Security in ONTAP: NetApp IT’s Perspective
By Faisal Salam and David Tanigawa, Sr. Storage Engineers
IT enterprises across all industries are operating with security at top of mind. The threats of ransomware, data breaches, and compromised systems are what keep IT professionals up at night. According to one report, there were almost 24,000 incidents in 2022 and over 5,200 security breaches. These cost billions of dollars, with cybersecurity insurance premiums rising 92 percent year-over-year in 2021.
Cybersecurity is big business. For NetApp IT, our security strategy is built around resiliency and delivering peace of mind to the enterprise. We deliver this with a multi-pronged approach throughout our hybrid cloud ecosystem.
Read more below, or check out a full webinar we did on how we approach security.
A strategy baked into the foundation
Our vision of security speaks to creating resiliency inherent to everything we do. Our security is data-centric, with strong backup and recovery systems in place to provide cover. From users to storage to systems, security is top of mind.
Our vision is based on three defined concepts:
– Secure by Default – NetApp provides a seamless, out-of-the-box experience
– Zero Trust – This is applied throughout the tech stack, through our own products as well as third-party vendors
– Certified – We ensure that we meet the highest industry standards
Focus on the biggest ransomware threats
Cybersecurity will never stop evolving as the threats become more and more sophisticated. We believe that a major threat to the organization is ransomware and have responded with a holistic approach that touches systems and users.
Our own products fight ransomware through detection and prevention, as well as remediation and restoration. It’s a layered strategy that involves numerous NetApp products and solutions.
NetApp ONTAP Autonomous Ransomware Protection
Automatically detects ransomware threats by monitoring for changes in volume workload and data entropy. Creates new snapshots automatically for additional potential recovery points.
Fpolicy (short for file policy) allows us to monitor file access events, as well as blacklist or whitelist files or file types. Used with a Security Information and Event Management (SIEM) system, we’re able to detect more advanced forms of ransomware.
SnapMirror replicates read-only snapshots to additional destination volumes. By using a vault policy type with an appropriate data retention policy, NetApp IT ensures the availability of remote snapshots that can be used for data recovery, even if the primary volume is compromised.
SnapLock Compliance ensures that snapshots cannot be altered or deleted, even by a rogue administrator.
NetApp Cloud Backup
Cloud Backup with DataLock provides protection against ransomware and unauthorized deletions of data in cloud-based and on-prem (StorageGRID) object storage backups.
NetApp ActiveIQ Unified Manager and NetApp Cloud Insights with Cloud Secure
ActiveIQ Unified Manager can monitor and send alerts for abnormal volume growth rate, snapshot reserve usage, and abnormal storage efficiency—all indicators of a potential ransomware attack. Cloud Insights with Cloud Secure ensures security and compliance across hybrid cloud environments by identifying and responding to abnormal user activity events while also displaying alerts for NetApp ONTAP Autonomous Ransomware Protection events.
Zero Trust is the permanent standard
Why yes, we do have trust issues. Zero Trust has become the de facto standard for most enterprises and NetApp is no different. We are strong believers in the concept of “verify and never trust.” This enables us to identify inside threats before they gain access to systems or data.
We accomplish this with a data-centric approach. ONTAP, in conjunction with FPolicy, gives us the tools to implement Zero Trust across the enterprise. We’re able to execute on our strategy, as well as monitor for anomalies within data access. Multi-factor authentication can be used to require an additional verification factor, improving security by requiring more comprehensive user identity verification.
A robust storage security program
It’s this data – and the need to protect it – that is driving behind our robust storage security program. The program is designed to stay ahead of bad actors and ensure that data is safe, wherever or in whatever state it is.
ONTAP powers most of this. From access management to infection detection to auditing, ONTAP is at the center of most of what we do.
We’re using both an onboard key manager, as well as an external version in Thales CipherTrust Manager. Regardless, our strategy is to ensure that every volume that we have on a storage system is encrypted, at the volume or aggregate level.
Cleaning up accounts to eliminate unnecessary users reduces possible exposure and entry points. We constantly audit and monitor accounts for those no longer in use and use CyberArk to automate the management of, well, unmanaged accounts.
This all adds up to an end-to-end strategy to covers NetApp from the most common vulnerabilities. It’s also a strategy that will never stop growing and evolving as new and more sophisticated threats arise.