Tag Archives: Atlassian

Atlassian CISO Adrian Ludwig shares DevOps security outlook

BOSTON — Atlassian chief information security officer and IT industry veteran Adrian Ludwig is well aware of a heightened emphasis on DevOps security among enterprises heading into 2020 and beyond, and he believes that massive consolidation between DevOps and cybersecurity toolsets is nigh.

Ludwig, who joined Atlassian in May 2018, previously worked at Nest, Macromedia, Adobe and Google’s Android, as well as the U.S. Department of Defense. Now, he supervises Atlassian’s corporate security, including its cloud platforms, and works with the company’s product development teams on security feature improvements.

Atlassian has also begun to build DevOps security features into its Agile collaboration and DevOps tools for customers who want to build their own apps with security in mind. Integrations between Jira Service Desk and Jira issue tracking tools, for example, automatically notify development teams when security issues are detected, and the roadmap for Jira Align (formerly AgileCraft) includes the ability to track code quality, privacy and security on a story and feature level.

However, according to Ludwig, the melding of DevOps and IT security tooling, along with their disciplines, must be much broader and deeper in the long run. SearchSoftwareQuality caught up with him at the Atlassian Open event here to talk about his vision for the future of DevOps security, how it will affect Atlassian, and the IT software market at large.

SearchSoftwareQuality: We’re hearing more about security by design and applications security built into the DevOps process. What might we expect to see from Atlassian along those lines?

Ludwig: As a security practitioner, probably the most alarming factoid about security — and it gets more alarming every year — is the number of open roles for security professionals. I remember hearing at one point it was a million, and somebody else was telling me that they had found 3 million. So there’s this myth that people are going to be able to solve security problems by having more people in that space.

And an area that has sort of played into that myth is around tooling for the creation of secure applications. And a huge percentage of the current security skills gap is because we’re expecting security practitioners to find those tools, integrate those tools and monitor those tools when they weren’t designed to work well together.

Adrian LudwigAdrian Ludwig

It’s currently ridiculously difficult to build software securely. Just to think about what it means in the context of Atlassian, we have to license tools from half a dozen different vendors and integrate them into our environment. We have to think about how results from those tools flow into the [issue] resolution process. How do you bind it into Jira, so you can see the tickets, so you can get it into the hands of the developer? How do you make sure that test cases associated with fixing those issues are incorporated into your development pipeline? It’s a mess.

My expectation is that the only way we’ll ever get to a point where software can be built securely is if those capabilities are incorporated directly into the tools that are used to deliver it, as opposed to being add-ons that come from third parties.

SSQ: So does that include Atlassian?

Ludwig: I think it has to.

SSQ: What would that look like?

Ludwig: One of the areas that my team has been building something like that is around the way that we monitor our security investigations. We’ve actually released some open source projects in this area, where the way that we create alerts for Splunk, which we use as our SIEM, is tied into Jira tickets and Confluence pages. When we create alerts, a Confluence page is automatically generated, and it generates Jira tickets that then flow to our analysts to follow up on them. And that’s actually tied in more broadly to our overall risk management system.

We are also working on some internal tools to make it easier for us to connect the third-party products that look for security vulnerabilities directly into Bitbucket. Every single time we do a pull request, source code analysis runs. And it’s not just a single piece of source code analysis; it’s a wide range of them. Is that particular pull request referencing any out-of-date libraries? And dependencies that need to be updated? And then those become comments that get added into the peer review process.

My job is to make sure that we ship the most secure software that we possibly can, and if there are commercial opportunities, which I think there are, then it seems natural that we might do those as well.
Adrian LudwigCISO, Atlassian

It’s not something that we’re currently making commercially available, nor do we have specific plans at this point to do that, so I’m not announcing anything. But that’s the kind of thing that we are doing. My job is to make sure that we ship the most secure software that we possibly can, and if there are commercial opportunities, which I think there are, then it seems natural that we might do those as well.

SSQ: What does that mean for the wider market as DevOps and security tools converge?

Ludwig: Over the next 10 years, there’s going to be massive consolidation in that space. That trend is one that we’ve seen other places in the security stack. For example, I came from Android. Android now has primary responsibility, as a core platform capability, for all of the security of that device. Your historical desktop operating systems? Encryption was an add-on. Sandboxing was an add-on. Monitoring for viruses was an add-on. Those are all now part of the mobile OS platform.

If you look at the antivirus vendors, you’ve seen them stagnate, and they didn’t have an off-road onto mobile. I think it’s going to be super interesting to watch a lot of the security investments made over the last 10 years, especially in developer space, and think through how that’s going to play out. I think there’s going to be consolidation there. It’s all converging, and as it converges, a lot of stuff’s going to die.

Go to Original Article

Atlassian chat tool revamp faces long odds in ChatOps shops

An Atlassian ChatOps product makes all the right promises, but IT pros are skeptical it will fare any better than Atlassian HipChat in the pursuit of rival Slack.

