Client data is handled at the highest level of our Data Classification Matrix. It is prohibited from being stored locally on any endpoints. MongoDB Atlas is currently Hakkiri's primary and only data store. MongoDB Atlas encrypts all cluster storage and snapshot volumes, securing all cluster data on disk: a concept known as encryption at rest. Atlas encrypts all snapshot volumes. Backups are made multiple times a day.
Data in flight is encrypted with TLS/SSL and may only be accessed through an authenticated and authorized connection. There is no public access of client data of any kind.
We know strong security requires a chain of trust through all vendors used by all services involved in a solution. All vendors used by Hakkiri undergo a security assessment to ensure they are meeting or exceeding the same standards we hold for ourselves. This goes for any internal systems, not just those that makeup part of our platform products.
The main third-party providers of our application are world-class companies with enterprise trusted security. You can find their own security pages below:
Endpoint machines used by our employees and contractors are required to be encrypted and running an acceptable recent version of macOS plus Anti-Virus software. Additionally, they must have their Firewall enabled and use a strong password protecting login/unlock. We monitor these devices through a device management platform. Customer data is never needed to be on a local endpoint and is prohibited.
Our cloud resources are protected with AWS Web Application Firewall (WAF), undergo regular security scans covering the OWASP Top 10 most common application vulnerabilities, and only are exposed to the public if absolutely necessary. Otherwise, they are hosted in a private subnet, completely cut off from the public web.
Access to our platform uses Auth0 for authentication where the passwords they store are always hashed and salted using bcrypt. Our application offers three different roles that may be assigned within an organization depending on the level of access needed.
For all internal applications, we follow the principle of least privilege. Access to any of our tools must be approved based on whether access is needed to do their work. Access to customer data is granted only for support reasons, with approval from leadership.
Hakkiri uses Atlassian Service Management, and Atlassian Statuspage for users to communicate with us for any ideas, bugs, or issues. Upon a ticket being created, a support engineer will review and take appropriate next steps. Support can also be reached at firstname.lastname@example.org.
We hold all employees and contractors to high ethical standards. Each must undergo a background check, sign our code of conduct and acceptable use policies, as well as take required security training.
We also have a quarterly internal audit process to ensure we are following our established Security Controls and updating them as needed.
How does Hakkiri integrate with Jira?
Customers may use cloud hosted versions of their tools (ex: Jira Cloud) or host them (ex: Jira Server) on internal servers. Hakkiri needs to be able to access those servers to be able to collect the data used to provide organizational transparency and analytics.
For cloud hosted tools Hakkiri leverages the secure API connections those products make available. Those connections can be securely setup by users with Administrative privileges to those tools. The API calls to Jira outside of the initial set-up are read-only and do not require admin level privileges during normal operation.
For internally hosted tools secure connections can be established by whitelisting Hakkiri IPs. The IP addresses that Hakkiri will use will be provided during account setup.
All traffic is HTTPS (port 443). You may specify a custom port (other than 443) in the URL when configuring the URL for the on-premise server in Hakkiri.
HTTPS webhook traffic from the internal system to Hakkiri (outbound from the on-premise network) will go to the same IP addresses. It is only necessary to whitelist these IP addresses for outbound connections if you normally block outbound connections which is less common.
Where is data stored?
Hakkiri is built on Amazon’s AWS. To find out more information about Amazon’s security and infrastructure, please visit their security statement: https://aws.amazon.com/security/. We currently store all persisted data in encrypted form in a MongoDB Atlas database that is hosted in Amazon's AWS. To find out more information about MongoDB's security and infrastructure please visit their security statement: https://www.mongodb.com/cloud/atlas/security. All backups of the MongoDB database are kept on AWS for a period of 90 days at which point they are deleted permanently. We do not keep local copies of production data.
How is data accessed?
Your data can only be accessed via an SSL connection using an authenticated session. We do not provide exports or any form of a download of your data. It is not possible to access your underlying data directly.
Who has data access?
Only authenticated users with the username and password you provide can access your data. There is no public access to your data of any kind.