Security technical reports
ONTAP continues to evolve, with security as an integral part of the solution. The latest releases of ONTAP contain many new security features that are invaluable for your organization to protect its data across your hybrid cloud, prevent ransomware attacks, and adhere to industry recommended practices. These new features also support your organization's move toward a Zero Trust model.
These technical reports expand on the ONTAP security and data encryption product documentation. |
ONTAP cyber vault
ONTAP cyber vault
NetApp's ONTAP based cyber vault provides organizations with a comprehensive and flexible solution for protecting their most critical data assets. By leveraging logical air-gapping with robust hardening methodologies, ONTAP enables you to create secure, isolated storage environments that are resilient against evolving cyber threats. With ONTAP, you can ensure the confidentiality, integrity, and availability of your data while maintaining the agility and efficiency of your storage infrastructure.
Ransomware
TR-4572: The NetApp solution for ransomware
Learn how ransomware has evolved; and how to identify attacks, prevent the spread, and recover as quickly as possible using the NetApp solution for ransomware. The guidance and solutions provided in this document are designed to help organizations have cyber-resilient solutions while meeting their prescribed security objectives for information system confidentiality, integrity, and availability.
TR-4526: Compliant WORM storage using NetApp SnapLock
Many businesses rely on some use of write once, read many (WORM) data storage to meet regulatory compliance requirements or simply to add another layer to their data protection strategy. Learn how to integrate SnapLock, the WORM solution in ONTAP, into environments that require WORM data storage.
Zero Trust
NetApp and Zero Trust
Zero Trust traditionally has been a network-centric approach of architecting micro core and perimeter (MCAP) to protect data, services, applications, or assets with controls known as a segmentation gateway. ONTAP takes a data-centric approach to Zero Trust in which the storage management system becomes the segmentation gateway to protect and monitor access of our customer's data. In particular, the FPolicy Zero Trust engine and the FPolicy partner ecosystem becomes a control center to gain a detailed understanding of normal and aberrant data access patterns and identify insider threats.
Multifactor authentication
TR-4647: Multifactor authentication in ONTAP best practices and implementation guide
Learn about ONTAP's multifactor authentication capability for administrative access using System Manager, Active IQ Unified Manager and ONTAP secure shell (SSH) CLI authentication.
TR-4717: ONTAP SSH authentication with a common access card
Learn how to configure and test third-party SSH clients, in conjunction with ActivClient software, to authenticate an ONTAP storage administrator via the public key stored on a common access card (CAC) when it is configured in ONTAP.
Multitenancy
TR-4160: Secure multitenancy in ONTAP
Learn how to implement secure multitenancy using storage VMs in ONTAP, including design considerations and recommended practices.
Standards
TR-4401: PCI-DSS 4.0 and ONTAP
Learn how to validate a system against the PCI DSS 4.0 standard and meet the requirements of the controls that you apply to a NetApp ONTAP system.