The Atlassian chat tool, Stride, combines voice, video and chat in one interface that can be used to make decisions and take action on those decisions from user-flagged messages within team discussions. Users can also mute notifications and incoming messages while in Focus Mode on Stride.

With Stride’s introduction last week, Atlassian specifically called out Slack and Microsoft’s Teams product, and dropped heavy hints that HipChat users will be pushed — the Stride website uses the word “encouraged” — to move to Stride soon. Enterprises that already use the SaaS version of HipChat are enthused about Stride, but there are plenty of skeptics on the sidelines about Atlassian chat tools’ quest to capture market share, particularly from Slack.

“From what I can tell, it’s mostly a rebranding effort to try to get people to use their product as a true alternative to Slack,” said Chris Moyer, vice president of technology at ACI Information Group, a content aggregator based in Ipswich, Mass. Moyer is also a TechTarget contributor who closely follows the ChatOps trend. “They’re adding some features to it for sure, but they’re just a little too late to the game.”

Moyer’s company uses Flowdock for chat, and the tool has stored the company’s entire chat history. Despite interesting features such as integrated voice and video collaboration available with Atlassian’s Stride, the firm will be loath to move away from Flowdock unless Atlassian provides import utilities to siphon such data out of competitors’ platforms, Moyer said. No such tools have been publicly discussed by Atlassian.

They’re adding some features to it for sure, but they’re just a little too late to the game.
Chris Moyervice president of technology, ACI Information Group

ChatOps tools are still emerging and market share is hard to pin down, but analysts said Slack has the early momentum.

To compete, Atlassian will surround Stride with integrations into the other products its customers already use, said Rob Stroud, an analyst at Forrester Research. Such integrations could include hooks into its own Confluence and JIRA, or the Kanban boards Atlassian acquired with Trello.

Atlassian chat tool’s cloudy dilemma

For existing enterprise customers, however, the drawback with Stride is that for the foreseeable future, it will be offered only as SaaS. Large companies strongly prefer on-premises deployments. Some of these customers perceive Atlassian as too focused on cloud-based products, which is why they lobbied for the HipChat Data Center product, which was released in June.. There are hints that Stride will integrate with other Atlassian on-premises products such as JIRA Server, but the company is mum about any plans for a Stride Server product. Other recent products, such as Bitbucket Pipelines, are also SaaS-only.

Some enterprise Atlassian chat customers that currently use the SaaS version of HipChat said they are interested in Stride SaaS.

“[An] on-premises [version] would have some advantages, like legal control of our conversation content, but we could work with the cloud version, which is what we do with HipChat currently,” said Eric Hilfer, vice president of software engineering at Rosetta Stone, in Arlington, Va. The company uses Atlassian tools in its DevOps pipeline.

Rosetta Stone wants to integrate voice, video and screen-share meetings into text conversations that are linked into JIRA and Confluence workflows, Hilfer said. Right now the company uses Google Hangouts for video meetings, and has developer conversations in HipChat, so video meetings aren’t wired directly into JIRA issues as developers discuss them.

Sticking with a SaaS-only product could hurt Atlassian’s ChatOps ambitions in the long run, Moyer said.

“If they target more enterprise-level targets by offering on-premises versions, they’ll have a lot more luck — securing an on-premises application is much simpler,” he said.

Stride is still in preview and Atlassian has added customers to an early access waitlist. It doesn’t yet offer the kinds of integrations Hilfer wants, though that seems to be the plan. Meanwhile, as a relatively young IT software company, Atlassian has yet to discontinue a product such as HipChat, which will be “an interesting process to watch,” Stroud said.

Beth Pariseau is senior news writer for TechTarget’s Data Center and Virtualization Media Group. Write to her at [email protected] or follow @PariseauTT on Twitter.

8×8 and Atlassian integrate team collaboration tools

Cloud communications provider 8×8 Inc. is teaming up with Atlassian to offer integrated unified communications services that will include team collaboration tools, contact center, messaging services and other offerings.

8×8, based in San Jose, Calif., will integrate its Virtual Office unified-communications-as-a-service product with Atlassian’s team collaboration tool HipChat, which is becoming Stride. The 8×8 and Atlassian integration will offer customers team collaboration tools such as telephony, video, meetings and messaging from within HipChat rooms.

The collaboration between 8×8 and Sydney-based Atlassian also aims to enhance customer support through the integration of 8×8 ContactNow and Atlassian’s Jira Service Desk. With this integration, IT support and customer service representatives can work within the Jira Service Desk system by:

  • making and receiving calls from within a ticket with click-to-call capabilities;
  • offering intelligent search capabilities to find caller tickets by name, number and email address;
  • automatically listing ticket info with caller information; and
  • recording call details directly into a ticket at call completion.

Atlassian is also known for its work in the world of DevOps. By teaming up with Atlassian, 8×8 is looking to become the “de facto voice for DevOps,” 8×8 CTO Bryan Martin said in a statement.

