Cloudera is investigating the log4j2 CVE-2021-45105 Denial of Service attack vulnerability. We will issue a Technical Service Bulletin (TSB) once we assess the impact of this vulnerability.  Cloudera is aware of both the Log4j2 (CVE-2021-44228) and Log4j 1.x (CVE-2021-41046) vulnerabilities. A TSB was published on 12/12/2021 that details Cloudera products affected by CVE-2021-44228 and their remediation steps. For more details, see our Blog post. After evaluating CVE-2021-41046, no Cloudera products are impacted. For more information, see our Cloudera Community post.



Transparency is essential to security

Cloudera's priority is to make your experience with our products safe and secure.  This means you have the information you need to feel comfortable managing your data and utilizing multi-function analytics in the cloud. That’s why we created this Trust Center, to bring together the latest Cloudera security, compliance, and system performance information, accessible from one central location.

Our approach

Certified secure

Cloudera continually strives to apply industry best practices, validated through third-party audits and certifications. For example, our ISO 27001 and SOC 2 Type II certifications help ensure CDP is developed, reviewed, tested, and released following the ISO and AICPA Trust Services Principles. This means CDP Public Cloud is continuously being developed using audited processes and controls to help ensure the highest level of trust and security.

Security practices

Security first development

Earning our customers’ trust is our top priority. We’re committed to building security-focused engineering teams that follow our Secure Software Development Life Cycle (SSDLC). Using developer training, education, and our prescribed security best practices, each of our development teams makes sure CDP features and services are designed with security first.

Shared responsibility, risk & compliance

From the beginning, we designed security into the Cloudera Data Platform (CDP) Public Cloud. CDP Public Cloud follows a shared responsibility model, providing customers with complete control over the compute and storage resources running in their public cloud account. With advanced security features such as support for custom AMIs and support for AWS PrivateLink and Azure Private Link, customers can deploy the CDP Public Cloud in some of the most restricted cloud environments.

Production service operations

Built to be cloud-native, CDP Public Cloud leverages sophisticated cloud security technologies and runs on the Amazon Web Services (AWS) cloud-computing service, benefitting from Amazon’s secure, world-class data centers, which are certified for ISO 27001, and SOC 1 / SSAE-16. The result is a service that is secure and resilient, giving you the confidence to trust your most demanding workloads with CDP.


Achieving Cloud Compliance with CDP Public Cloud


Understanding Cloudera Data Platform Security

World-class training, support, & services

Your form submission has failed.

This may have been caused by one of the following:

  • Your request timed out
  • A plugin/browser extension blocked the submission. If you have an ad blocking plugin please disable it and close this message to reload the page.