Atlassian has transformed its products to be cloud first, and it's no surprise that over 90% of new customers now choose Atlassian's cloud products over Data Center products. For existing customers too, Cloud migrations are accelerating with 2x as many migrations in FY22 over the prior year.
To make this move to the cloud successfully however, trust is a critical element. Both Atlassian and Marketplace Partners need to meet the security, privacy and compliance needs of our customers. In addition to making our own cloud ready, we are committed to making it easier for Marketplace Partners to offer, and for our shared customers to find, apps that meet trust-related customer requirements in cloud.
What does cloud trust have to do with apps?
As customers move to the cloud, they look at their portfolio of apps and measure them against their privacy, security, and compliance needs. This process is time consuming for customers, and often results in questions and added work for Marketplace Partners. The burden on partners is only increasing, with queries coming in from an increasing number of migrators.
To make this process more efficient for partners and customers alike, we have a number of initiatives planned.
What do customers need to feel confident installing cloud apps?
Ultimately, cloud apps come with a shared responsibility. Atlassian, Marketplace Partners, and customers each play an important role:
- Marketplace Partners design apps and operational processes according to your legal obligations, Atlassian's standards, and general industry best practices for building and maintaining reliable, compliant, and secure apps while protecting customer data. Marketplace Partners also provide support and information on your own websites, app listing, and in documentation to help customers make informed decisions.
- Atlassian provides documentation, high security standards, and capabilities to help partners build trustworthy apps in line with accepted industry practices. Atlassian also provides information and control across a number of trust factors so that customers can assess and manage individual cloud apps against their own requirements.
- Customers do their part to leverage the information provided by Atlassian and Marketplace Partners to assess apps and verify that apps fit within their organization's guidelines or other requirements. Customers also acknowledge that app installation requires a relationship with a Marketplace Partner that is separate from the customer's relationship with Atlassian.
We know many Marketplace Partners have already made great progress on your part of this model. You now have over 300 apps with the Cloud Fortified badge and over 700 in our Marketplace bug bounty program, and many apps have certifications and detailed privacy and security documentation for customers.
With the shared responsibility concept in mind, we plan to do more as Atlassian to help more Marketplace Partners meet customers’ needs, and to connect the dots to help customers more easily learn what partners are already offering.
In order to help customers feel confident installing apps in cloud, we plan to support Marketplace Partners in providing a foundation of transparency and control across a few fundamental pillars. The following pillars represent our customers’ needs and our vision to meet those needs in collaboration with Marketplace Partners.
What can Marketplace Partners expect from Atlassian in the coming year?
As we've learned from our own journey, achieving this vision won't happen overnight. But, we have a number of investments planned over the coming months and quarters to help Marketplace Partners scale your own trust posture and demonstrate these investments to customers.
Increased transparency about privacy & security on Marketplace listings
Partners have told us it's challenging to get your privacy and security information in front of customers at the right time in the sales cycle. We also know customers are spending increasing amounts of time searching for it. To make it easier for both partners and customers, we're planning to introduce a new tab on the Marketplace for partners to share key pieces of information about app privacy and security.
With a new Privacy and Security tab on every Atlassian Marketplace cloud app listing, we can work together to deliver customers the information they need to see if an app requires a deeper security evaluation, and provide links out to self-serve resources so they don't need to email your team as often. The tab won't replace a full security evaluation, but it will increase transparency and help customers find key pieces of information faster. We will continue to evolve this tab over time as we hear from both customers and partners about what information would be most valuable in the app assessment process.
We will provide more details on the MVP and timeline in the coming months so you can leverage this new capability to bring visibility to your trust investments and gain customer market share in cloud.
Strengthening the Cloud Fortified program
In addition to increasing control and transparency across our data management, security, and compliance pillars, we also plan to strengthen the Cloud Fortified program for Marketplace Partners. The biggest update related to the Cloud Fortified program in the coming year is the replacement of the Security Self Assessment with the new Privacy & Security tab. We will provide a 6 month transition period so that Marketplace Partners who have Cloud Fortified apps or are planning to release Cloud Fortified apps have time to accommodate the change. Again, we will provide more details on the new tab and on this change in the coming months.
