Frequently asked questions about Cloud Compliance

Contributors netapp-bcammett netapp-tonacki Download PDF of this topic

This FAQ can help if you’re just looking for a quick answer to a question.

What is Cloud Compliance?

Cloud Compliance is a new NetApp cloud offering. Using Artificial Intelligence (AI) driven technology, Cloud Compliance helps organizations understand data context and identify sensitive data across your Azure NetApp Files configurations, Cloud Volumes ONTAP systems hosted in AWS or Azure, and Amazon S3 buckets.

Cloud Compliance provides pre-defined parameters (such as sensitive information types and categories) to address new data compliance regulations for data privacy and sensitivity, such as GDPR, CCPA, and more.

Why should I use Cloud Compliance?

Cloud Compliance can empower you with data to help you:

  • Comply with data compliance and privacy regulations.

  • Comply with data retention policies.

  • Easily locate and report on specific data in response to data subjects, as required by GDPR, CCPA, HIPAA, and other data privacy regulations.

What are the common use cases for Cloud Compliance?

  • Identify Personal Identifiable Information (PII).

  • Identify a wide scope of sensitive information as required by GDPR and CCPA privacy regulations.

  • Comply with new and upcoming data privacy regulations.

What types of data can be scanned with Cloud Compliance?

Cloud Compliance supports scanning of unstructured data over NFS and CIFS protocols that are managed by Cloud Volumes ONTAP and Azure NetApp Files.

Cloud Compliance can also scan data stored on Amazon S3 buckets.

Which cloud providers are supported?

Cloud Compliance operates as part of Cloud Manager and currently supports AWS and Azure. This provides your organization with unified privacy visibility across different cloud providers. Support for Google Cloud Platform (GCP) will be added soon.

How do I access Cloud Compliance?

Cloud Compliance is operated and managed through Cloud Manager. You can access Cloud Compliance features from the Compliance tab in Cloud Manager.

How does Cloud Compliance work?

Cloud Compliance deploys another layer of Artificial Intelligence alongside your Cloud Manager system and Cloud Volumes ONTAP instances. It then scans the data on volumes and indexes the data insights found.

How much does Cloud Compliance cost?

The cost depends on the type of working environment that you’re scanning.

  • Cloud Compliance is offered as part of Cloud Volumes ONTAP and Azure NetApp Files. There are no additional charges from NetApp, but you will incur costs from your cloud provider. Learn more.

  • You need to pay to scan your Amazon S3 buckets. Learn about pricing.

How often does Cloud Compliance scan my data?

Data changes frequently, so Cloud Compliance scans your data continuously with no impact to your data. While the initial scan of your data might take longer, subsequent scans only scan the incremental changes, which reduces system scan times.

Does Cloud Compliance offer reports?

Yes. The information offered by Cloud Compliance can be relevant to other stakeholders in your organizations, so we enable you to generate reports to share the insights.

The following reports are available for Cloud Compliance:

Privacy Risk Assessment report

Provides privacy insights from your data and a privacy risk score. Learn more.

Data Subject Access Request report

Enables you to extract a report of all files that contain information regarding a data subject’s specific name or personal identifier. Learn more.

PCI DSS report

Helps you identify the distribution of credit card information across your files.

HIPAA report

Helps you identify the distribution of health information across your files.

Reports on a specific information type

Reports are available that include details about the identified files that contain personal data and sensitive personal data. You can also see files broken down by category and file type. Learn more.

What type of instance or VM is required for Cloud Compliance?

  • In Azure, Cloud Compliance runs on a Standard_D16s_v3 VM with a 512 GB disk.

  • In AWS, Cloud Compliance runs on an m5.4xlarge instance with a 500 GB io1 disk.

    In regions where m5.4xlarge isn’t available, Cloud Compliance runs on an m4.4xlarge instance instead.

Changing or resizing the instance/VM type isn’t supported. You need to use the default size that’s provided.

Does scan performance vary?

Scan performance can vary based on the network bandwidth and the average file size in your cloud environment.

Which file types are supported?

Cloud Compliance scans all files for category and metadata insights and displays all file types in the file types section of the dashboard.

But when Cloud Compliance detects Personal Identifiable Information (PII), or when it performs a DSAR search, only the following file formats are supported:

How do I enable Cloud Compliance?

First you need to deploy an instance of Cloud Compliance in Cloud Manager. Once the instance is running, you can enable Cloud Compliance when you create a new working environment. You can enable it on existing working environments from the Compliance tab or by selecting a specific working environment.

Activating Cloud Compliance results in an immediate initial scan. Compliance results display shortly after.

How do I disable Cloud Compliance?

You can disable Cloud Compliance from the Working Environments page after you select an individual working environment.

To completely remove the Cloud Compliance instance, you can manually remove the Cloud Compliance instance from your cloud provider’s portal.

What happens if data tiering is enabled on Cloud Volumes ONTAP?

You might want to enable Cloud Compliance on a Cloud Volumes ONTAP system that tiers cold data to object storage. If data tiering is enabled, Cloud Compliance scans all of the data—​data that’s on disks and cold data tiered to object storage.

The compliance scan doesn’t heat up the cold data—​it stays cold and tiered to object storage.

Can I use Cloud Compliance to scan on-premise ONTAP storage?

No. Scanning the data directly from an on-premises ONTAP working environment isn’t supported. But you can scan your on-premises ONTAP data by replicating the on-prem NFS or CIFS data to a Cloud Volumes ONTAP working environment and then enabling compliance. We’re planning to support Cloud Compliance with additional cloud offerings such as Cloud Volumes Service. 

Can Cloud Compliance send notifications to my organization?

No, but you can download status reports that you can share internally in your organization.

Can I customize the service to my organization’s need?

Cloud Compliance provides out-of-the-box insights to your data. These insights can be extracted and used for your organization’s needs.

Can I limit Cloud Compliance information to specific users?

Yes, Cloud Compliance is fully integrated with Cloud Manager. Cloud Manager users can only see information for the working environments they are eligible to view according to their workspace privileges.