Why downloadable tool and not SaaS (Software as a Service)
There are several ways to integrate your task management system with some other system - a plugin for your system, a downloadable tool, a custom script, or a cloud-based solution (“SaaS”).
- TaskAdapter is a downloadable tool that you run on premises.
- Your data never leaves your corporate network (unless you integrate with some cloud-based solutions like Trello, of course).
- Your credentials / API access keys are stored locally on computer where you run TaskAdapter.
While a cloud-based integration solution may looks promising, there are several reasons why companies may want to avoid this.
Reason 1: VPN
Most integration solutions (including TaskAdapter) will requires http/https access to your task management systems (say, Atlassian JIRA). Most companies protect those systems by keeping them accessible only inside their corporate network (inside VPN - Virtual Private Network) due to privacy/security considerations.
If you decide to expose your task management system outside of your company network to use some “Software as a Service” integration website (a “cloud-based” solution), there are ways to reduce the risk of someone hacking into your system (like IP whitelisting and such). This kind of protection may be fragile, require 24*7 professional monitoring and regular threat analysis. Your Chief Security Officer may have an opinion on this idea.
Reason 2: vague or unverifiable data protection claims from cloud-based solutions
For any cloud-based solution to work, it must keep credentials to access your task management systems
your data (tasks) will be at least temporarily passing through their servers (when tasks are loaded and then saved).
Again: they must have access to both your credentials (permanently) and your actual data (at least temporarily).
- how do you know your data is NOT stored on some external server due to performance, reliability, resiliency or whatever other technical or non-technical reason?
- how are your credentials protected by the cloud company? hashing and salting? encryption? what kind and level of encryption? does the company has certified security professionals to guarantee any reasonable level of security?
- how do you know who exactly has access to your data on the cloud company side?
- what is the employee turnover at that cloud company?
- where do they keep backups of your integration configurations (including credentials)?
- what is their backup retention policy?
- who has access to those backups?
- even if they have strict security policies and rules, are those actually being followed?
- can you verify any of this?
- even if every item on this list is addressed, how can you ensure that the situation won’t change tomorrow when the cloud company hires another employee?
Reason 3: GDPR
The previous chapter partially leads to this one. General Data Protection Regulation (GDPR) that took effect in May 2018 severely limit how customer personal data is accessed, stored and processed.
If your task management system contains any
customer data anywhere in task bodies, task comments or in any other fields,
directly affects your GDPR compliance.
Any cloud-based solution by its nature will at least temporarily have access to this data and this will
affect your GDPR compliance as well.
This is why we decided to make TaskAdapter a stand-alone tool that you can download and run on your local computer / server that has access to your favorite bug tracker or task management system. This way, your credentials stay with you and your data stays inside your network (the latter is assuming both systems your want to integrate are within your network, of course).
With a downloadable tool like TaskAdapter you do not need to provide your LDAP logins to a 3rd-party SaaS solution or deal with opening your firewall for some company with unknown security rules or protocols.
If you are a military or another government agency that requires additional security verification, you can get access to TaskAdapter source code to review it.