Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Atlassian is blackmailing me with my company's shadow IT
8 points by donselaar 10 months ago | hide | past | favorite | 5 comments
I am the administrator of our company's Jira and Confluence Sites and I just got this email:

> 2 products created in the past 24 hours > Your users currently administer 2 products outside the [redacted] organization. > > For details about each product and admin contact information, subscribe to Atlassian Access. Use these details to stay ahead of where company data is stored and start a discussion about transferring the products to your organization.

In other words: they notified me that two employees have used their company-managed(!) accounts to subscribe to additional Atlassian services. They however refuse to give me any further details unless we subscribe to a pricier Atlassian Access subscription.

Don't get me wrong: I do understand that you have to pay for typical 'enterprise' features that give you more control over compliance and (aguably) security, but this is outright a disgraceful agressive way of upselling. Their basic plans are a joke. They intentionally lure employees to new products and then they blackmail you into buying those.

We're going look for alternatives like linear.app or a self hosted Jetbrains Youtrack.

A cloud provider leveraging an information imbalance within the company to profit from shadow IT.

One blanket email might be enough? "We've identified two products not budgeted for; please stop using them."

I’ve been there before, not with Atlassian, but some other similar SaaS companies. One (usually simple) way to suss out these accounts is to search your incoming mail log for emails from this company. By a process of elimination you can usually find the information needed.

This assumes, of course, that you have administrative access to your email system.

I have not used it personally, but Tara [0] would be another (free) alternative to Jira.

[0] https://tara.ai

"Thanks for self-reporting this. We are handling sensitive information in accordance with the European GDPR. Due to not having a suitable data processing agreement in place, you are in risk of violating national law in multiple countries.

Please contact us asap to sort this out and we can notify any affected customers and report this incident to the relevant authorities."

IANAL, but maybe if it's enough if your collegues might have uploaded a list of customer email addresses, some of which might reside in a EU country.

oh boy, i love jetbrains except youtrack.

goto linear pls.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
