Home > Data Protection > PowerProtect Data Manager > White Papers > Dell PowerProtect Cloud Snapshot Manager: Architecture and Security > CSM Access to the customer's cloud accounts
CSM discovers and protects resources in AWS, Azure and GCP by using the minimal set of permissions to enable discovery, instance protection, and recovery. To provide CSM, access to the cloud accounts, users should create either a role with permissions described in an Identity Access Management (IAM) policy, or a user for AWS.Cloud accounts using custom roles for Azure and GCP Service Account using custom role. The minimum permissions that CSM requires to function are provided in the AWS permission policy, Azure custom role permissions, and GCP permissions.
CSM orchestrates the creation and deletion of snapshots by using the cloud providers’ native APIs. AWS,Azure and GCP remain the custodians of the data.
CSM communicates securely with the cloud providers through REST API calls made over HTTPS. The encryption protocol used is TLS 1.2/1.3. CSM uses secure SHA-256 with RSA-2048 encryption for secure transmission of data.