Data hacks and ransomware are making security and resilience an ever-higher priority for IT professionals. Scrolling through any IT-focused timeline clearly shows how much importance is being placed on thwarting “the bad guys.”
That’s part of why NetApp® IT has launched our storage security program. The program focuses on the security of NetApp ONTAP® storage, the resilience of data if something bad happens, and actively monitoring for threats and breaches. It’s proactive and stops threats before they become a reality.
We’ve already made several improvements, but the storage security program is designed to be iterative. Work will really never stop, as we research and implement new technology and tools for continuous improvement.
Domain authentication configuration
Suspicious client identification
|Data protection||NetApp SnapVault® standards
SnapVault relationship for production volumes
|Automation||Management of user accounts|
|Security monitoring||Enhance and Improve auditing and logging for increased forensics|
|Security and compliance||Detection of infected files
Periodic scanning to discover risks
|Storage data encryption||Protection of data from physical theft|
|Security alerts and review||Share security initiatives and technology|
This is our roadmap of what’s important today and what we will focus on tomorrow. We’re finding ways to use Ansible to automate where we can, and we’re also monitoring to ensure that our configurations are still effective. Security standards are ever evolving, and we must change with them.
We began the storage security program in FY 2020 and have continued adding steps to our roadmap. We’ve completed several parts, including some important improvements that have a significant impact on our security readiness.
We’re using a three-phase deployment to encrypt all at-rest data:
A full audit was completed and unneeded accounts were removed. Additionally, unmanaged accounts were added to our CyberArk password management integration and maintenance was automated to ensure governance compliance.
We’re actively auditing all operations done to a file, including saving, deleting, or modifying. Audit logs are forwarded to a third party for storage, so if there is an event that must be investigated, we have access to historical data. We are able to see what was done to files, how frequently they were accessed, when they were accessed, and by whom.
CIFS/SMB auditing is included in ONTAP, but it must be turned on and integrated into our larger system.
To avoid being trapped by ransomware attacks, we’re securely backing up our data using a solution that includes the SnapVault ONTAP feature and SnapLock® compliance software. This solution creates secure Snapshot™ copies of critical data and makes it impossible to alter data after the solution is executed. Our production data is covered by this solution and can be recovered if something happens.
We’re about two-thirds of the way through our initial roadmap, with several additional improvements planned for FY 2022. Security hardening should always be a perpetual effort.
Faisal Salam is a Senior Storage Engineer in NetApp’s corporate IT team and is a member of the NetApp Customer-1 team, which acts as the first adopter of NetApp solutions and services. Faisal supports software-defined storage solutions for enterprise data management and has more than 10 years of experience.
Brush up on the latest trends and developments in cloud, on premises, and everywhere in between. This is where it all gets real, with a cherry on top.
Explore a wide range of open forums where you can post questions, share answers and just generally get smart on all the NetApp technologies that matter most to you.