You are here

Trustworthy and Safe

"Apptio’s world-class security measures are designed to protect and serve our customers."

- Ted Kummert, EVP Products & Engineering

a

Background Image: 

Innovation is Built on Trust; Trust Starts with Transparency

default-padding
You trust Apptio to deliver world-class Technology Business Management applications while handling your data with the utmost care and security. We tune every aspect of our business to deliver on that trust.

 

NOTE: All information contained represent our current practices. We continuously consider and adopt revisions to our practices in an effort to improve our overall security posture.

White
Current Alerts

 No active alerts at this time. 

Dark Gradient
0
bg-gray-darker
0

Physical Location

Apptio recognizes that data location is an important consideration for businesses with a global presence. Apptio currently operates its SaaS service out of datacenter in the locations below.  Please let your Apptio representative know if you have a preference for the location of your datacenter:

  • US West Region
  • US East Region
  • EU (Frankfurt) Region
  • EU (Amsterdam) Region
  • EU (Ireland) Region
  • Asia Pacific (Sydney) Region
  • Asia Pacific (Silverwater) Region

All Apptio datacenters are world-class Tier 3 and Tier 4 data centers providing advanced security and environmental protection. Some of our products utilize Amazon Web Services (AWS). Apptio datacenter providers (including both colocation facilities and AWS) hold industry certifications that include SOC1 Type II, SOC2 Type II, ISO27001:2013, Cloud Security Alliance STAR, among others.

Light Gray
bg-gray-lightest
0
0

Technology

SaaS Applications

Apptio's Technology Business Management (TBM) platform and Software-as-a-Service (SaaS) applications incorporate industry standard technologies for protecting the privacy and security of your data.  Apptio implements technical controls towards ensuring that customer data is protected from compromise and unauthorized access, such as:

  • Connection Security: You connect to Apptio products through Transport Layer Security (TLS) to protect and encrypt data communication.
  • Network Security: Our products incorporate multiple layers of network security, including external firewalls, intrusion detection systems, and security event management systems. Apptio's production environment utilizes a standard 3-tier architecture that includes the top DMZ tier, the middle application tier, and the lower data tier.  The firewalls adhere to industry standard practices and function on a deny-by-default policy.
  • Data Segregation: We isolate your data in multiple ways across our products, which measures may include separate databases for each customer, encryption at rest, and session controls that allow each customer to access only their data.
  • Authentication and Authorization: We provide robust authentication security by controlling log-off times for inactivity, password strength rules, and supporting federated Single Sign-On (SSO) based on industry-standard SAML 2.0.
  • Disaster Recovery and Backups: Disaster recovery is provided through daily backups and restoration to diverse datacenters in the same region. Backups of your data are individually secured and only accessible by authorized personnel on an as-needed basis.
White

Vulnerability Testing & Reporting Policy

 

Vulnerability Testing

Apptio regularly conducts penetration testing and vulnerability scanning in order to ensure our systems are maintained in a secure state at all times. Penetration testing is conducted by our dedicated internal Information Security team, as well as by leading third party security firms. Summary reporting for such third party penetration testing and web application vulnerability scans is available to customers upon request.

 

Reporting

Please report any suspected malicious activity or potential undiscovered security vulnerabilities to infosec@apptio.com for prompt attention.

bg-gray-lightest
0
0
Light Gray