5 expert insights to guide your Atlassian compliance strategy in 2025
Share on socials
5 expert insights to guide your Atlassian compliance strategy in 2025
Georges Petrequin
13 January 2025
12 min read
Georges Petrequin
13 January 2025
12 min read
Jump to Section
Jump to section
Learning #1: Cloud compliance isn't always easier than on-prem
Learning #2: Regulations are complex so start simple
Learning #3: The future of compliance is about collaboration
Learning #4: Selling compliance apps takes time, but it's worth it
Learning #5: It's time to stop storing your outdated data
From navigating cloud compliance complexities to staying in control of your data dispersed across 300+ SaaS tools, compliance in the Atlassian ecosystem is more nuanced than ever.
You've just started migrating your company's mission-critical data to Atlassian's cloud platforms, and suddenly you realise: who's actually responsible if there's a data breach or leak? This was just one of the hard topics tackled in our recent webinar: Building a compliance culture: strategies for today's challenges.
Our Senior Product Marketing Manager, Dimitris Sylligardakis, who focuses on our information security and compliance apps, sat down with a panel of experts from across the Atlassian ecosystem. They dove deep into the evolving landscape of information security and compliance, sharing advice to help other companies find their footing in this complex area.
Our panel included experts who spend a lot of their time thinking about compliance:
- Andy Barker, Co-Founder and CEO of Fun Inc.
- Dr Marion Lepmets, Co-Founder and CEO of SoftComply.
- Nick Wade, Co-Founder and COO of Opus Guard.
They shared invaluable insights about navigating compliance challenges in this fast-evolving industry. In this post, we've summarised some of the key learnings from the webinar to help you fast-track your compliance journey for the year ahead.
That said, our core takeaways and learnings may be different to yours, as there was a lot to unpack! Grab a drink, get comfortable, and watch or listen to the whole webinar below:
Learning #1: Compliance in the cloud is more complex than you think
It's easy to assume that moving to the cloud shifts the majority of your compliance burden to Atlassian. While there is some truth to that, the reality is more nuanced.
Moving to the cloud does move extra responsibility onto Atlassian, as your files are now all hosted on their infrastructure. But, this doesn't eliminate the need for you to think about compliance. 'It's not as simple as saying, "if we move to the cloud, we're secure,"' explained Andy Barker. Andy added that the responsibility and understanding of where your data is in the cloud is 'just as intense as if you were on-prem.'
It's not as simple as saying, 'if we move to the cloud, we're secure.'
Andy Barker
Co-Founder and CEO, Fun Inc
This intensity becomes evident in regulated industries like automotive and healthcare. Specific regulations like ISO 26262 that apply to these industries have stringent requirements around documentation and traceability, which still need to be addressed—areas where Atlassian's current cloud offerings may leave gaps.
The responsibility of assessing whether Atlassian's cloud platforms work for your business is up to you to evaluate.
Our panel recommended that organisations considering a move to Atlassian's cloud platforms should begin with a thorough review of Atlassian's Trust Center. This resource helps teams understand what areas of information security and compliance responsibility are covered by Atlassian and identify the compliance gaps they'll need to address themselves. In some cases, this analysis might even reveal that cloud migration isn't yet feasible for your specific compliance needs.
Learning #2: Regulatory complexity is growing, but you can start simple
The compliance landscape has become increasingly fragmented and demanding. In almost every jurisdiction, companies must adhere to regulatory frameworks like GDPR and FEDRAMP, which add a complex web of requirements to organisations operating both on cloud and on-prem.
One of the biggest factors contributing to complexity in navigating regulations in today's environment is the proliferation of SaaS applications across organisations.
Nick Wade of Opus Guard noted: 'There are over 340 SaaS applications in any given business, and that number gets higher as you look at enterprises. […] Each of those SaaS apps has different capabilities and levels of maturity when it comes to cloud operations, so the complexities of staying compliant tend to mount up.'
This fragmentation of data across numerous platforms—each with its own compliance standards and capabilities—creates a significant management challenge for organisations.
There are over 340 SaaS applications in any given business, and that number gets higher as you look at enterprises.
Nick Wade
Co-Founder and COO, Opus Guard
This complexity is particularly acute in sectors like financial services and healthcare, where organisations need to adhere to multiple overlapping rules and regulations.
Nick recommends that businesses in these industries take a methodical approach to compliance. Start by looking at the core foundational compliance frameworks like GDPR, ISO 27001, and SOC 2 Type 2. Demonstrating adherence to these will act as a solid baseline for broader compliance initiatives, and from there, you can start working towards more specific regulations.
Learning #3: The future of compliance is about collaboration
It's increasingly hard to navigate these ever-more complex compliance requirements alone. As our discussion on the webinar revealed, the most successful approaches to compliance we're seeing in the Atlassian ecosystem involve collaboration between vendors, solution partners, and customers.
Dr Marion Lepmets, Co-Founder of SoftComply, emphasised this point during our discussion: 'I don't think we [vendors] know everything about it [compliance], but if we work together, we might get closer to the answers our potential customers have.'
If we work together, we might get closer to the answers our potential customers have.
