Author: Tristan Colgate is a Certified Master Anaplanner and Managing Director at Fidenda.
This month is Cybersecurity Awareness Month and cybersecurity is an important topic for anyone involved in developing and maintaining Anaplan solutions. We are often storing sensitive information such as financial, employee, customer, commercial, and operational data in our Anaplan models; it’s essential that we take the security of this information seriously. There’s a wealth of information on this topic on the Anaplan website, both in the help, product information and community pages. My purpose is writing this blog was to bring that information together in one place — at a high level — to give an overview of all security considerations. It should be seen as a starting point for anyone tasked with ensuring that their organization’s Anaplan solution is as secure as it can be.
Understanding Anaplan's security foundation
Before diving into specific security practices, it's important to understand that Anaplan was built from the ground up using the core principles of information security, known as the AIC triad:
- Availability: Ensuring that information and systems are accessible when needed by authorized users. Anaplan achieves this through redundant infrastructure, geographically distributed data centers, and robust business continuity measures.
- Integrity: Maintaining and ensuring the accuracy and consistency of data throughout its entire lifecycle. Anaplan employs ACID-compliant (Atomicity, Consistency, Isolation, Durability) transaction principles to guarantee data remains in a known, valid state.
- Confidentiality: Preventing the disclosure of information to unauthorized individuals or systems. Anaplan implements this through comprehensive access controls, encryption, and secure data transmission protocols.
With this foundation in mind, let's explore how organizations can enhance security across different aspects of their Anaplan implementation.
User access: The first line of defense
The most sophisticated security infrastructure can be compromised by poor user access practices. Here are essential considerations for securing user access within your Anaplan environment:
Single Sign-On (SSO) implementation
Nowadays almost all organizations use SSO to control user access to their enterprise IT solutions. I strongly recommend expanding SSO coverage to include Anaplan. This brings several benefits.
- Streamlined authentication: Users access Anaplan through your organization’s identity provider, reducing password fatigue and creating a more seamless experience.
- Enhanced security: SSO supports multi-factor authentication (MFA), dynamic filtering, and customer policy controls.
- Centralized control: User access can be immediately revoked through your identity management system when staff leave or change roles.
- Compliance support: Simplifies audit trails for access management and demonstrates good security governance.
- Reduced administrative burden: Decreases help desk tickets related to password resets and account lockouts.
Anaplan's SSO capabilities are SAML 2.0 compliant and integrate seamlessly with major identity providers like Okta, Ping, Entra ID (formerly Azure AD), and other SAML 2.0 identity federation services. Setting up SSO typically requires coordination between your IT security team and Anaplan administrators, but the security benefits far outweigh the initial setup complexity. Set up is performed in the Administrator console.
If your organization doesn’t use SSO, then access to Anaplan will be secured through users entering passwords. Rest assured that Anaplan enforces several policies to ensure password security:
- Password complexity requirements: Minimum eight characters, at least one uppercase, one lowercase, one numeric.
- Password lifecycle management: Mandatory password changes every 90 days.
- Account protection: lockout after several consecutive failed login attempts, automatic session termination after a period of inactivity, secure password reset processes.
- Admin controls: forcing password resets, audit logging of password-related activities.
Endpoint protection
Securing the devices from which your end users access your Anaplan environment is equally important. Your organization likely already has policies governing the following, but for completeness I recommend the following:
- Device security: Ensure company devices have up-to-date antivirus/antimalware protection.
- Patch management: Apply regular security patches and updates to operating systems and browsers.
- Browser security: Ensure users are not able to install browser add-ons that have not been verified by your security team. In particular there are browser extensions that advertise features that make Anaplan Model Building easier. I would recommend not using these extensions as, by their nature, they are given access to analyze the content of Anaplan screens and so could have access to sensitive information. I recommend only trusting functionality from Anaplan in this regard.
- Mobile device management: Implement policies to secure smartphones and tablets that access Anaplan.
- Network security: Configure firewall rules and IP allow listing for Anaplan access.
- Public access restrictions: Educate users about the risks of accessing Anaplan from unsecured public networks.
- Other: Many organizations implement a secure workspace policy that specifies requirements for devices accessing business-critical applications like Anaplan, including automatic screen locking, disk encryption, and minimum security software requirements.
Integration security: protecting data in transit
As Anaplan connects with other systems in your enterprise architecture, securing these integrations becomes critical to maintaining your overall security posture.
Integration options overview
Anaplan offers several methods for data integration, each with specific security considerations:
- Manual file upload/download: Simple but requires governance around file handling. Ensure the locations in which files are situated are secured.
- Anaplan Connect: Command-line Java executable that can be installed on-premise behind the firewall and connects with Anaplan via the API. Here, ensure restricted access to the Anaplan Connect configuration and executable files on the operating system where they reside to prevent them being adapted to compromise security. I recommend using certificate authorization, rather than storing usernames and passwords in configuration files.
- Anaplan CloudWorks: Native connectivity to cloud storage solutions like AWS S3, Google Cloud Storage, and Azure Blob Storage. The security features of these platforms should be used to (a) restrict user access to file locations and configuration and (b) use allow lists to ensure only traffic from Anaplan sites is accepted when invoking services through their API.
- Anaplan Data Orchestrator (ADO): An integration platform with standard extractors, transformation capabilities, and loading functionality. As with CloudWorks, this provides access to hyperscaler platforms, with similar considerations around security. ADO also provides access to other platforms such as Snowflake and SQL Server — the same principles as those for hyperscaler access are recommended, with attention to the specific nuances of those platforms.
- APIs: Rich suite of APIs for programmatic interaction with Anaplan. See section below for best practice security considerations here.
