Cloud Pak for Data Group

New Security white paper for 3.5

  • 1.  New Security white paper for 3.5

    Posted Wed December 02, 2020 04:57 PM
    Edited by Shannon Rouiller Wed December 02, 2020 05:01 PM
    In June, our team published the first white paper on Security for Cloud Pak for Data 3.0, which covered a range of security aspects including secure engineering practices, constraints and roles, authentication, encryption, network access, audit logging, privacy and compliance assessments, and best practices. We are publishing a new version of the white paper for 3.5 that you can access at the same location here.

    New content in the 3.5 white paper includes:

    * A new SCCs (cpd-noperm-scc) and a new SA (cpd-norbac-sa)
    * New user groups
    * Explanation on session expiry time and refresh time and guidance for developers to use API keys for long-running programs
    * Platform API key and Service Instance API key
    * Mention of how passwords are stored internally in the database using one-way hash and unique salts

    You can use this new discussion thread for security questions for 3.0 or 3.5.

    ------------------------------
    Sandeep Deodikar
    ------------------------------