The most important things to look at when deciding where to host your code with a cloud provider are cloud security, confidentiality, and availability. Without those important components, features, price, and integrations simply don’t matter if you don’t know your code is secure.
How do you know the company hosting your code is properly guarding it, and giving the right people access to your repos only with your permission? How can you be sure they don’t accidentally delete something? Bitbucket Cloud is the first of the leading Git repository solutions that can give you this assurance by successfully completing a SOC 2 Type II audit. What does this mean for you?
Confidence in code security, confidentiality, and availability
Whether you’re already a medium to large sized company or quickly becoming one, security and availability are your top priorities when managing your organization’s code within a DVCS. If (and when) your compliance team steps in and asks for assurance that your Git provider’s security and availability are in line in the cloud, what do you do? If your customers are asking you for SOC 2 Type II, what do you do?
With Bitbucket, you hand over our SOC 2 Type II certification and go on with your day. With other Git providers, you could embark on a 2 year journey of exchanging security questionnaires, negotiating with your security and compliance teams, and generally getting frustrated instead of just moving on with your real business.
By having Ernst & Young complete this audit, we’ve assured that we have the checks in place so we won't expose your code, we won't lose your code, and our cloud has the correct processes in place to stay up. Bitbucket is now the most trusted place to store your code and grow with you.
SOC 2 Type II unblocks the cloud for on-premise teams
On-premise teams have wanted to use the cloud for its flexibility to scale, decreased hardware costs, automatic software updates and the ability to access information anytime but have felt blocked by concerns over cloud security. Having your full software development workflow in the cloud from apps to your CD pipeline can and will accelerate business velocity.
Now, with SOC 2 Type II, teams are able to make that move from server to cloud with assurance that their code is safe and reap the benefits of the cloud.
Enterprise-grade cloud security controls
In addition to SOC 2 Type II compliance, Bitbucket Cloud offers enterprise-grade security controls to further ensure your code is secure.
- Account admins can require their team to have 2 step verification to access private code
- IP whitelisting blocks a user from interacting (view, push, clone) with your account's private content unless they’re accessing it from an IP address you’ve selected.
- You can set merge checks to control when a pull request can be merged like requiring a minimum number of approvals, requiring tasks to be resolved, enforcing a minimum number of successful builds, and more.
- SAML single sign-on allows you to connect Bitbucket directly to your identity provider (we support Azure AD, Okta, Onelogin, Centrify, and Bitium) so you can add new starters or remove access for employees leaving your company. (Available via Atlassian Access)
Required 2 step verification, IP whitelisting and merge checks are available under Bitbucket’s Premium Plan for $5/user/month.
Step up your security
If you're ready to enhance your security measures, sign up for a Bitbucket Cloud account.