As the amount of developers working in the cloud increases, Atlassian wants to ensure security doesn’t become a problem. The company announced it is adding IP whitelisting and required two-step verification to its code collaboration and management solution, Bitbucket Cloud.
“Security is a complicated [and] evolving problem, and protecting repositories is our top priority. We want our customers to know, when they put their source code in the cloud on Bitbucket, it is stored as safely as possible,” said Rahul Chhabria, product leader for Bitbucket.
(Related: Outdated security techniques are still being used too much)
Atlassian first introduced two-step verification in 2015 as a second component to securing code repositories in addition to a user’s password. This ensured that if anyone else got access to a user’s password, they still would not be able to access the account. But the problem is that developers don’t always follow the rules, find two-step verification annoying, and won’t put it in place, according to Chhabria. To give team admins the ability to ensure their content is protected, Atlassian announced required two-step verification.
However, developers often still find two-factor annoying, so to accommodate them, Atlassian has added IP whitelisting, which allows admins to go into their Bitbucket console and enter only those IP addresses from which content can be accessed. “This is really useful because it removes the task from the developer,” said Chhabria. “They don’t have to think about it anymore, and now the admin has full control.”
He added that some companies might have a strict policy prohibiting working from home, and this would ensure that a user can’t log in from their home devices.
In addition, admins can add both required two-factor authentication and IP whitelisting to create a new level of protection. For instance, if a developer’s smartphone is compromised and a hacker tries to use their two-factor authentication from a non-listed IP address, they still won’t be able to access the content.
“Adding this gives admins peace of mind to make sure they know their content is protected,” said Chhabria. “This is a proactive approach to making developers and admins feel more comfortable.”