Atlassian Team 2025Join Our Forge Market Research Study – Meet Us in Anaheim or Virtually
Customers & Atlassian Forge

How Customers Should Look at Atlassian Forge Apps and the Marketplace

Martin Seibert
#Security#Privacy#Data Protection#Forge#Atlassian Marketplace
Seibert Group Team Discussion about Atlassian Forge Apps and the Marketplace

Disclaimer: My name is Martin Seibert. I am the CEO of Seibert Group GmbH, an Atlassian Platinum Solution Partner. We are also the people behind a lot of Atlassian Marketplace apps. We are also developing custom apps for Forge. This article is based on our experience and insights from working with Atlassian customers and partners.

In a digital ecosystem, security and functionality are two sides of the same coin. For enterprises using Jira and Confluence, the decision between adopting Atlassian Forge apps or relying on traditional Atlassian Connect apps is more than a technical choice—it’s a strategic one. This article explores how customers can evaluate Atlassian Forge apps and the overall marketplace, balancing security, functionality, and long-term business needs.

Understanding the Security Landscape

The Risk of Multiple Third-Party Vendors

When you install Connect apps from different vendors, each provider may have access to sensitive data. For example, if you have 15 Connect apps, potentially 15 different companies could access your data—each additional vendor introduces a new attack vector and increases overall risk.

Data in Transit vs. Data at Rest

One key distinction in security is whether an app only processes data “in transit” (temporarily handling and then deleting data) or stores it on external servers:

  • In Transit Processing: Data is used briefly for specific operations and then deleted, reducing the risk of long-term exposure.
  • Data Storage on External Servers: Permanent storage on a vendor’s server means that, in case of a breach, larger data sets might be exposed.

Admittedly, you have to trust the vendor if they tell you they don’t store your data. But that should be fine for the established ones. They run multi-million dollar businesses and live off of their trust. They won’t lie about it.

Advantages of Atlassian Forge

Centralized Data Handling

Forge apps run within Atlassian’s secure cloud infrastructure, ensuring that sensitive data remains on Atlassian servers. This approach minimizes third-party exposure:

  • Fewer External Access Points: Instead of relying on multiple vendors, your data is processed centrally, lowering the number of potential failure or breach points.
  • Stable Infrastructure: Even if third-party Connect app servers face downtime, a Forge app remains stable as long as Atlassian’s cloud is up and running.

Reduced Vendor Lock-In and Business Continuity

Because all data resides within Atlassian’s ecosystem, the dependency on disparate vendor servers is reduced:

  • Centralized Management: If a new software version introduces issues, Atlassian can potentially roll back or update the app centrally.
  • Simpler Risk Assessment: With Forge, customers can evaluate a single, robust infrastructure rather than managing multiple vendor risks.

Balancing Functionality and Developer Freedom

Trade-Offs with Forge Apps

While Forge offers a superior security profile, it comes with some limitations:

  • Feature Limitations: Many Forge apps currently offer a reduced feature set compared to their Connect counterparts. This is often a trade-off for the increased security provided by Forge.
  • Developer Constraints: Developers must work within the constraints of the Forge environment. However, this also makes developing small, internal tools much simpler and more streamlined.

Enhancing Developer Capabilities

Despite the limitations, many customers are turning to Forge for internal applications:

  • Developer Workshops: High demand for Forge developer workshops indicates that many organizations are eager to build their own custom, secure tools.
  • Cost Advantages: With Atlassian covering hosting costs for Forge apps, developing and deploying internal scripts or helper tools becomes highly cost-effective. If you want to move away from Scriptrunner, PowerScripts or an alternative when moving to cloud a custom forge application is often the way to go.

When to Prefer Forge Apps

For applications where the functionality is comparable, customers should lean towards Forge apps due to their enhanced security:

  • Lower Risk: Forge apps avoid the risks associated with external data storage and multiple vendor dependencies.
  • Transparency and Control: Data remains under the centralized control of Atlassian, and Trust Centers (mandatory for Platinum Partners starting July 2025) will soon provide self-service access to key security and compliance information.

Evaluating Connect Apps

While Forge apps are preferable from a security standpoint, Connect apps still have their place:

  • Expanded Functionality: In some cases, the richer feature set of Connect apps may be necessary.
  • Vendor Trust: When considering Connect apps, customers should assess the vendor’s credentials, including certifications (e.g., ISO 27001, SOC 2) and even the vendor’s country of origin.

Best Practices for Informed Decisions

  • Consult Experts: Engage with Atlassian Solution Partners and experienced consultants to understand the strengths and weaknesses of each approach.
  • Review Trust Centers: Starting July 2025, make full use of Trust Centers to verify a vendor’s security practices.
  • Consider Business Continuity: Evaluate the number of potential failure points and ensure that the overall infrastructure meets your company’s reliability requirements.

Conclusion

The choice between Forge and Connect apps isn’t strictly a matter of technology—it’s about aligning with your organization’s security, functionality, and long-term strategic goals. While Forge apps provide a more secure, centralized solution by keeping data within Atlassian’s environment, the market will continue to offer Connect apps with broader features. The key is to evaluate each option based on its risks and benefits, ensuring that your enterprise remains agile, secure, and ready for future challenges.

For more information on secure app development and to explore which apps are leveraging Forge’s benefits, visit forge-apps.com. You can also send me a message on LinkedIn, ping me on Telegram, or just reach out via email: martin.seibert@seibert.group.

← Back to Blog