CDM Security Conclusion

Access Control

Only tenants authorized by Identity and Access Management (IAM) can access the CDM console and APIs. In push-pull mode, CDM does not have any listening port enabled in the VPC. For that reason, tenants cannot access instances from the VPC.

Data Transmission Security

CDM runs in tenants' VPCs to ensure data transmission security in terms of network isolation. Data sources that support SSL, such as RDS and SFTP, can be accessed in SSL mode. CDM also allows data of public data sources to be migrated to the cloud. Tenants can use the VPN and SSL to prevent transmission security risks.

Tenant and Network Isolation

CDM instances run in independent VPCs. VPC allows tenants to configure VPC inbound IP ranges to control the IP address segments for accessing CDM. After a CDM instance is deployed in a tenant's VPC, the tenant can configure the subnet and security group to isolate the CDM instance, thereby improving the security of the CDM instance.

Data Encryption

The access information (usernames and passwords) of tenants' data sources is stored in the database of the CDM instance and encrypted using AES-256. The CDM administrators cannot access the database.

Data Deletion

When a tenant delete a CDM instance, all data stored in it will be deleted. Nobody can view or restore the deleted data.

Previous topic: CDM Security Overview

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel