With Bring Your Own Key (BYOK), you can take ownership of your model's encryption keys.
To use BYOK, you must have access to Anaplan Administration, and have purchased BYOK. It enables you to encrypt or decrypt selected workspaces with your own AES-256 keys.
Data is one of your most valuable assets. You own your data, and we don't access it without your permission. For information on our data and platform security measures, see trust.anaplan.com.
BYOK is an additional product your organization can purchase if it has the Enterprise edition.
Key manager
Unlike the system master keys, keys created with BYOK are owned and secured by you. No mechanism exists for Anaplan employees to access your keys. Your keys are hosted by Anaplan, but stored in a key manager:
- A key manager is a physical appliance that safeguards keys from unauthorized access, malicious cyberattacks, and physical intrusion.
- Keys are managed by one or more internal users who are assigned the role of Encryption Administrator.
- After you generate keys, or upload them from a crypto management application, the Encryption Administrator assigns a key to a workspace to encrypt all its models.
- In a BYOK encrypted workspace, model data is encrypted at rest, but not when loaded into memory.
How BYOK Protects Your Data
BYOK supports your IT security goals, data governance programs, disaster recovery plans, and regulatory compliance.
