<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=482903392141767&amp;ev=PageView&amp;noscript=1">

Asana and Security

By Danielle Cross | April 27, 2022

Asana IT Security security

Adopting new tools to manage and organise work has become the norm. From daily tasks to strategic initiatives—there are a number of ways to optimise processes in a more collaborative and flexible way.

Asana is leading the way in project management solutions, helping teams like yours plan, organise, and execute their work so they can move faster to achieve results. Companies and managers trust Asana with their data so that they can focus on the work that matters most to their business. Asana is focused on creating an easy-to-use collaborative work management solution, but also on keeping customers' data safe.

When discussing Asana and security, we need to look at the tool from several angles - infrastructure, product, operations, compliance, and privacy. Data protection is key to the support Asana offers to teams, so security is incorporated into the tool and its operations.

Asana utilises cloud computing service offerings, primarily from Amazon Web Services (AWS) as the core building blocks of the Asana platform. AWS manages the security and compliance of the cloud computing infrastructure, and Asana manages the security and compliance of the software and sensitive data residing in the cloud computing infrastructure.

Elastic Compute Cloud (EC2) services from Amazon runs the the majority of the Asana platform and provides a reliable, scalable and secure way to process customer data. The company has expressed its commitment to protecting client privacy through its product, infrastructure, and data governance.
Since Asana's production infrastructure is locked down, only the load balancer machines are allowed to receive external web traffic. Each host is assigned a role; security members are used to define the expected traffic between these roles.

Storage servers are Simple Storage Service (S3) from Amazon. They store attachments and database backups. Attachments are any files uploaded to Asana tasks directly from a computer. Attachments coming from cloud-hosted content collaboration platforms are created as links to those platforms, but aren't stored in Asana's storage servers.

Asana offers European Data Centres to Asana Enterprise customers that require their data to be in Europe. Customer Data will be stored in the Frankfurt (Germany) AWS region, with backups stored in Dublin (Ireland) AWS region. AWS facilities are used both for the U.S. and EU infrastructure. Companies that choose Asana get the peace of mind it adheres to global, regional, and industry regulations to help them meet compliance standards.

In terms of privacy, Asana fares well as all connections to the platform are encrypted. This keeps all company and enterprise data secure at all times. It is no surprise that more than 100,000 of the world's most innovative enterprises trust Asana to keep their data safe.

All of Asana's servers are hosted in secure, SAS 70 audited data centers. All servers are firewalled to permit the minimum traffic necessary to run the service, and access to those servers is limited to Asana employees with a legitimate business need.

Asana's approach to security starts at the foundational level and includes protocols such as password hashing, routine security assessments, least privilege access, security-focused software development, and a public bug bounty program. Such a well-rounded approach ensures continuous improvement in the way Asana addresses security.

Moreover, the software has an information security tea that implements new security controls and monitors Asana for malicious activity across physical data centres, networks, and IT devices.

Asana provides a robust set of in-product data protection and admin controls for greater visibility and control over your data. Enterprise admins can securely deploy Asana to their organisations with two-factor authentication, SSO, and SAML 2.0.

The comprehensive privacy compliance program means clients gain more control over their data and meet their organisation's most critical compliance needs by using their own encryption key on information stored in Asana.
This way organisations can use Asana every day to keep their teams organised, connected, and focused on results.

Asana IT Security security

Subscribe to our blog updates