Merge pull request #4142 from vespa-engine/frodelu/add-audit-log-info

Add information about audit logging

Author: kkraune

en/cloud/security/whitepaper.md

@@ -102,6 +102,12 @@ grant different privileges:
 
 All role memberships are stored in an external identity provider.
 
+#### Control plane audit logs
+All operations against the control plane are persisted in an audit log capturing 
+_timestamp_, _client_, _principal_ (user), _HTTP method_, _resource_ accessed, 
+and _payload_ (for certain requests). As this data can potentially be sensitive, 
+it is available upon request from Vespa Cloud support.
+
 ### Service isolation
 
 <img alt="image" width="100%" src="/assets/img/service-isolation.png" title="Service isolation"/>
@@ -339,4 +345,4 @@ Any unexpected production issue, including security incidents, is handled
 through our incident management process. Non-security incidents are announced
 through our console. Security incidents are communicated directly to affected
 customers.  A post-mortem review process is initiated after every incident. In
-the event of a potential security breach, a forensic investigation is conducted.
+the event of a potential security breach, a forensic investigation is conducted.