Below are frequently asked questions regarding TPM SaaS. If you would like to know additional information about our SaaS solution please visit the following pages or contact our Tenable Support Team.

How is content distributed in the cloud?

Content distribution works the same in both SaaS and self-hosted models. Content is delivered using Tenable Patch’s unique peer-to-peer protocols with a backup to Tenable Patch’s built-in CDN, which is automatically set up to ensure fast, reliable, and efficient delivery across your environment.

How do I manage my on-premises network topology with SaaS?

You can configure on-premises detection policies using criteria such as IP address ranges, DNS resolution, or ping response. This enables the platform to automatically differentiate between internal and external clients and adjust its behavior accordingly. The rest of the network topology remains the same, whether you're using a self-hosted or SaaS deployment. Even with the SaaS option, local peer-to-peer (P2P) content distribution is still fully supported— ensuring efficient delivery within your internal network.

How are administrator and user access managed?

In TPM SaaS Deployment, all administrative accounts and identity providers (e.g., SAML, OIDC) are managed through the Tenable Cloud Portal (cloud.tenable.com/tio/app.html). This centralized approach provides enhanced security and streamlines access control.

Can I use the same workflows or integrations from my self-hosted environment in a SaaS deployment?

Both versions contain the same workflow engine and activities. However, some server-side workflows may require updates to run in SaaS, especially if they rely on unsigned activities that aren't safe in shared SaaS environments.

What if I want to move from self-hosted to SaaS?

While there is currently no direct migration path from Tenable Patch Management On-Prem to the SaaS, existing on-prem users are eligible to move to the SaaS at no additional cost. Users will need to relink all clients and recreate all their patching strategies manually. Contact your Tenable Sales Representative or Tenable Support for assistance on this.

Note: Migration from Tenable Security Center (on-prem) to Tenable Vulnerability Management (SaaS) is currently not supported.

How is the SaaS environment secured?

TPM - SaaS is designed with robust security measures to protect customer data and operations. It is hosted in a secure, cloud-native environment. Tenable Patch is certified under ISO/IEC 27001:2022, an internationally recognized standard for information security management systems (ISMS). This certification ensures that Tenable Patch has implemented rigorous controls for data confidentiality, integrity, and availability. Additionally, all communication between clients and the cloud server is encrypted via HTTPS, and only signed, Tenable Patch-approved workflows are executed on the server to maintain trusted operations.