Appian keeps your data safe.

Appian Cloud is built from the ground up for security, scalability, and reliability, and meets multiple industry security standards for compliance and data privacy.

Report an Incident

Cloud Security

A+ in Security

Qualys SSL Labs provides deep analysis of the security configuration of web servers on the Internet, specifically the SSL/TLS configuration. Appian Cloud’s web-tier is rated as an A+.

Security Controls

Align to leading NIST, PCI and other frameworks

  • Access Controls and Authentication
  • Audit and Accountability
  • Contingency Planning
  • Incident Response
  • Personnel and Physical Security
  • Risk Assessment
  • System Acquisition and Integrity
  • Systems Communication Protection

Appian Cloud’s Security and Authentication Capabilities

Enterprise security features

  • SAML, LDAP, Active Directory
  • PCI DSS compliant login and password management features
  • Virtual Private Network (VPN) for extending your data center
  • Bring Your Own Key (BYOK) to secure the disk that stores your data
  • Role-based, delegated administration platform security

Appian’s Storage Protocol

Tenancy and data

  • Local geography hosting
  • Data segmentation
  • Application segmentation
  • Data replication within the same region
  • Tenant instance isolation
  • Regulatory compliance

Continuous Monitoring

Monitored 24x7x365

  • Continuous security monitoring for advanced threats
  • Security notifications
  • Performance and health
  • Platform response times
  • Uptime/availability
  • Compliance auditing

Defense-in-Depth Protection

Multiple layers of security which apply defense-in-depth security strategy to the global infrastructure.

  • Network intrusion detection system (IDS)
  • Host IDS
  • Web application firewall
  • Network layer firewalls
  • File integrity monitoring
  • Strict access controls between infrastructure tiers

Encryption & Data Isolation

Security of data in transit and at rest using strong encryption.

  • Transport Layer Security (TLS) for end-user connections
  • Disk encryption to secure data at rest
  • Customer data backups are encrypted
  • Secure connection channels with customer data sources
  • Each customer is allocated virtual server(s) and virtual drive(s) for application server, Appian application, and database use. These are never shared with other customers

Vulnerability Testing

Appian contracts an independent expert security firm to perform tests on Appian Cloud.

  • Vulnerability scanning
  • Internal penetration testing
  • External penetration testing
  • Isolation architecture exploitation

Customers are encouraged to perform their own vulnerability testing.

Personnel

Appian Cloud personnel are located alongside our services and engineering staff in the USA, Australia, and the United Kingdom.

  • Formal screening process that includes a required background check
  • Extensive cloud security training
  • Continuous training on operational practices

Security Incident Reporting

Appian takes security seriously. We encourage reporting security vulnerabilities and security incidents to Appian.

  • All submissions are investigated by the Security Incident Response Team
  • Appian takes appropriate action in the form of hotfixes, upgrades, or published mitigation information
  • Appian notifies affected customers