Sign in to my dashboard Create an account
Menu

Encryption: Protecting your data from being stolen

Contents

Share this page

Matt Trudewind Author Photo
Matt Trudewind

As cyberthreats continue to evolve, encryption remains critical for data security. It prevents unauthorized access and data breaches, and it maintains data privacy. But not all encryption solutions are created equal. At NetApp, we take a comprehensive approach to data security—both for data at rest and for data in flight—so you can protect your data from every angle.

Securing data at rest

NetApp provides powerful encryption options right out of the box, with encryption at both the hardware and the software layers so that your data is fully protected from physical theft and unauthorized access. This protection starts at the hardware layer with self-encrypting drives (SEDs) and NetApp® Storage Encryption (NSE). And with FIPS 140-2‒validated drives, NSE maintains compliance with the most stringent security standards.

For even greater flexibility, we also offer software-based encryption, such as NetApp Volume Encryption (NVE) and NetApp Aggregate Encryption (NAE). Both of NVE and NAE are FIPS 140-3 validated, which NetApp was the first enterprise storage provider to receive a validation for. NetApp encryption-at-rest technologies also enable storage efficiencies to be applied, so your encrypted data is stored as effectively as possible.

Protecting data in flight

Encryption isn’t just about securing data at rest—what about when your data is moving across networks? That’s where NetApp really shines. With cluster peering encryption (CPE), all your data that’s replicated by using NetApp SnapMirror®, FlexCache®, or SnapVault® technology is secured with TLS 1.3 encryption. Your data is protected as it moves from the cloud, to on premises, or to anywhere in your hybrid environment.

But replicated data isn’t the only place where malicious actors attempt to launch man-in-the-middle (MITM) attacks to intercept valuable data. Client-to-server data access is also a quite common way for attackers to try to steal your data. NetApp technology protects against such unauthorized access, keeping your data secure.

For file access data, NetApp ONTAP® software supports SMB3 encryption for your SMB workloads. It also supports Kerberos (krb5p) for your NFS workloads, with the newly introduced NFS over TLS (currently in preview) offering a simpler and highly secure option for you to protect your NAS data. And for block/SAN data over IP, IPsec is our go-to solution, keeping end-to-end encryption available for all your sensitive data transmissions. IPsec can also be used for any TCP/IP traffic, with NFS being a common use case.

The bottom line

With NetApp, your data—whether it’s at rest or in motion—remains secure against even the most advanced data exfiltration threats.

Architect resilience with NetApp

To learn more about protecting your data at every layer, check out our cyber-resilience solutions. And to dive deeper into our video series and learn how to architect true cyber resilience, binge-watch the rest of our series playlist.

Matt Trudewind

Matt is a Security Evangelist at NetApp with a focus on ransomware prevention, cyber resiliency, and data-centric portfolio security. With 25 years of IT experience, he specializes in Zero Trust, Data Governance, Encryption, Security Tools, and Best Practices. Matt has held various roles at NetApp, including Product Manager and Technical Marketing Engineer for ONTAP Security. He also has extensive expertise in networking, SMB/CIFS, and Microsoft technologies. Matt's passion lies in driving the latest security features and capabilities to ensure customer success.

View all Posts by Matt Trudewind

Next Steps

Drift chat loading