With Bring Your Own Key (BYOK), you can take ownership of your model's encryption keys.

You can also encrypt / decrypt selected workspaces with your own AES-256 keys, if you've access to Anaplan Administration and have purchased the BYOK functionality.

Data is one of your most valuable assets. You own your data, and we never access it without your permission. For Information on our data and platform security measures see trust.anaplan.com.

BYOK is an additional product your organization can purchase if it has the Enterprise edition.

Unlike the system master keys, keys created with BYOK are owned and secured by you. No mechanism exists for Anaplan employees to access your keys. Your keys are hosted by Anaplan, but stored in a key manager. A key manager is a physical appliance that safeguards keys from unauthorized access, malicious cyberattacks, and physical intrusion. Keys are managed by one or more internal users who are assigned the role of Encryption Administrator. After generating your keys, or uploading from a crypto management application, the Encryption Administrator assigns a key to a workspace to encrypt all the models inside. In a BYOK encrypted workspace, model data is encrypted at rest, but not when loaded into memory.

Implementing BYOK can support your IT security aims, including data governance programs, disaster recovery plans, and regulatory compliance.