Dr Marion Lepmets
Co-Founder and CEO, SoftComply
The message is clear: organisations should actively seek collaborative opportunities within the ecosystem rather than struggle with compliance challenges in isolation.
Whether through joining industry groups, partnering with solution providers, or participating in community initiatives to share expertise, the path to robust compliance is increasingly a shared journey.
Learning #4: Selling compliance apps takes time but delivers big return on investment
When it comes to selling and implementing compliance solutions, patience isn't just a virtue for app vendors—it's a necessity.
Our panellists highlighted a consistent pattern in the adoption of compliance-focused applications: while the initial implementation process is lengthy, the long-term benefits to customers far outweigh the initial investment of time and resources.
The end result is a win for the vendors, too, as Dr Marion Lepmets explained: 'Compliance-related apps are mission-critical, so it takes time [for companies to adopt them]. But on the other hand, [compliance apps] are very, very sticky, with renewal rates that are out of this world.'
[Compliance apps] are very, very sticky, with renewal rates that are out of this world.
Dr Marion Lepmets
Co-Founder and CEO, SoftComply
Nick Wade also highlighted that Opus Guard's retention management solutions often need to undergo months of customer testing before they can be implemented, as large enterprise customers need to ensure the software meets their rigorous standards.
This thorough validation purpose can get frustrating—after all, vendors want to see their apps adopted and be able to provide value to customers quickly—but it serves an important purpose.
Organisations that take time to properly validate their compliance tools and then make a purchase are likely to see more success, and stick with that app for the long haul, trusting the vendor to play a key role in their compliance posture.
Learning #5: It's time to stop storing your outdated data
Data is the lifeblood of any modern organisation, but our panel highlighted a counterintuitive truth: keeping too much data stored away can be just as dangerous as not having enough!
As Nick Wade highlighted in our webinar, the average business has over 300+ SaaS tools at any given moment. While we use these SaaS tools to power our teams' productivity, the proliferation of old, redundant, and sensitive data across SaaS tools adds risk.
Nick told us that Opus Guard sees companies whose 'old information ended up being compromised, making breach outcomes worse than they could have been.' Even if your company has robust safeguards against breaches, the SaaS tools you use are also risk vectors.
Old information ended up being compromised, making breach outcomes worse than they could have been.
Nick Wade
Co-Founder and COO, Opus Guard
The more tools you have, the more likely it is that they have old data stored that you've forgotten to delete.
To minimise risk (although we can never eliminate it), think of implementing strict data retention policies and defensible deletion processes. These processes will play a critical component in any robust compliance strategy in 2025 and beyond, particularly as companies start feeding data into generative AI tools. If you want the output from generative AI tools to be high-quality, it's critical that the input—your data—is accurate and up-to-date as well.
By maintaining clean and organised data, organisations can minimise compliance risks and ensure all of their tools work as efficiently as they can.
Atlassian compliance in 2025 and beyond: your action plan for success
As our expert panellists explored in our webinar, compliance in the Atlassian ecosystem and beyond is becoming increasingly complex—but it's not insurmountable.
The key insights from our panel point to several concrete steps you can take at your organisation today:
- Assess your cloud readiness: moving to the cloud isn't a shortcut to compliance success. Start your journey by visiting Atlassian's Trust Center to evaluate your compliance needs and identify potential compliance gaps in the cloud offerings.
- Start with the basics: compliance has always been tricky, but don't avoid the problem. It'll always be a complex space to navigate, but you can start by building processes to ensure your organisation adheres to some foundational regulatory frameworks like the GDPR, SOC 2 Type 2, and ISO 27001, and go from there.
- Build your compliance network: we're lucky to work in such a collaborative ecosystem as the Atlassian one. Attend events, spend time in the community, and reach out to other people on the same compliance journey as you!
- Plan for the long game: if you're selling and implementing compliance solutions for customers, prioritise thorough validation over speed. The investment in proper setup pays dividends in long-term stability and will ensure you have a happy customer for years to come.
- Implement data hygiene practices: start developing robust retention policies now, before data sprawl becomes unmanageable across an ever-increasing number of SaaS and generative AI platforms used by organisations.
Of course, we want to extend a huge thank you to our guest panellists for joining us, sharing their expertise, and helping us all improve our approach to compliance!
Want to keep the learning going? You can:
→ Watch the full webinar recording on YouTube
→ Connect with our expert panellists on LinkedIn:
- Andy Barker (a.k.a., Fun Man Andy) Co-Founder and CEO of Fun Inc.
- Dr Marion Lepmets, Co-Founder and CEO of SoftComply.
- Nick Wade, Co-Founder and COO of Opus Guard.
- Dimitris Sylligardakis, Senior Product Marketing Manager, Upscale.
Ready to continue the conversation?
We're always interested in talking to people who are interested in improving their compliance strategy. Get in touch with our team and we'll explore how we can help you optimise your Jira setup for effortless compliance.
Written by
Georges Petrequin
Content Marketing Manager
Georges is a Content Marketing Manager at Upscale with a focus on our Jira apps. He spends his time crafting content that helps our customers solve their everyday work pain points and get more out of their Atlassian tools.
InfoSec & Compliance
Atlassian