We believe security is the cornerstone of any legitimate data platform, and we’re excited to announce that Cloudera has successfully achieved SOC 2 Type II certification for Cloudera Data Platform (CDP) Public Cloud. Achieving our SOC 2 certification is the culmination of significant work across our organization and demonstrates to independent auditors that we adhere to industry-standard security controls and processes. Cloudera customers trust CDP, and achieving our SOC 2 certification makes it easier for their Information Security (InfoSec) teams to approve CDP Public Cloud for their production workloads.
The SOC 2 Type II Certification consists of a careful examination by a third party firm of Cloudera’s internal control policies and practices over a specified time period. The SOC 2 certification helps ensure that applications and code are developed, reviewed, tested, and released following the AICPA Trust Services Principles. This means that the CDP Public Cloud service is continuously being developed using audited processes and controls to help ensure the highest level of trust and security.
Achieving SOC 2 is one of the first milestones on our aggressive security and compliance roadmap. You can expect to see further compliance achievements, including expanding Cloudera’s ISO27001 certification to include CDP Public Cloud, FedRAMP, and more, over the coming quarters.
Why is SOC 2 Important?
As Cloudera customers choose to deploy workloads to the public cloud, their InfoSec departments need to make sure the cloud services they choose have the right controls and processes in place to protect their workloads. SOC 2 is a technical auditing and certification process that measures a service’s security and availability and assures customers that CDP Public Cloud is managed in a controlled and audited environment. To achieve our SOC 2 certification, we proved to our auditors that CDP Public Cloud has suitable policies and controls in place, such as:
- A secure software development lifecycle
- Access control that follows “least privilege” best practices
- Detailed logging, monitoring, and alerting
- Encryption controls that meet or exceed best practices
- Completion of internal and external penetration testing
- Active monitoring for intrusion events and security incident handling
- Data backup and disaster recovery
What’s Next?
At Cloudera, we’re committed to doing everything we can to build our customers’ trust in our services. Achieving these compliance milestones ensures that we’re backing that commitment with audited controls and processes so we can make it easier for our customer’s InfoSec teams to approve CDP Public Cloud for their most critical use cases. This year we’re working hard to deliver an aggressive security and compliance roadmap that includes expanding Cloudera’s ISO27001 to include CDP Public Cloud, FedRAMP, and more.
CDP Public Cloud consists of a set of best-of-breed analytic services covering streaming, data engineering, data warehouse, operational database, and machine learning, all secured and governed by Cloudera SDX. To learn more about how you can use CDP to deliver an enterprise data cloud for any data, anywhere, from the Edge to AI, visit cloudera.com/cdp or take an interactive test drive of CDP today. If you would like a copy of our SOC 2 report, please contact your Cloudera account team.