Data Security in the Cloud

Proven security for your monitoring data

Get a Demo

Secure Monitoring Data, Every Step of the Way

AppNeta uses the latest industry-standard methods of security. We make sure that data transfer and data storage are completely secure. Our products take security into account from start to finish.

SOC 2 Type 2 Certified

AppNeta SOC 2 Type 2 Certification

AppNeta is System and Organization Controls (SOC) 2 Type 2 certified. As a testament to AppNeta’s commitment to security, compliance, and operational control, independent service auditor A-LIGN concluded that AppNeta’s service controls meet the SOC 2 standards. AppNeta is pleased to be able to demonstrate its commitment to safeguarding customer information, and to further validate our security framework we are continually working to exceed the latest standards.

Rely on Strong Data Retention and Roll-ups

These built-in capabilities add to the security of the AppNeta platform:

  • Monitoring Points that have been in a Connection Lost state for 365 days and do not have an active license are removed.
  • Delivery data from continuous monitoring, diagnostics, voice and video tests are kept for 365 days.
  • Path route history is retained for 90 days.
  • Experience milestone details are kept for 45 days. Older tests will contain transaction performance and details only.
  • Usage data is kept for 90 days with no limit on data size.
  • Usage packet captures are kept for 365 days (subject to size limits).

Depend on Secure Storage

AppNeta is hosted on AWS. We use industry-accepted best practices to secure this installation, including Amazon security groups, firewalled ports, SSH-key based machine logins and key rotation. Data access is restricted solely to AppNeta employees, all of whom are under strict confidentiality agreements. Only key engineers may access production data, and then only as a last resort for debugging data-related issues. In addition, support engineers may access your web console to provide guidance as a result of specific incidents or requests.

Send Data Securely

AppNeta uses standard encryption practices to make sure that the information in your packet captures is securely transmitted and stored.


Captures are uploaded to the capture server via SSL, where they remain in encrypted form (AES-256). The symmetric key used for encryption is based on a per-appliance, user-defined passphrase, which you set in the web admin. The passphrase is stored on the appliance in a hashed form (SHA-1).


Captures must be decrypted using the symmetric key created from the passphrase. You are prompted for a passphrase once per appliance per login session; the passphrase is cached only for the duration of the login session. The actual download is via SSL.

Clear Passphrase

As part of appliance decommissioning, the web admin clears the passphrase and packet captures that have not yet been uploaded. If the appliance is no longer being used for packet captures, but you aren't decommissioning it, a separate “clear passphrase” function is available.

Personally Identifiable Information (PII)

AppNeta measures application performance via multiple instrumentation modes, all of which comply with security and privacy standards including HIPAA and PCI-DSS.

One AppNeta method, delivery network instrumentation, is an active network performance measurement method, which operates by sending and receiving internally generated measurement traffic. No customer device or application data is used in this method of network performance monitoring.

Our user experience monitoring functionality uses a web synthetics technique, where web transactions are executed by purpose-built AppNeta Monitoring Points. Customers have full control over all actions taken in the synthetic scripts, and no pages or data outside of those explicitly defined in the script will be accessed. When monitoring applications containing PII, AppNeta best practices require customers to use sample or test records for measurement instead of a real user account.

AppNeta’s usage analysis performs deep packet inspection on network traffic to identify the applications in use on the network. This includes the capability to perform packet capture. All packet captures are encrypted in memory on the Monitoring Point with a FIPS 140-2 and PCI-DSS compliant encryption algorithm (AES-256) to ensure data encryption in transit and at rest. The passphrase for this encryption is set by the customer on the Monitoring Point, and is never shared with AppNeta.

All communications of any kind from the Monitoring Point up to the AppNeta Cloud Platform or a private deployment are encrypted by default with AppNeta. This includes data for the product user interface and for the API.

Customers can optionally choose to use our private cloud deployment, which places our technology platform within your network instead of hosting your data within AppNeta’s cloud.