You are here

Trustworthy and Safe

Apptio’s world-class security measures are designed to protect and serve our customers

Innovation is Built on Trust; Trust Starts with Transparency

You trust Apptio to deliver world-class Technology Business Management applications while handling your data with the utmost care and security. We tune every aspect of our business to deliver on that trust.


NOTE: All information contained represent our current practices. We continuously consider and adopt revisions to our practices in an effort to improve our overall security posture.

Current Alerts


No active alerts at this time.

Physical Location

Apptio recognizes that data location is an important consideration for businesses with a global presence. Apptio currently operates its SaaS service out of datacenters in the regions below.  Please let your Apptio representative know if you have a preference for the location of your datacenter:

  • US West Region
  • US East Region
  • EU (Frankfurt) Region
  • EU (Amsterdam) Region
  • EU (Ireland) Region
  • Asia Pacific (Sydney) Region

All Apptio datacenters are world-class Tier 3 and Tier 4 data centers providing advanced security and environmental protection. Some of our products utilize cloud infrastructure services, such as Amazon Web Services (AWS). Apptio datacenter providers (including both colocation facilities and cloud) hold industry certifications that include SOC1 Type II, SOC2 Type II, ISO27001:2013, Cloud Security Alliance STAR, among others.


SaaS Applications

Apptio's Technology Business Management (TBM) platform and Software-as-a-Service (SaaS) applications incorporate industry standard technologies for protecting the privacy and security of your data.  Apptio implements technical controls towards ensuring that customer data is protected from compromise and unauthorized access, such as:

  • Connection Security: You connect to Apptio products through Transport Layer Security (TLS) to protect and encrypt data communication.
  • Network Security: Our products incorporate multiple layers of network security, including external firewalls, intrusion detection systems, and security event management systems. Apptio's production environment utilizes a standard 3-tier architecture that includes the top DMZ tier, the middle application tier, and the lower data tier.  The firewalls adhere to industry standard practices and function on a deny-by-default policy.
  • Data Segregation: We isolate your data in multiple ways across our products, which measures include logical separation, encryption at rest, and session controls that allow each customer to access only their data.
  • Authentication and Authorization: We provide robust authentication security by controlling log-off times for inactivity, password strength rules, and supporting federated Single Sign-On (SSO) based on industry-standard SAML 2.0.
  • Disaster Recovery and Backups: Disaster recovery is provided through daily backups and restoration to diverse datacenters in the same region. Backups of your data are individually secured and only accessible by authorized personnel on an as-needed basis.

Vulnerability Testing & Reporting Policy


Vulnerability Testing

Apptio regularly conducts penetration testing and vulnerability scanning in order to ensure our systems are maintained in a secure state at all times. Penetration testing is conducted by our dedicated internal Information Security team, as well as by leading third party security firms. Summary reporting for such third party penetration testing and web application vulnerability scans is available to customers upon request.



Please report any suspected malicious activity or potential undiscovered security vulnerabilities to for prompt attention.