The internal application that JetBrains uses to manage the data for YouTrack Cloud, Cloud Keeper, is only accessible to the YouTrack Support and JetBrains Operations teams. It is also possible to access and manage the data directly on the Amazon EC2 servers. Authentication is performed via individual SSL keys and the servers only accept incoming SSH connections from JetBrains and internal IP addresses.

People and Access

Only the YouTrack Development and JetBrains Operations teams have access to YouTrack Cloud servers and the Cloud Keeper for maintenance and support purposes. These teams access Cloud Keeper and YouTrack Cloud data only for purposes of monitoring application health and performing system maintenance, or upon customer request.

YouTrack Cloud is designed to allow access to application data only with the appropriate credentials, so that no customer may access another customer’s data without explicit knowledge of their account credentials. Customers are responsible for maintaining the security of their own login information.

The JetBrains Operations team monitors YouTrack Cloud servers 24×7. Our servers are hosted in different data centers in Europe, North America, and the Asia-Pacific region, according to the customer location and preference. For an overview of our availability, check the YouTrack Cloud Service Status page.

Backups

JetBrains Operation team is responsible for creating and storing backups. Backups are also stored on Amazon servers. We re-sync backups daily, weekly and monthly. You can create and export your own backups at any time from the Database Export page in YouTrack. For more information, see Database.

Source:

https://www.jetbrains.com/help/youtrack/cloud/Security.html

Related posts:

img_60954616cc18eISO 27001 and Cloud Computing: What’s all the fuss about? img_609401228a519ISO 27001 Network Segmentation Overview img_6094068f266fdHow does SSL work with HTTPS? azure-jpg-header-6204960AWS Cloud Security Review

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *