1. Administration and security
  2. Bring Your Own Key

At Anaplan, we recognize that your data is one of your most valuable assets. You own your data and we never access it without your permission. Information on our data and platform security measures is always available at trust.anaplan.com.

Now, with Bring Your Own Key (BYOK), you can take ownership of the encryption keys to your model data. If you have access to Anaplan Administration and have purchased the BYOK functionality, you can encrypt and decrypt selected workspaces with your own AES-256 keys. Unlike the system master keys, keys created with BYOK are owned and secured by you. No mechanism exists for Anaplan employees to access your keys.

If you decide to implement BYOK, your keys are hosted by Anaplan and stored in a key manager. A key manager is a physical appliance that safeguards keys from unauthorized access, malicious cyber attack, and physical intrusion. Keys are managed by one or more internal users who are assigned the role of Encryption Administrator. After generating keys in Administration — or uploading from a crypto management application — the Encryption Administrator assigns a key to a workspace in order to encrypt all the models inside. In a BYOK-encrypted workspace, model data is encrypted at rest but not when loaded into memory.

Note: Bring Your Own Key is an additional product that your organization can purchase if it has the Enterprise edition.

How BYOK Protects Your Data

Implementing BYOK can support your IT security aims, including data governance programs, disaster recovery plans, and regulatory compliance.