YouTrack InCloud 2018.2 Help

Security

YouTrack InCloud is a hosting platform that is designed and used by JetBrains to deliver YouTrack as a service. Each YouTrack InCloud instance is physically located on a server, hosted by Amazon Web Services (AWS).

The number of instances per server depends on several parameters, such as database size and number of online users.  We permanently monitor each server load and activity to maintain well-balanced performance. When server activity reaches a certain level, we close this server for any new registrations. 

  • The JetBrains Operations team is responsible for provisioning, monitoring, and managing InCloud servers.
  • The YouTrack InCloud Support team provides technical support to InCloud subscribers.

We monitor these servers around the clock to ensure their availability and security. Even so, there are a number of things that you can do to protect your data. For more information, see Secure Your Installation.

Data Center Location

A new instance is created on the server with the lowest load and based on the customer preference of data center location:

Region NameRegion
US West (N. California)us-west-1
EU (Ireland)eu-west-1
Asia Pacific (Singapore)ap-southeast-1

The location of the data center is chosen by the instance owner when the instance is started for the first time.

The current data center location is displayed on the Global Settings page. To move your instance to a different data center, submit a request to YouTrack InCloud Support

Data Storage

We use Amazon Web Services (AWS) Cloud as the hosting provider. All data is stored on the Amazon Elastic Block Store (Amazon EBS).  Each Amazon EBS volume is automatically replicated within its Availability Zone to protect your data from component failure, offering high availability and durability. Amazon EBS volumes ensure consistent and low-latency performance. 

Encryption of Data in Transit

All of the instances that are hosted on the *.myjetbrains.com domain use HTTPS connections to secure data in transit. For instances that use a custom domain, you have the option to use your own CA certificate. Otherwise, your instance is secured with a TLS certificate that is automatically generated and signed by Let's Encrypt. Let’s Encrypt certificates use the SHA-2 cryptographic hash function to encrypt data in transit.

In 2017, JetBrains discontinued support for non-secure connections for YouTrack InCloud.

Encryption of Data at Rest

The databases that store information for hosted instances are encrypted. This reduces the likelihood that your data is compromised even in situations where an attacker obtains unauthorized access.

YouTrack stores passwords in the database as hash values. Passwords are hashed using the SHA-1 cryptographic hash function.

The database itself, including attachments, is encrypted with the ChaCha20 algorithm. There are several major implementations of ChaCha20, including Google's selection of ChaCha20 as a replacement for RC4 in TLS and its inclusion in OpenSSH.

A unique encryption key is generated separately for each YouTrack InCloud instance. Access to these keys is restricted to the YouTrack InCloud Support and JetBrains Operations teams.

Certification

We run our service in the AWS Cloud. Since we cannot physically control the servers, we rely on the third-party certifications that have been undertaken by AWS.

AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). They undergo annual SOC 1 audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems.

Data Manager

The internal application that JetBrains uses to manage the data for YouTrack InCloud, Hosted Master, is only accessible to the YouTrack InCloud Support and JetBrains Operations teams. It is also possible to access and manage the data directly on the Amazon EC2 servers. Authentication is performed via individual SSL keys and the servers only accept incoming SSH connections from JetBrains and internal IP addresses.

People and Access

Only the YouTrack Development and JetBrains Operations teams have access to InCloud servers and the Hosted Master for maintenance and support purposes. These teams access Hosted Master and InCloud data only for purposes of monitoring application health and performing system maintenance, or upon customer request.

YouTrack InCloud is designed to allow access to application data only with the appropriate credentials, so that no customer may access another customer's data without explicit knowledge of their account credentials. Customers are responsible for maintaining the security of their own login information.

The JetBrains Operations team monitors YouTrack InCloud servers 24x7 from our operations center in St. Petersburg, Russia. Our servers are hosted in different data centers in Europe, North America, and the Asia-Pacific region, according to the customer location and preference. For an overview of our availability, check the YouTrack InCloud Service Status page.

Backups

JetBrains Operation team is responsible for creating and storing backups. Backups are also stored on Amazon servers. We re-sync backups daily, weekly and monthly. You can create and export your own backups at any time from the Database Export page in YouTrack. For more information, see Database Export.

Last modified: 10 July 2018