Data Storage and Protection
CCC manages different categories of sensitive data to provide secure administration, service deployment, and monitoring. For compliance and transparency, the table below summarizes what types of data CCC stores, where that data resides, how it is protected, and any important notes or limitations. This view clarifies how CCC safeguards user, device, and service information across its environment.
| Data Type | Where It’s Stored | How It’s Protected | Notes |
|---|---|---|---|
| User-related data (local users) | In the CCC database | Credentials hashed before storage; never extracted in plaintext | Directory/SSO users (LDAP/AD) not stored in CCC; only federation metadata retained if enabled |
| HSM administrator password | In the CCC database | Encrypted and protected using the root-of-trust HSM | Required when adding a managed device |
| Keys for CCC–HSM communication | In the root-of-trust HSM | Private key never leaves the HSM; public key used by devices for verification | Ensures authenticated, secure communication |
| Service and partition metadata | In the CCC database | Protected by CCC database access controls | Includes partition size, labels, and configuration details |
| Monitoring and application configuration data | In the CCC database | Protected by CCC database access controls | Applies when monitoring features are enabled |
| CCC database (runtime) | Host machine directory mapped via bind mount or volume mount | Secured by PostgreSQL with persistence configuration | Supports backup/restore for disaster recovery |
| Backups (CCC database) | Host machine file system | Generated using supported PostgreSQL backup mechanisms | Customers responsible for encrypting and storing backup files securely |
| HSM and CCC Logs | CCC log directories | Managed according to customer log access and rotation policies | Contains operational events relevant for compliance audits |
Key Points
-
Clear data separation: CCC organizes data into distinct categories so that user accounts, device information, and monitoring/configuration data are logically separated and managed securely.
-
No external password storage: CCC never stores user passwords from external directories (LDAP/AD, SSO IdPs). These remain managed entirely by your identity provider.
-
Strong encryption for sensitive credentials: Strong encryption for sensitive credentials: Device administrator credentials are encrypted using the root-of-trust HSM, ensuring they remain fully protected.
-
Flexible persistence and backups: Customers control how CCC data is stored and backed up. Depending on your deployment (Podman, Kubernetes, or Helm), CCC supports bind mounts or volume mounts for persistence.
-
Authenticated device communication: Every message between CCC and connected HSM devices is signed with a private key stored in the root-of-trust HSM and verified with the device’s public key, ensuring tamper-proof communication.
-
Reliable backup and recovery: CCC provides built-in mechanisms to back up and restore its database, ensuring recovery without compromising data integrity or security.
-
Audit-ready reference: This section is the single point of truth for understanding what data CCC stores, where it resides, how it is protected, and how customers can manage its lifecycle with confidence.