- Third-party ETL tools: Various commercial ETL tools with Anaplan connectors
API authentication and authorization
When using Anaplan's APIs, I recommend implementing these security best practices:
- Certificate-based or OAuth2 authentication: Use certificates or OAuth2 rather than basic authentication where possible. Basic authentication requires usernames and passwords to be stored, which can compromise security.
- Least privilege: Apply the principle of least privilege for API access, granting only necessary permissions to the Anaplan user account being used for authentication. Use the role-based authorization functionality of Anaplan to achieve this.
- Monitoring: Track API usage for unusual patterns that might indicate security issues.
- Error handling: Implement secure error handling that doesn't expose sensitive information.
API documentation should be treated as sensitive information, and access to API keys should be strictly controlled through your organization’s secrets management process.
Anaplan's built-in security framework
Anaplan provides a multi-layered security architecture that organizations can configure to meet their specific security requirements. I recommend careful consideration at the beginning of any project to ensure the set-up of tenants, workspaces, models and user roles supports data security requirements, as well as functional requirements. Below, I go through each level of the framework and explain the key decisions and considerations as regards security.
Tenant-level security
The Anaplan tenant represents your organization’s dedicated Anaplan environment:
- Isolation: Tenants are completely isolated from other customers' environments. This gives you built-in confidence that your data cannot be accessed beyond your organization.
- Administrative control: Tenant administrators manage global settings and user access.
- Configuration management: Security settings like SSO, certificates, and IP allow lists are managed at this level — ensure these are set to optimize security of your data.
- Audit capabilities: Comprehensive logging of administrative actions — I recommend processes to regularly review these logs from a security perspective.
Tenant administration should be limited to a small group of trusted administrators with appropriate security training.
Workspace structure for security isolation
Workspaces provide an additional layer of isolation within your Anaplan tenant. In particular, it enables you to grant user access at the Workspace level. I recommend designing your workspaces with the following in mind from a security perspective:
- Sensitive data segregation: Place models with particularly sensitive data in dedicated workspaces.
- Functional segregation: Separate workspaces can be used to segregate models and data from a process perspective; this can be helpful in managing different sets of users who access different models within the tenant.
- Development/test/production: Separate production models from development and testing environments. This enables wider access being granted to development and test environments that can be populated with ‘dummy’ data so that productive workspaces can have tighter user security to control access to sensitive company data.
A well-designed workspace structure balances security considerations with usability, ensuring appropriate data isolation without creating unnecessary silos.
Model security configuration
Anaplan’s model-level security settings represent a sophisticated framework for ensuring that users can only access the data and functionality they are entitled to. I recommend not leaving configuration of these settings until the end of the implementation project. Rather, the architecture of the Anaplan solution should be designed from the ground up with security considerations in mind — this will have an impact on the structure of lists, modules, and app screens.
- Model roles: Create specific roles based on business function or data access requirements — design of your model roles should go hand-in-hand with the process design you perform during Foundations. Good process design will include a definition of the actors in the process, their roles, responsibilities, and data access needs.
- Module access: Control read/write/none access to specific modules within a model. Being specific about access at this level ensures that user access defined at the app level cannot be bypassed by users accessing the underlying model.
- Selective access: Restrict access to specific lists and list items on a user-by-user basis. As well as ensuring data security, sophisticated use of selective access to risks enhances the user experience by ensuring that users only see relevant data in drop-downs and reports.
- Dynamic cell security: Implement cell-level access control for highly granular security. This is particularly useful in detail examples where, for example, granular data (e.g. employee salaries) should be masked from certain users, perhaps with aggregates being visible.
- App security: Access to apps and individual pages should be set through the user roles. Not only does this enhance security, but it simplifies the user experience by only exposing functionality relevant to the user and their role.
Sensitive data protection
Beyond access controls, consider these measures for sensitive data:
- Data masking: Mask sensitive personal data when displayed in dashboards.
- Aggregation: Use aggregation for reporting on sensitive information to prevent identification of individuals.
- Data classification: Implement a classification system for data within Anaplan to guide security controls.
- Minimum necessary: Apply the principle of minimum necessary data, importing only required fields.
- Retention policies: Establish clear data retention and archiving policies aligned with regulatory requirements.
Monitoring and governance
Maintaining security requires ongoing vigilance and governance processes:
Audit and monitoring
- Log review: Regularly review Anaplan audit logs for unusual activity patterns.
- Access reconciliation: Periodically verify that user access matches authorized levels.
- Activity monitoring: Monitor system usage for anomalies that might indicate security issues.
- Integration monitoring: Track the performance and security of integration processes.
- Alerting: Implement alerts for critical security events requiring immediate attention.
Security governance
- Regular reviews: Conduct periodic security reviews of your Anaplan implementation.
- Access recertification: Implement regular access recertification processes.
- Policy enforcement: Ensure adherence to organizational security policies.
- Documentation: Maintain current documentation of security controls and configurations.
- Training: Provide regular security awareness training for Anaplan users and administrators.
Ensure that your COE has clear responsibilities for establishing Anaplan security governance.
Conclusion
As we mark Cybersecurity Awareness Month, it's worth remembering that security is a shared responsibility. Anaplan provides robust security foundations — from data encryption to granular access controls — but effective implementation requires thoughtful configuration and governance by your organization. By implementing these best practices, you can ensure your Anaplan environment remains secure while continuing to deliver the planning insights your business relies on. Security should be viewed not as a barrier to effective planning but as an enabler that provides confidence in the integrity and confidentiality of your planning processes and data. The most effective approach to Anaplan security combines technical controls with clear policies, ongoing governance, and user awareness. By addressing security holistically across your Anaplan implementation, you create a foundation for trusted planning that supports your organization’s strategic objectives.
Questions or anything to add? Leave a comment!