AppDynamics Security Overview

If there’s one thing that AppDynamics takes more seriously than application performance, it’s the security of customer data. AppDynamics undergoes a strict auditing process twice a year to ensure that controls across the entire company demonstrate SOC 2 compliance and have been audited and approved by an independent auditing firm. Customers may request AppDynamics’ SOC 2 report at any time. 

AppDynamics’ data center provider is also SOC 2 Type II certified. In addition, AppDynamics is EU Safe Harbor certified.

What is SOC 2?

The American Institute of Certified Public Accountants (AICPA) established the SOC 2 validation process to effectively replace the Statement on Auditing Standards (SAS) 70, for service organizations to demonstrate they have adequate internal processes and controls in place surrounding security and operations. AppDynamics’ SOC 2 attestation included the following Trust Services Principles:

  • Security, ensuring the system is protected against unauthorized access (both physical and logical).

  • Availability, indicating the system is available for operation and use as committed or agreed.

  • Confidentiality, indicating the system procedures of inputs are consistent with the documented confidentiality policies.

Security Anatomy of AppDynamics


The hosted version ("SaaS") of AppDynamics’ software is managed by a third party data center provider that is SOC 2 Type II compliant. Access to the software platform infrastructure and data by AppDynamics’ personnel is secured by authentication methods including public key authentication, passwords and network access control lists. Infrastructure and data access is restricted to AppDynamics’ employees and contractors subject to confidentiality agreements. System and network activity for the software are regularly monitored by a team of engineers. Failed authentication attempts are audited and engineers are paged so that intrusions or threats can be investigated. Standard firewall policies are deployed to block access except to ports required for software and agent communication.

Access to collected data and data collection features is restricted to authenticated customer users by role-based access controls (RBAC) and native access to the software’s database is not allowed.


Servers for the software are operated in fault-tolerant architecture in a manner designed to ensure availability. Data is backed up nightly and stored redundantly. AppDynamics also provides a geographically diverse off-site backup service. Software security updates and patches are evaluated by engineers and are deployed based upon the security risks and stability benefits they offer to the software and customers.

Processing Integrity

Ensuring that customer data flows through secure and trusted processes is built into the foundation of AppDynamics and is taken into account when building internal processes. From customer support to financial processing, AppDynamics aims to keep customer data integrity intact to avoid duplicate processing, data corruption and data loss. SOC 2 compliance provides AppDynamics customers the necessary assurance that processing integrity exists and that AppDynamics maintains the controls in place to ensure transactions are processed reliably, securely and in conformity with the requirements for SOC 2.

Sensitive Data

Customers with particular concerns about the data collected by AppDynamics’ software should avoid the following: (1) applications that send sensitive data in URL query parameters; (2) enabling HTTP request parameter capture; or (3) enabling bind variable capture.

Secure Connections

AppDynamics’ software agents collect the performance and health metrics of an application, its related dependencies, and underlying infrastructure.

Agents initiate connections to a single controller, which can either be hosted on-premise by the customer or by AppDynamics via the AppDynamics’ software-as-a-service platform. If a customer downloads the AppDynamics’ software agent from the customer’s controller (ie., using the installation wizard provided by AppDynamics), then transport layer security (TLS) for agent-to-controller communication is enabled by default. For other installations, AppDynamics recommends enabling SSL/TLS encryption for agent communications. For detailed instructions please see Agents also support outbound HTTP proxies for customers using these security mechanisms. For software user interface access, AppDynamics uses encryption terminated at the server.  

For more information on data privacy or security processes please contact or your account representative. To report a suspected security breach, contact