Author: Mike Scanlin, Information Assurance Program Manager, NetApp, Inc.
NetApp understands the importance of security. “Trust but verify” is the foundation for NetApp’s position as the #1 provider of data storage and management to the U.S. Federal government. Corporations and agencies in Energy, Financial, Healthcare, and Government sectors trust NetApp because of our longstanding commitment to security certifications and verified security capabilities.
In 2005, NetApp became the first storage provider to achieve Common Criteria certification for its core operating system – Data ONTAP – the storage industry’s #1 branded operating system. The recent certifications of DOT 8.2.1 (7-Mode) and clustered Data ONTAP 8.2.1 reflect NetApp’s continued commitment to the security principles established by the internationally recognised Common Criteria standard (ISO/IEC 15408).
NetApp’s support to the US Department of Defence (DoD) and Defence Information Systems Agency (DISA) led to the development of Unified Capabilities (UC) requirements for a Data Storage Controller (DSC). In 2012, NetApp became the first storage provider to be certified and listed on the UC Approved Products List (APL). In 2014, NetApp again led the way when clustered Data ONTAP became the only scale-up, scale-out, clustered storage operating system on the UC APL.
When customers sought third party verification that NetApp Disk Sanitisation left no residual user data on Hard Disk Drive (HDD) / Solid State Drive (SSD) storage media, NetApp turned to Kroll Ontrack, the global leader in data recovery and 2015 Storage Visions award recipient for Erasure Verification Services (EVS). Kroll Ontrack leveraged its proprietary tools and expertise to validate the Disk Sanitisation feature of NetApp® Data ONTAP® software on a FAS2240 storage controller with internal HDD / SSD storage.
Kroll Ontrack thoroughly searched and analysed both media types looking for remnants of user data on the devices. For HDD, the process was performed via the drive’s standard interface using proprietary software to ensure that no user data was found in user-accessible sectors of the HDD media. SSD analysis required a second level of verification because the information was distributed across random blocks of the memory chip. NAND memory chips were removed and raw data was searched to ensure that no user data was present in either user-accessible sectors or hidden areas of the SSD.
Kroll Ontrack analysis concluded that NetApp’s Disk Sanitisation procedure resulted in:
-No recoverable simulated user data found on any drive analysed in the FAS2240 system
-100 % successful data sanitisation and complete erasure of the data
For organisations with sensitive, confidential, or mission critical IT needs, the unauthorised disclosure of information can have severe and even catastrophic effects on operations, personnel, or other assets. Customers and partners who operate in these environments trust NetApp. The results of Kroll Ontrack analysis verify that this trust is well deserved.