In June, our team published the first white paper on Security for Cloud Pak for Data 3.0, which covered a range of security aspects including secure engineering practices, constraints and roles, authentication, encryption, network access, audit logging, privacy and compliance assessments, and best practices. We are publishing a new version of the white paper for 3.5 that you can access at the same location
here.
New content in the 3.5 white paper includes:
* A new SCCs (cpd-noperm-scc) and a new SA (cpd-norbac-sa)
* New user groups
* Explanation on session expiry time and refresh time and guidance for developers to use API keys for long-running programs
* Platform API key and Service Instance API key
* Mention of how passwords are stored internally in the database using one-way hash and unique salts
You can use this new discussion thread for security questions for 3.0 or 3.5.
------------------------------
Sandeep Deodikar
------------------------------
#CloudPakforDataGroup