Skip to main content
ONTAP Technical Reports

Security technical reports

Contributors netapp-chrisgeb netapp-aherbin

ONTAP continues to evolve, with security as an integral part of the solution. The latest releases of ONTAP contain many new security features that are invaluable for your organization to protect its data across your hybrid cloud, prevent ransomware attacks, and adhere to industry recommended practices. These new features also support your organization's move toward a Zero Trust model.

Note

These technical reports expand on the ONTAP security and data encryption product documentation.

ONTAP cyber vault

ONTAP cyber vault
NetApp's ONTAP based cyber vault provides organizations with a comprehensive and flexible solution for protecting their most critical data assets. By leveraging logical air-gapping with robust hardening methodologies, ONTAP enables you to create secure, isolated storage environments that are resilient against evolving cyber threats. With ONTAP, you can ensure the confidentiality, integrity, and availability of your data while maintaining the agility and efficiency of your storage infrastructure.

Ransomware

TR-4572: The NetApp solution for ransomware
Learn how ransomware has evolved; and how to identify attacks, prevent the spread, and recover as quickly as possible using the NetApp solution for ransomware. The guidance and solutions provided in this document are designed to help organizations have cyber-resilient solutions while meeting their prescribed security objectives for information system confidentiality, integrity, and availability.

TR-4526: Compliant WORM storage using NetApp SnapLock
Many businesses rely on some use of write once, read many (WORM) data storage to meet regulatory compliance requirements or simply to add another layer to their data protection strategy. Learn how to integrate SnapLock, the WORM solution in ONTAP, into environments that require WORM data storage.

Zero Trust

NetApp and Zero Trust
Zero Trust traditionally has been a network-centric approach of architecting micro core and perimeter (MCAP) to protect data, services, applications, or assets with controls known as a segmentation gateway. ONTAP takes a data-centric approach to Zero Trust in which the storage management system becomes the segmentation gateway to protect and monitor access of our customer's data. In particular, the FPolicy Zero Trust engine and the FPolicy partner ecosystem becomes a control center to gain a detailed understanding of normal and aberrant data access patterns and identify insider threats.

Multifactor authentication

TR-4647: Multifactor authentication in ONTAP best practices and implementation guide
Learn about ONTAP's multifactor authentication capability for administrative access using System Manager, Active IQ Unified Manager and ONTAP secure shell (SSH) CLI authentication.

TR-4717: ONTAP SSH authentication with a common access card
Learn how to configure and test third-party SSH clients, in conjunction with ActivClient software, to authenticate an ONTAP storage administrator via the public key stored on a common access card (CAC) when it is configured in ONTAP.

Multitenancy

TR-4160: Secure multitenancy in ONTAP
Learn how to implement secure multitenancy using storage VMs in ONTAP, including design considerations and recommended practices.

Standards

TR-4401: PCI-DSS 4.0 and ONTAP
Learn how to validate a system against the PCI DSS 4.0 standard and meet the requirements of the controls that you apply to a NetApp ONTAP system.