CODEWITHSUNDEEP
securityapm
Masum
Masum

Reputation: 439

Security risks of using Application Performance Monitoring tools

Are there any security risks of using an Application Performance Monitoring tools like Dynatrace?

Upvotes: 3

Views: 1519

Answers (3)

Elad
Elad

Reputation: 11

Full disclosure - I am the COO at Correlsense. Most of the deployments are going through security checks - so I thought it would be best to share with you the latest questions I received from a client:

  1. APM agents are usually intrusive - how can we make them "safe" installed?
  2. APM agents reports sensitive date - how can we filter data? from the agent and from the server.
  3. APM agents report to the cloud - how can we make sure other clients do not see the info?
  4. APM agents need an open port between the monitored server and the dashboard - how can we secure this communication?
  5. How can we prevent data from one app to be exposed to other apps owners?
  6. How can we prevent you as a vendor to have access to our data (more relevant to SAAS solution)
  7. Can we encrypt the data in the server?
  8. How often you update your software with security patches

I hope this helps. Good luck mate. Elad

Upvotes: -1

Jonah Kowall
Jonah Kowall

Reputation: 597

It mostly depends who's managing your data, if you deploy the products on premises it's as secure as your infrastructure and operations are. Most APM tools don't encrypt data, and most of the products use relational data stores. If you take the DB, you'd have a lot of good end user data.

That being said if you are using a SaaS product often times the data is safer due to the certifications involved and the fact that they keep the product versions current.

Just a FYI I work for AppDynamics, and we deploy both on premises and SaaS regularly. Dynatrace is almost always deployed on premises.

Upvotes: 0

Andreas Grabner
Andreas Grabner

Reputation: 655

APM tools such as Dynatrace install and execute code in your own application. That obviously opens up a lot of questions regarding security. Dynatrace is typically deployed "on-premise" which means that do data collected ever leaves your own data center. As compared to SaaS-only APM solutions - where you send data to an external service provider - Dynatrace gives you that level of security. Dynatrace also adheres to different security standards - check out our white paper on this: https://community.compuwareapm.com/community/display/DOCDT61/Security+and+Compliance+Whitepaper

If you have any additonal questions feel free to post them here or use our own Dynatrace Community Forum: https://community.compuwareapm.com/community/display/DTFORUM/dynaTrace+Forums+Home

Andi

Upvotes: 2

Related Questions