Another upcoming Cloud Fortified update is related to reliability. By the end of this year, we plan to improve monitoring for Cloud Fortified apps by shifting from monitoring in Statuspage to monitoring in the Developer Console. This shift will unify the monitoring experience for Connect and Forge apps, and provide an improved experience for all Marketplace Partners with clearer UI and more scalable, performant reliability metrics.
We will continue evaluating and evolving all of our trust-related badging initiatives to ensure they are meeting Marketplace Partner needs and customer expectations.
Data Residency for Marketplace apps
Marketplace Partners and customers have been asking for data residency for apps for some time, and we are actively working to make this a reality starting with realm pinning in the US, Australia, and the EU for new Marketplace customers. Next, we plan to make it possible for Marketplace Partners to offer data residency to existing customers, starting with support for realm migration for Connect apps in mid-Q4 of this calendar year.
Data Residency will help Marketplace Partners reach and maintain customers with data residency requirements based on their company or region, as enabling data residency for our shared customers will help increase customer control over where their data is stored.
Continued improvements for Forge
Forge is one part of our strategy to provide trust benefits to developers and Marketplace Partners on a platform level. Forge allows partners to use runtime and data storage within the Atlassian platform, which dramatically reduces the surface area partners need to secure. For partners who have not yet established their own robust trust programs, or who want to shift resources from trust to innovation, Forge is a way to achieve a high level of trust with less cost and effort.
Forge supports many app use cases today—but not all. We are working on multiple fronts to deliver key features partners need to build on Forge, including blockers like more sophisticated storage. We are also working on capabilities that will support future innovation on Forge, like supporting apps in the mobile experience and bringing the Forge runtime in line with the native Node.js environment. In addition, we will be working to deliver features that specifically help partners deliver higher levels of trust to security-conscious customers, like data residency. You can follow planned updates on the public Forge roadmap.
These are just a few initiatives you can expect from us in the coming months. We've released a new Ecosystem Trust Resource Hub in the Partner Portal to help you find consolidated information on these topics, and we've launched quarterly Marketplace roadmap webinars to help you stay up to date.
How can you get more involved as a Marketplace Partner?
We know as an Atlassian Marketplace Partner, you're often asked to juggle a lot of priorities. Building customer trust in our cloud ecosystem is a vital, shared project that we hope you'll prioritize, but we know you can't do everything at once.
Step 1: Make sure your app is meeting our cloud security requirements
If you have a cloud app on the Atlassian Marketplace, you are expected to abide by our cloud app security requirements, which are updated regularly to ensure alignment with industry standards. The latest updates to our cloud security requirements go into effect at the end of October, so please be sure that your cloud apps are meeting them.
Step 2: Prepare information for your Privacy & Security tab when details become available
We recommend you start by learning more about the new UI for privacy and security when this information becomes available later this quarter. This new tab will be visible on all Marketplace cloud app listings, so we can work together to deliver customers the privacy and security information they need to streamline app assessment and reduce some of the burden on your teams.
The tab will be a great place to showcase any investments you've already made in privacy, security, compliance or data management practices. We will share details about what customers will see and what information we'll be asking for in the coming months.
Step 3: Understand your market's needs and start prioritizing your trust roadmap
Once you're ready to go with the baseline requirements and information, start thinking about your ideal customers and what they might look for. Is your ideal audience an enterprise customer? Is your app used by customers in regulated industries? Do you support customers with data residency requirements? Start evaluating your trust roadmap based on which customers you want to attract and support.
If you're ready to go a step further in your trust journey, read up on the Cloud Fortified apps program, which provides apps with a badge on the Marketplace in exchange for additional investments in cloud app trust.
Are you targeting customers in countries with data residency requirements? Enterprise customers and customers in regulated industries are likely to look for apps that offer data residency in the same countries as Jira and Confluence. You can learn more about your app data residency options here.
In the end, all customers want to feel like their information and work flows are protected by well-built and managed, reliable apps and products, and we know our Marketplace Partners and developer community are willing and able to meet these needs. We'll continue providing more tips and resources to Marketplace Partners in the Partner Portal (you can request access here), and you can follow along on Atlassian's cloud journey on our public roadmap.