Skip to main content

Appian Protect: Security monitoring, end-to-end encryption, and more

Appian Protect provides security and monitoring to protect sensitive and regulated data across healthcare, financial services, government, and more.

Appian Protect meets the strictest security standards:

A+ in Security

Qualys SSL Labs

Qualys SSL Labs provides deep analysis of the security configuration of web servers on the Internet, specifically the SSL/TLS configuration. Appian Cloud’s web-tier is rated as an A+.

Compliance and certifications

  • SOC 2 Type II 
  • SOC 3
  • PCI DSS 
  • FDA 21 CFR Part 11
  • DoD Impact Levels 4 and 5 in US Federal
  • FedRAMP
  • StateRAMP
  • Canada Protected B
  • UK Cyber Essentials Plus
  • Spain’s National Security Framework (ENS)
  • NIST

View the full list

Strong security out of the box for all users

  • Distributed denial-of-service (DDoS) protection 
  • Data loss prevention (DLP) 
  • Incident response 
  • 24/7/365 monitoring with security orchestration, automation, and response (SOAR), built as an Appian app 
  • Real-time intrusion detection and monitoring
  • Comprehensive antivirus scans
  • Enterprise-ready authentication and authorization with single sign-on (SSO) 
  • Integration authentication 
  • Inbound API authentication 
  • Encrypt sensitive data fields in user interfaces 
  • Row-level data fabric security with user access preview

View full list of security features

Advanced security features aligned to premium tiers

  • Custom TLS policies
  • Trusted IP allow lists
  • AWS PrivateLink (inbound and outbound) 
  • Multiple private connectivity options including VPN (inbound and outbound, dynamic and fault tolerant) 
  • Bring your own key (BYOK) 
  • Database encryption 
  • Log streaming 
  • Dedicated virtual private cloud (VPC) 
  • Annual customer audit 
  • Site data audit requests 
  • Annual security questionnaire

View full list of security features

Encryption and data isolation

  • Transport Layer Security (TLS) for end-user connections
  • Disk encryption to secure data at rest
  • Customer data backups are encrypted
  • Secure connection channels with customer data sources
  • Each customer is allocated a virtual server(s) and virtual drive(s) for application server, Appian application, and database use—and these are never shared with other customers


Continuous monitoring

  • Monitoring for advanced threats using our proprietary SOAR platform (built on Appian)
  • Security notifications
  • Performance and health
  • Platform response times
  • Uptime/availability
  • Compliance auditing

Security controls aligned to leading frameworks

  • Access controls and authentication
  • Audit and accountability
  • Contingency planning
  • Incident response
  • Personnel and physical security
  • Risk assessment
  • System acquisition and integrity
  • Systems communication protection

Appian’s tenancy and data storage protocol

  • Local geography hosting
  • Data segmentation
  • Application segmentation
  • Data replication within the same region
  • Tenant instance isolation
  • Regulatory compliance

Defense-in-depth protection

  • Network intrusion detection system (IDS)
  • Host IDS
  • Web application firewall
  • Network layer firewalls
  • File integrity monitoring
  • Strict access controls between infrastructure tiers

Third-party vulnerability testing and security reviews

  • Vulnerability scanning
  • Internal penetration testing
  • External penetration testing
  • Isolation architecture exploitation
  • Customers are encouraged to perform their own vulnerability testing.

Personnel policies for globally distributed teams

  • Appian Cloud personnel located in the United States, Canada, United Kingdom, Spain, Germany, Italy, Australia, Japan, and India (expected 2023) 
  • Formal screening process that includes a required background check
  • Extensive cloud security training
  • Continuous training on operational practices

Security incident reporting

  • All submissions are investigated by the Security Incident Response Team
  • Appian takes appropriate action in the form of hotfixes, upgrades, or published mitigation information
  • Appian notifies affected customers

Report a Vulnerability

Report an Incident

Appian Protect offers one basic tier for all customers and three premium support tiers for advanced security:

Appian Protect






World-class platform security monitoring and response by the Appian security team using Appian's proprietary security orchestration, automation, and response (SOAR) solution

Data loss prevention (DLP)

Real-time intrusion detection monitoring and response for the Appian Platform

Comprehensive antivirus scanning

Enterprise-ready authentication and authorization with SSO (built-in or connect to your LDAP, SAML, OpenID Connect,, PIEE)

Integration authentication (OAuth 2.0, Google Service Account authentication, AWS Signature v4 authentication)

Inbound web API authentication (API keys, OAuth 2.0)

Encrypt sensitive data fields in user interfaces

Row-level data fabric security with user access preview

VPN (inbound and outbound, dynamic and fault-tolerant)


AWS PrivateLink (inbound and outbound)


Trusted IPs


Custom TLS policies


Bring your own key (AWS HSM or AWS KMS)


Appian Cloud database encryption with AWS KMS


Log streaming


Dedicated VPC


Annual customer audit


Site data audit requests


Annual security questionnaire


†Available to both Appian Cloud and self-managed customers.

Report an issue.

We work hard to maintain the highest levels of security. Help us continue to provide premium security by reporting any security concerns you might have. We investigate every report. 

Learn more about our security offerings.