Security by Design
Vigilance matched with experience
Architectural and Technical Controls
Architectural and Technical Controls
The security function leverages an array of layered operational and architectural controls designed to further secure our customer environments.
Continuous Monitoring
Continuous Monitoring
Our security operations team is responsible for continuously monitoring the day-to-day security of the SaaS solution. From endpoints to networks, cross-functional teams are continuously observing the operational environments for anomalous events, behaviors, and malware. As threats emerge, the focus shifts to investigating suspicious alerts, events, and incidents. We are vigilant about keeping your data and systems secure.
Incident Response
Incident Response
Our security operations team acts quickly to remediate issues if and when they are detected, while keeping customer resiliency top of mind.
Secure Development Lifecycle
Secure Development Lifecycle
We have established a secure-by-design approach by working closely with our developers, product managers, and operations engineers early on to embed security and privacy into software development processes. From threat modeling to secure design reviews, we assist and empower development and operations teams to hone their security skills. By providing the tools, education, and metrics we quickly derive a common understanding of what needs to be done along the way to continuously drive and scale security into the design fabric.
Security Automation
Security Automation
We follow a “DevSecOps” model that enables us to develop security automation that scales directly alongside our deployment methods so that we can ensure security standardization and architectural strength at scale.
Vulnerability Management
Vulnerability Management
Our vulnerability management process seeks to continuously identify and remediate vulnerabilities in our infrastructure and our software. This is accomplished through regular inspection of our code and monitoring of our infrastructure for vulnerabilities using a variety of automated and manual methods to keep abreast of any changing conditions.
Testing and Verification
Testing and Verification
Dedicated team members evaluate our security capabilities on an ongoing basis, conducting in-depth reviews of AppDynamics SaaS service components. Their job is to ensure the correct people, processes, and technical controls are in place and are working to protect the privacy and security of customer data.
Security Foundation
Security for AppDynamics is driven by a diverse and cross-functional team that designs, builds, deploys, operates, and maintains tools, technologies, and processes that provide our customers with a strong foundational security platform. This mission is carried out in conjunction with Cisco, our parent company, and the largest cybersecurity vendor in the world.
Authentication and Access Controls
Authentication and Access Controls
We offer native standards-based integration with identity providers, and role-based access controls that allow our customers to restrict access to specific software features, data, analytics queries, and APIs.
Encryption
Encryption
AppDynamics ensures the confidentiality and integrity of data for our SaaS environment while it is en route to our platform or stored there. For encryption of data in transit, all AppDynamics endpoints support TLS and AppDynamics encrypts all inter-tier communication over public and non-AppDynamics controlled networks. For encryption of data at rest, AppDynamics SaaS encrypts all customer-identifiable and personally-identifiable data, including backups. AppDynamics leverages AES 256 for encryption of customer-identifiable and personally-identifiable data at rest.
Data Protection Controls
Data Protection Controls
Customers can configure AppDynamics SaaS to protect data in the software. You can set the environment to filter data, enable data suppression, toggle data collectors, and mask data in log files.
Privacy Reminders
Privacy Reminders
To help customers comply with regulatory requirements, we provide data privacy policy reminders in the form of a customizable UI dialogue that appears in all areas where you can configure data collection.
Logging and Audit Controls
Logging and Audit Controls
For customers who wish to audit SaaS environmental activities, audit log data for user behavior and configuration changes is retained and made available. It is also accessible by API.
Security features
The AppDynamics SaaS solution is protected by a wide-range of security features and safeguards. Some of those features are native to the software itself and can be controlled by customers, while others are part of the operational and technical security fabric used to maintain visibility and control of the environment.
AppDynamics is committed to providing strong levels of security assurance for our customers, our partners, and our community. While we continually work hard to prevent and remove vulnerabilities from our software, there always remains the possibility of their existence. If you believe you have discovered a vulnerability in one of AppDynamics’ products, services, websites or other infrastructure, or to report a suspected abuse issue, please contact security@appdynamics.com.
Upon receipt of your inquiry, our security team will triage and respond to your request. We ask for your cooperation on any disclosure surrounding the issue and working responsibly with us toward a common goal of protecting our customers.
We encourage using the AppDynamics Security team’s PGP/GPG key to encrypt communication.
