CDM Security Conclusion
Access Control
Only tenants authorized by Identity and Access Management (IAM) can access the CDM console and APIs. In push-pull mode, CDM does not have any listening port enabled in the VPC. For that reason, tenants cannot access instances from the VPC.
Data Transmission Security
CDM runs in tenants' VPCs to ensure data transmission security in terms of network isolation. Data sources that support SSL, such as RDS and SFTP, can be accessed in SSL mode. CDM also allows data of public data sources to be migrated to the cloud. Tenants can use the VPN and SSL to prevent transmission security risks.
Tenant and Network Isolation
CDM instances run in independent VPCs. VPC allows tenants to configure VPC inbound IP ranges to control the IP address segments for accessing CDM. After a CDM instance is deployed in a tenant's VPC, the tenant can configure the subnet and security group to isolate the CDM instance, thereby improving the security of the CDM instance.
Data Encryption
The access information (usernames and passwords) of tenants' data sources is stored in the database of the CDM instance and encrypted using AES-256. The CDM administrators cannot access the database.
Data Deletion
When a tenant delete a CDM instance, all data stored in it will be deleted. Nobody can view or restore the deleted data.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.