draw.io is now an Atlassian Cloud Fortified app
JGraph is pleased to announce that draw.io is the only secure diagramming application to meet Atlassian’s new Cloud Fortified standard.
The draw.io app for Confluence is a diagramming application natively integrated into Confluence. If Confluence is your single point of truth for documentation, draw.io is your most secure choice for diagramming and visualization. draw.io for Confluence is created and maintained by JGraph, alongside the online diagrams.net and draw.io branded desktop application.
What is Atlassian Cloud Fortified?
Atlassian developed the more rigorous Cloud Fortified standard to highlight enterprise-grade apps with a particular focus on reliability and service, in addition to increased security requirements.
By including strict reliability and support requirements, the new standard goes above and beyond the Atlassian Cloud Security program.
As a security-first diagramming app for Atlassian Cloud products, the draw.io developer JGraph has continued to work closely with Atlassian over the years, participating in security initiatives as they are made available to app developers.
draw.io is Atlassian Cloud Fortified
As a Cloud Fortified app, draw.io and JGraph meets the following requirements:
- Participate in all of Atlassian’s cloud app security programs, including the automated Ecoscanner, as well as the VDP, AMS, Marketplace Bug Bounty, and the security self-assessment programs.
- Meet all of the security requirements for Marketplace cloud apps.
- Pass strict checks for service reliability and performance at scale, including automated checks to ensure a 99.9% or higher app availability.
- Proactively review compatibility with upcoming host product updates.
- Abide by the Atlassian-defined app support SLAs and integrate with Atlassian’s process to ensure fast incident response and resolution times.
Secure diagramming with draw.io and Atlassian
JGraph are fully committed to your data security and privacy expectations in all draw.io and diagrams.net products.
Because your sensitive diagram data doesn’t leave your infrastructure and is never stored on the draw.io servers, draw.io is an app for Confluence and Jira that lets you comply with a number of data protection certifications (ISO 27000, 27001 and 27002) and the GDPR.
Learn more about our commitment to data security and privacy
If you are using the draw.io apps for Confluence or Jira Cloud, Atlassian lets you set strict data governance rules, including your data residency region to choose where your data or in-scope product content resides.
Set the draw.io lockdown option as a JSON string in the app configuration to additionally restrict data transmission to only between a user’s browser and their Confluence Cloud instance:
"lockdown": true
If you use one of the draw.io features that are not provided within the scope of the Atlassian platform (PDF generation; .vdx, .vsd, .vssx and .gliffy import; and generated PlantUML images), use the draw.io dataGovernance option to set one server endpoint region in a JSON string in the app configuration:
"dataGovernance": "EU""dataGovernance": "US"
