You are here

Trustworthy and Safe

Apptio’s world-class security measures are designed to protect and serve our customers


Innovation is Built on Trust; Trust Starts with Transparency

You trust Apptio to deliver world-class Technology Business Management applications while handling your data with the utmost care and security. We tune every aspect of our business to deliver on that trust.


NOTE: All information contained represent our current practices. We continuously consider and adopt revisions to our practices in an effort to improve our overall security posture.

Current Alerts

March 1, 2018

SAML Single Sign-on (SSO) System Vulnerability: A vulnerability that affects SAML-based SSO systems was recently disclosed by security researchers.  Exploitation of the vulnerability may allow an attacker with authenticated access to the system to trick vulnerable systems into authenticating as a different user without knowledge of the victim user’s password. 

Apptio analyzed the vulnerability and determined that our SSO systems are not impacted, and that no customer instances or data were at risk.  No further action is planned.


January 4, 2017

On January 3rd, 2018 security researchers disclosed a series of vulnerabilities that impact nearly all Intel, AMD, and ARM processors. These vulnerabilities have been dubbed Meltdown and Spectre and have prompted an industry-wide response that is still currently unfolding.

Apptio is aware of the issue and is currently working to assess the impact of the vulnerabilities to our infrastructure and customers. Apptio considers this to be a top priority and will continue working to address the issue as more information becomes available.



Physical Location

Apptio recognizes that data location is an important consideration for businesses with a global presence. Apptio currently operates its SaaS service out of datacenter in the locations below.  Please let your Apptio representative know if you have a preference for the location of your datacenter:

  • US West Region
  • US East Region
  • EU (Frankfurt) Region
  • EU (Amsterdam) Region
  • EU (Ireland) Region
  • Asia Pacific (Sydney) Region
  • All Apptio datacenters are world-class Tier 3 and Tier 4 data centers providing advanced security and environmental protection. Some of our products utilize Amazon Web Services (AWS). Apptio datacenter providers (including both colocation facilities and AWS) hold industry certifications that include SOC1 Type II, SOC2 Type II, ISO27001:2013, Cloud Security Alliance STAR, among others.


SaaS Applications

Apptio's Technology Business Management (TBM) platform and Software-as-a-Service (SaaS) applications incorporate industry standard technologies for protecting the privacy and security of your data.  Apptio implements technical controls towards ensuring that customer data is protected from compromise and unauthorized access, such as:

  • Connection Security: You connect to Apptio products through Transport Layer Security (TLS) to protect and encrypt data communication.
  • Network Security: Our products incorporate multiple layers of network security, including external firewalls, intrusion detection systems, and security event management systems. Apptio's production environment utilizes a standard 3-tier architecture that includes the top DMZ tier, the middle application tier, and the lower data tier.  The firewalls adhere to industry standard practices and function on a deny-by-default policy.
  • Data Segregation: We isolate your data in multiple ways across our products, which measures may include separate databases for each customer, encryption at rest, and session controls that allow each customer to access only their data.
  • Authentication and Authorization: We provide robust authentication security by controlling log-off times for inactivity, password strength rules, and supporting federated Single Sign-On (SSO) based on industry-standard SAML 2.0.
  • Disaster Recovery and Backups: Disaster recovery is provided through daily backups and restoration to diverse datacenters in the same region. Backups of your data are individually secured and only accessible by authorized personnel on an as-needed basis.

Vulnerability Testing & Reporting Policy


Vulnerability Testing

Apptio regularly conducts penetration testing and vulnerability scanning in order to ensure our systems are maintained in a secure state at all times. Penetration testing is conducted by our dedicated internal Information Security team, as well as by leading third party security firms. Summary reporting for such third party penetration testing and web application vulnerability scans is available to customers upon request.



Please report any suspected malicious activity or potential undiscovered security vulnerabilities to [email protected] for prompt attention.