Secure StorageGRID data and metadata in an object store
Suggest changes
PDFs
Discover the integral security features of the StorageGRID object storage solution.
This is an overview of the many security features in NetApp® StorageGRID®, covering data access, objects and metadata, administrative access, and platform security. It has been updated to include the newest features released with StorageGRID 11.9.
Security is an integral part of the NetApp StorageGRID object storage solution. Security is particularly important because many types of rich content data that are well suited for object storage are also sensitive in nature and subject to regulations and compliance. As StorageGRID capabilities continue to evolve, the software makes available many security features that are invaluable for protecting an organization’s security posture and helping the organization adhere to industry best practices.
This paper is an overview of the many security features in StorageGRID 11.9, divided into five categories:
-
Data access security features
-
Object and metadata security features
-
Administration security features
-
Platform security features
-
Cloud integration
This paper is intended to be a security datasheet—it does not detail how to configure the system to support the security features enumerated within that are not configured by default. The StorageGRID Hardening Guide is available on the official StorageGRID Documentation page.
In addition to the capabilities described in this report, StorageGRID follows the NetApp Product Security Vulnerability Response and Notification Policy. Reported vulnerabilities are verified and responded to according to the product security incident response process.
NetApp StorageGRID provides advanced security features for highly demanding enterprise object storage use cases.
Where to find additional information
To learn more about the information that is described in this document, review the following documents and/or websites:
-
NetApp StorageGRID: SEC 17a-4(f), FINRA 4511(c) and CFTC 1.31(c)-(d) Compliance Assessment
https://www.netapp.com/media/9041-ar-cohasset-netapp-storagegrid-sec-assessment.pdf -
StorageGRID 11.9 Documentation page
https://docs.netapp.com/us-en/storagegrid-119/ -
StorageGRID Documentation Resources page
https://www.netapp.com/data-storage/storagegrid/documentation/ -
NetApp Product Documentation
https://www.netapp.com/support-and-training/documentation/
Terms and acronyms
This section provides definitions for the terminology used in the document.
| Term or acronym | Definition |
|---|---|
S3 |
Simple Storage Service. |
Client |
An application that can interface with StorageGRID either through the S3 protocol for data access or HTTP protocol for management. |
Tenant admin |
The administrator of the StorageGRID tenant account |
Tenant user |
A user within a StorageGRID tenant account |
TLS |
Transport Layer Security |
ILM |
Information Lifecycle Management |
LAN |
Local Area Network |
Grid administrator |
The administrator of the StorageGRID system |
Grid |
The StorageGRID system |
Bucket |
A container for objects stored in S3 |
LDAP |
Lightweight Directory Access Protocol |
SEC |
Securities and Exchange Commission; regulates exchange members, brokers, or dealers |
FINRA |
Financial Industry Regulatory Authority; defers to the format and media requirements of SEC Rule 17a-4(f) |
CFTC |
Commodity Futures Trading Commissions; regulates commodity futures trading |
NIST |
National Institute of Standards and Technology |