Cloudera Data Platform (CDP) Public Cloud allows customers to maintain full ownership and control of their data and workloads and is designed to operate in some of the most restricted public cloud environments. With CDP Public Cloud, customers run all of their streaming, data engineering, data warehousing, operational database, and machine learning workloads in their own public cloud account and store data in their object stores, ensuring customers have full control over their infrastructure, workloads, and data.
Security & Compliance
Since CDP Public Cloud runs in a customer’s cloud account, Security and Compliance is a shared responsibility between Cloudera and its public cloud customers.
Cloudera’s responsibility "Security of the CDP Public Cloud Service": Cloudera is responsible for the CDP Public Cloud control plane that customers use to launch, manage, and configure their workloads. The CDP Public Cloud Control Plane and its corresponding infrastructure, security, and compliance are fully managed by Cloudera, allowing customers to simply focus on launching the workloads of their choice into their public cloud accounts.
Customer’s responsibility "Security of the Workload Environment": A Workload Environment is a customer-owned public cloud account where CDP Public Cloud services run. When customers use CDP to run their data warehousing, advanced analytics, and machine learning workloads, new cloud resources are provisioned into their public cloud account. Customers are responsible for the security of the resources in their cloud account. To simplify complying with a customer's Information Security guidelines and best practices, CDP Public Cloud provides extensible features including our support for SAML providers, private subnets with restricted outbound internet access, as well as auditing for the CDP Control Plane.
Joint Cloudera and public cloud customer’s responsibilities
Certain activities require coordination between Cloudera and public cloud customers and are shared responsibilities. Examples include:
- Patch Management - Cloudera continuously releases software updates with new functionality, security patches, and bug fixes, but it is the customer’s responsibility to apply those updates.
- Virtual Machines (VMs) and Containers - Cloudera regularly offers updated VMs and containers and it is the customer’s responsibility to upgrade in order to take advantage of these updates.
- TLS Certificates - Cloudera renews TLS certificates, but customers must use the CDP Control Plane to initiate this process.
- Audit Logs - Cloudera stores 90 days of system events in an encrypted database managed by Cloudera. It's the customer's responsibility to configure the automatic export of audit logs to their Amazon S3 or Microsoft ADLS Gen2 cloud object store.
Cloudera’s shared responsibility model for CDP Public Cloud provides customers with the flexibility, control, and ownership they need to manage their data and run their analytics workloads in the public cloud. For more details on our shared responsibility model, please reach out to your Cloudera account executive to get access to our CDP Public Cloud compliance package, or schedule a conversation with our security and compliance team.