AeroFS and Redbooth merge on collaboration, task management

AeroFS, a collaboration software provider, has merged with Redbooth, a task and project management platform. The new entity will retain the Redbooth name and combine products and other assets.

Redbooth offers online task and project management software for work teams. Users can prioritize and delegate tasks and create visual timelines. Earlier this year, AeroFS unveiled a new release of its Amium cloud-based collaboration platform that lets users collaborate with people outside their organizations. 

By integrating the two products, the new company increases the functionalities in a single service. The merged platforms should help workers consolidate their team collaboration tools. Vendor and user consolidation is an ongoing trend around the UC and collaboration market.

Currently, some workers might use too many services, such as five or six separate team collaboration tools, AeroFS CEO Yuri Sagalov said in a statement. Sagalov will be Redbooth’s new CEO. Both AeroFS and Redbooth are based in Palo Alto, Calif., and have targeted small and medium businesses, as well as larger enterprises.

Talkdesk launches mobile contextual communications

Talkdesk, a San Francisco-based cloud contact-center platform, has unveiled Talkdesk Context, a suite of products that provides data on customer self-service activity to contact center agents. Context Mobile is the first service to launch within the Talkdesk Context suite.

Context Mobile provides real-time information about a customer’s mobile in-app activity to customer service agents so they can provide relevant and personalized support. This new technology, available now for mobile apps, is built for customers who often look for self-service options before calling a contact center for support. Context Mobile, which features artificial intelligence capabilities, identifies callers instantly and passes information about their in-app activity to the contact center agent who answers their call.

Delivery of this real-time information to the agent looks to reduce the time that customers spend on support calls. With this service, customers won’t necessarily need to confirm their identities and explain their needs. For contact center agents, Context Mobile illustrates everything customers have gone through to serve themselves.

App Annie, a San Francisco-based app market data company, found that consumers spent nearly 900 billion hours in apps during 2016, an increase of more than 150 billion hours from 2015.

Atlassian Stride UCaaS product marks the end of HipChat

Atlassian has introduced a unified communications as a service, or UCaaS, product that will eventually replace HipChat, the company’s team messaging application, and go head-to-head against similar products from Cisco, Microsoft and Slack.

Stride, the new product launched this week, is a cloud-based meeting service that includes file sharing, team messaging, and video and audio calling. Companies using the cloud version of Atlassian HipChat will have the option of upgrading to Stride starting in October.

 Organizations can continue to use HipChat Cloud or the on-premises option, but “we believe we have built [in Stride] a more compelling product,” said Steve Goldsmith, the head of communications for Atlassian products.

For example, Atlassian Stride will contain services found in other Atlassian software, such as document collaboration, notifications and alerts, and presence. Having a standard set of services makes the use of multiple products easier for customers, Goldsmith said.

Atlassian Stride’s meeting capabilities will make it unique in the product portfolio, but it’s communication features will be shared. For example, people using Atlassian’s project management software, Trello, will be able to join a video or audio conference started in Stride.

Why kill Atlassian HipChat?

We believe we have built [in Stride] a more compelling product.
Steve Goldsmithhead of communications for Atlassian products

HipChat is primarily known as a team messaging product used by software development teams. “The company will have to expand its efforts to position Stride as a product that can be used companywide,” said Raul Castanon-Martinez, an analyst at 451 Research.

That effort could be helped by focusing on Atlassian Stride over HipChat. “Managing the marketing, positioning and messaging of products with overlapping functionalities can be challenging,” Castanon-Martinez said.

Large UC providers, such as Cisco, Google and Microsoft, have often struggled with that problem in their more extensive communications and team collaboration portfolios.

Stride, which will cost $3 per user, per month, is expected to appeal to a broader customer base with group meeting capabilities that include document collaboration and the ability to separate important activities and decisions, Goldsmith said.

“The challenges that people have in communication are not just messaging,” Goldsmith said.

Atlassian has almost 90,000 customers using its products, which also include collaboration tools for software developers and incident tracking for IT support groups. The company declined to provide the number of Atlassian HipChat customers. 

Atlassian faces Cisco, Google, Microsoft

As a UCaaS product, Stride will compete directly with Cisco Spark, Microsoft Teams and Slack. Smaller companies also competing for customers include Blue Jeans Network, LoopUp and Zoom Video Communications.

Atlassian will find it difficult to grab market share from Cisco and Microsoft, so it will likely compete for a smaller piece of the pie with Slack and others. “Our data shows that the offerings from the more established collaboration players, like Cisco and Microsoft, are poised to gain the most market share, especially among larger organizations,” said Irwin Lazar, an analyst at Nemertes Research, based in Mokena, Ill.

For years, sales of UCaaS products went mostly to small and midsize companies. Larger organizations avoided the products, believing they were incapable of securing content and providing communication privacy.

Those attitudes have changed. In a recent poll of senior IT executives, Nemertes Research found 44% considered cloud services more secure than on-premises options, and 38% said there was no difference between the two or the quality of security depended on the app, not its location.