At NetApp, providing our customers with simple ways to increase their security is a top priority. Our 25+ years of innovation across our portfolio includes new security features for our ONTAP data management software. This innovation was recently recognized at the most recent Flash Memory Summit in early-August. NetApp, along with Ontrack, a leader in the data recovery and data erasure market, won the award for “Most Innovative Flash Memory Consumer Application” for our latest ONTAP feature called “Secure Purge” and the validation process Ontrack created. To truly understand the importance of this innovation, it’s important to look at it in the context of the world we live in today.
Sanitizing data has become a critical yet complex task. Typically, more than just the targeted data must be wiped - up to and including the entire storage array. The sanitizing process is critical not only for traditional reasons like making sure someone doesn’t recover sensitive company data from physical hardware like disk drives, or cleaning up data spills (sensitive data being stored in the incorrect location), but also due to recent legislation like the EU’s General Data Protection Regulation (GDPR). GDPR Article 17 requires the ability for an individual to request that their personal data is forgotten (a.k.a. sanitized).
The complexity in sanitizing data and recovering from data spillage traditionally comes from the need to securely wipe entire disks or arrays to ensure the data is no longer recoverable. In some situations, this has a side effect of wiping out more than just the targeted data. To avoid this “collateral damage,” you may have to migrate other data off before you can sanitize, which typically takes more time and resources. Enter ONTAP Secure Purge, which allows you to sanitize (shred) a single piece of data without affecting any other data on the storage device.
“This problem becomes significantly harder with an SSD. … [When] running garbage collection and space compaction services on NAND flash media; this work can often leave "phantom" copies of old data lying around even if the host has explicitly overwritten or hole-punched said data. Similar issues don't exist on HDDs (ONTAP always disables drive-side write caching, something that could cause similar issues.”
“I think we've accomplished something pretty incredible with this project. As ONTAP engineers, we are always trying to shave off milliseconds of latencies or seconds of failover outages. The data spillage problem is a very real problem that can cause _days_ of downtime. Significantly reducing this downtime is a big deal for many of security-sensitive customers.”
Now on his 2nd tour at NetApp across 10 years, Matt is a Security Evangelist with a primary focus on ransomware prevention and recovery, cyber resiliency, and data-centric portfolio security. This includes but is not limited to Zero Trust, Data Governance and Privacy Frameworks, Security Tools, and Security Best Practices. Prior to this Matt held the dual role of Product Manager and Technical Marketing Engineer for ONTAP Security driving the latest security features and capabilities into NetApp’s flagship product. He has also held the position of Staff Engineer at NetApp during which he focused on ONTAP product Supportability specifically in the areas of networking and SMB/CIFS. In between NetApp stints Matt worked with a NetApp partner (Eze Castle Integration) for 7 years as pre sales/post sales storage architect focusing on early 7-mode to cDOT migration. He has also focused on Microsoft Windows Active Directory, Exchange, SQL and VMware during his 23 years of IT experience with 17 of those years coming in the storage industry. Prior to NetApp and ECI, Matt worked a contract at Microsoft as a Technical Support Engineer.